$ ./configure --enable-exportlib [other flags] $ make @@ -113,7 +113,7 @@ $ make

-Installation

+Installation

 $ cd lib/export
 $ make install
@@ -135,7 +135,7 @@ $ make install
 
 
 
-Known Defects/Restrictions
+Known Defects/Restrictions
 
 Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ make
 
 
 
-The dns.conf File
+The dns.conf File
 The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -193,14 +193,14 @@ $ make
 
 

 
-Sample Applications
+Sample Applications
 Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   
 
 
-sample: a simple stub resolver utility
+sample: a simple stub resolver utility
 
   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ make
 
 

 
-sample-async: a simple stub resolver, working asynchronously
+sample-async: a simple stub resolver, working asynchronously
 
   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ make
 
 

 
-sample-request: a simple DNS transaction client
+sample-request: a simple DNS transaction client
 
   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ make
 
 

 
-sample-gai: getaddrinfo() and getnameinfo() test code
+sample-gai: getaddrinfo() and getnameinfo() test code
 
   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ make
 
 

 
-sample-update: a simple dynamic update client program
+sample-update: a simple dynamic update client program
 
   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
 
 

 
-nsprobe: domain/name server checker in terms of RFC 4074
+nsprobe: domain/name server checker in terms of RFC 4074

 
   It checks a set
   of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
 
 

 
-Library References
+Library References

 As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
@@ -540,6 +540,6 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
 
 
 
-
BIND 9.9.8-P2 (Extended Support Version)

+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index d508da10460..138de53ec26 100644
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -140,6 +140,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 1ee23c1ec42..f1ef0502330 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -41,7 +41,7 @@
 
 
 BIND 9 Administrator Reference Manual
-BIND Version 9.9.8-P2
+BIND Version 9.9.8-P3
 Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")
 Copyright © 2000-2003 Internet Software Consortium.
 
@@ -234,7 +234,7 @@
 
 A. Release Notes
 
-Release Notes for BIND Version 9.9.8-P2
+Release Notes for BIND Version 9.9.8-P3
 
 Introduction
 Download
@@ -262,13 +262,13 @@
 
 BIND 9 DNS Library Support
 
-Prerequisite
-Compilation
-Installation
-Known Defects/Restrictions
-The dns.conf File
-Sample Applications
-Library References
+Prerequisite
+Compilation
+Installation
+Known Defects/Restrictions
+The dns.conf File
+Sample Applications
+Library References
 
 
 I. Manual pages
@@ -365,6 +365,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 8d011010558..8458045646e 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
 arpaname  {ipaddress ...}
 
 
-DESCRIPTION
+DESCRIPTION
 
       arpaname translates IP addresses (IPv4 and
       IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
     
 
 
-SEE ALSO
+SEE ALSO
 
       BIND 9 Administrator Reference Manual.
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -87,6 +87,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 9dc61897c10..91d62b9df0c 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -50,7 +50,7 @@
 ddns-confgen  [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name  |   -z zone ] [-q] [name]
 
 
-DESCRIPTION
+DESCRIPTION
 ddns-confgen
       generates a key for use by nsupdate
       and named.  It simplifies configuration
@@ -77,7 +77,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -a algorithm
 
@@ -144,7 +144,7 @@
 
 
 
-SEE ALSO
+SEE ALSO
 nsupdate(1),
       named.conf(5),
       named(8),
@@ -152,7 +152,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -176,6 +176,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 72cdd8bc907..224d08bb73f 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
 dig  [global-queryopt...] [query...]
 
 
-DESCRIPTION
+DESCRIPTION
 dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
     
 
 
-SIMPLE USAGE
+SIMPLE USAGE
 
       A typical invocation of dig looks like:
       
@@ -152,7 +152,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -4
 
@@ -280,7 +280,7 @@
 
 
 
-QUERY OPTIONS
+QUERY OPTIONS
 dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -649,7 +649,7 @@
     
 
 
-MULTIPLE QUERIES
+MULTIPLE QUERIES
 
       The BIND 9 implementation of dig 
       supports
@@ -695,7 +695,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
 
 
-IDN SUPPORT
+IDN SUPPORT
 
       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -709,14 +709,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
 
 
-FILES
+FILES
 /etc/resolv.conf
     
 ${HOME}/.digrc
     
 
 
-SEE ALSO
+SEE ALSO
 host(1),
       named(8),
       dnssec-keygen(8),
@@ -724,7 +724,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     
 
 
-BUGS
+BUGS
 
       There are probably too many query options.
     
@@ -747,6 +747,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 2f77ebed375..9d101917101 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
 dnssec-dsfromkey  [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-checkds
       verifies the correctness of Delegation Signer (DS) or DNSSEC
       Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -f file
 
@@ -88,14 +88,14 @@
 
 
 
-SEE ALSO
+SEE ALSO
 dnssec-dsfromkey(8),
       dnssec-keygen(8),
       dnssec-signzone(8),
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -118,6 +118,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index b3209e0167a..ef3d1fc4bb5 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -50,7 +50,7 @@
 dnssec-coverage  [-K directory] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [zone]
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-coverage
       verifies that the DNSSEC keys for a given zone or a set of zones
       have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -f file
 
@@ -168,7 +168,7 @@
 
 
 
-SEE ALSO
+SEE ALSO
 
       dnssec-checkds(8),
       dnssec-dsfromkey(8),
@@ -177,7 +177,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -201,6 +201,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index fac09833c76..93bef84ca7c 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -52,14 +52,14 @@
 dnssec-dsfromkey  [-h] [-V]
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-dsfromkey
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     
 
 
-OPTIONS
+OPTIONS
 
 -1
 
@@ -150,7 +150,7 @@
 
 
 
-EXAMPLE
+EXAMPLE
 
       To build the SHA-256 DS RR from the
       Kexample.com.+003+26160
@@ -165,7 +165,7 @@
     
 
 
-FILES
+FILES
 
       The keyfile can be designed by the key identification
       Knnnn.+aaa+iiiii or the full file name
@@ -179,13 +179,13 @@
     
 
 
-CAVEAT
+CAVEAT
 
       A keyfile error can give a "file not found" even if the file exists.
     
 
 
-SEE ALSO
+SEE ALSO
 dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -195,7 +195,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -219,6 +219,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index f339586eebc..e77fb8778c1 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -50,7 +50,7 @@
 dnssec-keyfromlabel  {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-V] [-y] {name}
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-keyfromlabel
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -a algorithm
 
@@ -209,7 +209,7 @@
 
 
 
-TIMING OPTIONS
+TIMING OPTIONS
 
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -281,7 +281,7 @@
 
 
 
-GENERATED KEY FILES
+GENERATED KEY FILES
 
       When dnssec-keyfromlabel completes
       successfully,
@@ -320,7 +320,7 @@
     
 
 
-SEE ALSO
+SEE ALSO
 dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -328,7 +328,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -352,6 +352,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 29974c056ec..e7ea631ad84 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
 dnssec-keygen  [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-V] [-z] {name}
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -a algorithm
 
@@ -280,7 +280,7 @@
 
 
 
-TIMING OPTIONS
+TIMING OPTIONS
 
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -354,7 +354,7 @@
 
 
 
-GENERATED KEYS
+GENERATED KEYS
 
       When dnssec-keygen completes
       successfully,
@@ -400,7 +400,7 @@
     
 
 
-EXAMPLE
+EXAMPLE
 
       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -421,7 +421,7 @@
     
 
 
-SEE ALSO
+SEE ALSO
 dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2539,
@@ -430,7 +430,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -454,6 +454,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index b895142bd2c..79af77b319c 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -50,7 +50,7 @@
 dnssec-revoke  [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-revoke
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -h
 
@@ -100,14 +100,14 @@
 
 
 
-SEE ALSO
+SEE ALSO
 dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 5011.
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -131,6 +131,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 2a7aa9d0d32..f06406c15d3 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -50,7 +50,7 @@
 dnssec-settime  [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-V] [-v level] [-E engine] {keyfile}
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-settime
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the -P, -A,
@@ -76,7 +76,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -f
 
@@ -124,7 +124,7 @@
 
 
 
-TIMING OPTIONS
+TIMING OPTIONS
 
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -203,7 +203,7 @@
 
 
 
-PRINTING OPTIONS
+PRINTING OPTIONS
 
       dnssec-settime can also be used to print the
       timing metadata associated with a key.
@@ -229,7 +229,7 @@
 
 
 
-SEE ALSO
+SEE ALSO
 dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -237,7 +237,7 @@
     
 
 
-AUTHOR
+AUTHOR
 Internet Systems Consortium
     
 
@@ -261,6 +261,6 @@
 
 
 
-BIND 9.9.8-P2 (Extended Support Version)
+BIND 9.9.8-P3 (Extended Support Version)
 
 
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index a9100490914..984ef97d16e 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -50,7 +50,7 @@
 dnssec-signzone  [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-V] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
 
 
-DESCRIPTION
+DESCRIPTION
 dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     
 
 
-OPTIONS
+OPTIONS
 
 -a
 
@@ -483,7 +483,7 @@
 
 
 
-EXAMPLE
+EXAMPLE
 
       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -513,14 +513,14 @@ db.example.com.signed
 %

-SEE ALSO +SEE ALSO dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 4033, RFC 4641. -AUTHOR +AUTHOR Internet Systems Consortium @@ -544,6 +544,6 @@ db.example.com.signed -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 39f05e2d985..390f02c9557 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -50,7 +50,7 @@ dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-V] [-x] [-z] {zonefile} -DESCRIPTION +DESCRIPTION dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -58,7 +58,7 @@ -OPTIONS +OPTIONS -c class @@ -124,7 +124,7 @@ -SEE ALSO +SEE ALSO dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -132,7 +132,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -156,6 +156,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 242d37c746e..ab339e009a0 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -50,7 +50,7 @@ genrandom [-n number] {size} {filename} -DESCRIPTION +DESCRIPTION genrandom generates a file or a set of files containing a specified quantity @@ -59,7 +59,7 @@ -ARGUMENTS +ARGUMENTS -n number @@ -77,14 +77,14 @@ -SEE ALSO +SEE ALSO rand(3), arc4random(3) -AUTHOR +AUTHOR Internet Systems Consortium @@ -108,6 +108,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index d0b2e66b73c..dddc0c9787c 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -50,7 +50,7 @@ host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] [-v] [-V] {name} [server] -DESCRIPTION +DESCRIPTION host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -206,7 +206,7 @@ -IDN SUPPORT +IDN SUPPORT If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -220,12 +220,12 @@ -FILES +FILES /etc/resolv.conf -SEE ALSO +SEE ALSO dig(1), named(8). @@ -249,6 +249,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 071ae1f66e0..fa6d2c575ce 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -50,7 +50,7 @@ isc-hmac-fixup {algorithm} {secret} -DESCRIPTION +DESCRIPTION Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@ -SECURITY CONSIDERATIONS +SECURITY CONSIDERATIONS Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@ -SEE ALSO +SEE ALSO BIND 9 Administrator Reference Manual, RFC 2104. -AUTHOR +AUTHOR Internet Systems Consortium @@ -118,6 +118,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index d0354bc5215..913b1d2c9d5 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -50,7 +50,7 @@ named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z] -DESCRIPTION +DESCRIPTION named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -70,7 +70,7 @@ -OPTIONS +OPTIONS -h @@ -119,21 +119,21 @@ -RETURN VALUES +RETURN VALUES named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise. -SEE ALSO +SEE ALSO named(8), named-checkzone(8), BIND 9 Administrator Reference Manual. -AUTHOR +AUTHOR Internet Systems Consortium @@ -157,6 +157,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 5ebdb0d9db8..c75b910ba59 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -51,7 +51,7 @@ named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename} -DESCRIPTION +DESCRIPTION named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -71,7 +71,7 @@ -OPTIONS +OPTIONS -d @@ -288,14 +288,14 @@ -RETURN VALUES +RETURN VALUES named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise. -SEE ALSO +SEE ALSO named(8), named-checkconf(8), RFC 1035, @@ -303,7 +303,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -327,6 +327,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 85c10557355..1fbd2ac6102 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -50,7 +50,7 @@ named-journalprint {journal} -DESCRIPTION +DESCRIPTION named-journalprint prints the contents of a zone journal file in a human-readable @@ -76,7 +76,7 @@ -SEE ALSO +SEE ALSO named(8), nsupdate(8), @@ -84,7 +84,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -108,6 +108,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index db02488e8b8..dfada75ca71 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -50,7 +50,7 @@ named [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-M option] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file] -DESCRIPTION +DESCRIPTION named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -65,7 +65,7 @@ -OPTIONS +OPTIONS -4 @@ -266,7 +266,7 @@ -SIGNALS +SIGNALS In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -287,7 +287,7 @@ -CONFIGURATION +CONFIGURATION The named configuration file is too complex to describe in detail here. A complete description is provided @@ -304,7 +304,7 @@ -FILES +FILES /etc/named.conf @@ -317,7 +317,7 @@ -SEE ALSO +SEE ALSO RFC 1033, RFC 1034, RFC 1035, @@ -330,7 +330,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -354,6 +354,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index 476a096e3a7..c7b2478704e 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -48,7 +48,7 @@ nsec3hash {salt} {algorithm} {iterations} {domain} -DESCRIPTION +DESCRIPTION nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@ -ARGUMENTS +ARGUMENTS salt @@ -80,14 +80,14 @@ -SEE ALSO +SEE ALSO BIND 9 Administrator Reference Manual, RFC 5155. -AUTHOR +AUTHOR Internet Systems Consortium @@ -109,6 +109,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index f7b68cc26b9..d4bad65c51d 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -50,7 +50,7 @@ nsupdate [-d] [-D] [-L level] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-V] [filename] -DESCRIPTION +DESCRIPTION nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -108,7 +108,7 @@ -OPTIONS +OPTIONS -d @@ -218,7 +218,7 @@ -INPUT FORMAT +INPUT FORMAT nsupdate reads input from filename @@ -520,7 +520,7 @@ -EXAMPLES +EXAMPLES The examples below show how nsupdate @@ -574,7 +574,7 @@ -FILES +FILES /etc/resolv.conf @@ -597,7 +597,7 @@ -SEE ALSO +SEE ALSO RFC 2136, RFC 3007, @@ -612,7 +612,7 @@ -BUGS +BUGS The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library @@ -640,6 +640,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 0ae4afcbbfd..cc03975d25d 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -50,7 +50,7 @@ rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user] -DESCRIPTION +DESCRIPTION rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@ -OPTIONS +OPTIONS -a @@ -173,7 +173,7 @@ -EXAMPLES +EXAMPLES To allow rndc to be used with no manual configuration, run @@ -190,7 +190,7 @@ -SEE ALSO +SEE ALSO rndc(8), rndc.conf(5), named(8), @@ -198,7 +198,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -222,6 +222,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 238c102fe6e..20d2894a4e2 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -50,7 +50,7 @@ rndc.conf -DESCRIPTION +DESCRIPTION rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -135,7 +135,7 @@ -EXAMPLE +EXAMPLE options { default-server localhost; @@ -209,7 +209,7 @@ -NAME SERVER CONFIGURATION +NAME SERVER CONFIGURATION The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -219,7 +219,7 @@ -SEE ALSO +SEE ALSO rndc(8), rndc-confgen(8), mmencode(1), @@ -227,7 +227,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -251,6 +251,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index a2e7f03f61a..3145b8f156d 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -50,7 +50,7 @@ rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command} -DESCRIPTION +DESCRIPTION rndc controls the operation of a name server. It supersedes the ndc utility @@ -79,7 +79,7 @@ -OPTIONS +OPTIONS -b source-address @@ -145,7 +145,7 @@ -COMMANDS +COMMANDS A list of commands supported by rndc can be seen by running rndc without arguments. @@ -543,7 +543,7 @@ -LIMITATIONS +LIMITATIONS There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -553,7 +553,7 @@ -SEE ALSO +SEE ALSO rndc.conf(5), rndc-confgen(8), named(8), @@ -563,7 +563,7 @@ -AUTHOR +AUTHOR Internet Systems Consortium @@ -587,6 +587,6 @@ -BIND 9.9.8-P2 (Extended Support Version) +BIND 9.9.8-P3 (Extended Support Version) diff --git a/doc/arm/notes.html b/doc/arm/notes.html index fe1f686b834..977569f60ac 100644 --- a/doc/arm/notes.html +++ b/doc/arm/notes.html @@ -21,13 +21,16 @@ -Release Notes for BIND Version 9.9.8-P2 +Release Notes for BIND Version 9.9.8-P3 Introduction This document summarizes changes since BIND 9.9.8: + + BIND 9.9.8-P3 addresses the security issue described in CVE-2015-8704. + BIND 9.9.8-P2 addresses security issues described in CVE-2015-3193 (OpenSSL), CVE-2015-8000 and CVE-2015-8461. @@ -52,13 +55,13 @@ Security Fixes - Named is potentially vulnerable to the OpenSSL vulnerabilty - described in CVE-2015-3193. + Specific APL data could trigger an INSIST. This flaw + was discovered by Brian Mitchell and is disclosed in + CVE-2015-8704. [RT #41396] - Incorrect reference counting could result in an INSIST - failure if a socket error occurred while performing a - lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] + Named is potentially vulnerable to the OpenSSL vulnerabilty + described in CVE-2015-3193. Insufficient testing when parsing a message allowed @@ -67,6 +70,11 @@ were subsequently cached. This flaw is disclosed in CVE-2015-8000. [RT #40987] + + Incorrect reference counting could result in an INSIST + failure if a socket error occurred while performing a + lookup. This flaw is disclosed in CVE-2015-8461. [RT#40945] +