From: Nicki Křížek Date: Mon, 8 Jul 2024 11:51:31 +0000 (+0200) Subject: Update documentation for 9.20.0 X-Git-Tag: v9.20.0~2^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=34898409489155c299ff0c84822a94dbf4869289;p=thirdparty%2Fbind9.git Update documentation for 9.20.0 --- diff --git a/doc/arm/build.inc.rst b/doc/arm/build.inc.rst index f47ca5d651a..6782d7abfe5 100644 --- a/doc/arm/build.inc.rst +++ b/doc/arm/build.inc.rst @@ -55,13 +55,14 @@ Required Libraries To build BIND 9, the following packages must be installed: +- a C11-compliant compiler - ``libcrypto``, ``libssl`` - ``liburcu`` - ``libuv`` - ``perl`` - ``pkg-config`` / ``pkgconfig`` / ``pkgconf`` -BIND 9.19 requires ``libuv`` 1.34.0 or higher, using ``libuv`` >= 1.40.0 +BIND 9.20 requires ``libuv`` 1.34.0 or higher, using ``libuv`` >= 1.40.0 is recommended. Compiling or running with ``libuv`` 1.35.0 or 1.36.0 is not supported, as this could lead to an assertion failure in the UDP receive code. On older systems, an updated ``libuv`` package needs to be @@ -96,7 +97,8 @@ Optional Features To see a full list of configuration options, run ``configure --help``. To improve performance, use of the ``jemalloc`` library -(http://jemalloc.net/) is strongly recommended. +(https://jemalloc.net/) is strongly recommended. Version 4.0.0 or newer is +required when in use. To support :rfc:`DNS over HTTPS (DoH) <8484>`, the server must be linked with ``libnghttp2`` (https://nghttp2.org/). If the library is diff --git a/doc/arm/conf.py b/doc/arm/conf.py index cc0a3e1ffe9..0f716fb0855 100644 --- a/doc/arm/conf.py +++ b/doc/arm/conf.py @@ -132,7 +132,7 @@ def setup(app): # # This file only contains a selection of the most common options. For a full # list see the documentation: -# http://www.sphinx-doc.org/en/master/config +# https://www.sphinx-doc.org/en/master/config # -- Path setup -------------------------------------------------------------- diff --git a/doc/arm/general.rst b/doc/arm/general.rst index 09bcaa9725e..e26a705277e 100644 --- a/doc/arm/general.rst +++ b/doc/arm/general.rst @@ -444,7 +444,7 @@ Notes .. [#rfc4294] Section 5.1 - DNAME records are fully supported. -.. [#rfc7050] RFC 7050 is updated by RFC 8880. +.. [#rfc7050] :rfc:`7050` is updated by :rfc:`8880`. .. [#noencryptedfwd] Forwarding DNS queries over encrypted transports is not supported yet. diff --git a/doc/arm/pkcs11.inc.rst b/doc/arm/pkcs11.inc.rst index 7a586802fb9..1367bfbe5c8 100644 --- a/doc/arm/pkcs11.inc.rst +++ b/doc/arm/pkcs11.inc.rst @@ -270,9 +270,7 @@ You'll need to provide the OpenSSL engine name (``pkcs11``) if using the engine the algorithm (``RSASHA256``). The key is referenced with the PKCS#11 URI scheme and it can contain the PKCS#11 token label (we asume that it has been initialized as bind9), and the PKCS#11 object label (called label when generating the keys using ``pkcs11-tool``) -and the HSM PIN. Refer to `RFC7512`_ for the full PKCS#11 URI specification. - -.. _`RFC7512`: https://www.rfc-editor.org/rfc/rfc7512.html +and the HSM PIN. Refer to :rfc:`7512` for the full PKCS#11 URI specification. Convert the KSK: diff --git a/doc/arm/platforms.inc.rst b/doc/arm/platforms.inc.rst index 4b7a133eecf..c1c9ab511c1 100644 --- a/doc/arm/platforms.inc.rst +++ b/doc/arm/platforms.inc.rst @@ -102,7 +102,7 @@ These are platforms on which current versions of BIND 9 are known *not* to build - Platforms without at least OpenSSL 1.0.2 - Windows - Solaris 10 and older -- Platforms that do not support IPv6 Advanced Socket API (RFC 3542) +- Platforms that do not support IPv6 Advanced Socket API (:rfc:`3542`) - Platforms that do not support atomic operations (via compiler or library) - Linux without NPTL (Native POSIX Thread Library) diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 007eb272fed..517cf83ebb6 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -1242,7 +1242,7 @@ default is used. Logged :any:`dnstap` messages can be parsed using the :iscman:`dnstap-read` utility (see :ref:`man_dnstap-read` for details). - For more information on :any:`dnstap`, see http://dnstap.info. + For more information on :any:`dnstap`, see https://dnstap.info. The fstrm library has a number of tunables that are exposed in :iscman:`named.conf`, and can be modified if necessary to improve @@ -5998,7 +5998,7 @@ The following options can be specified in a :any:`tls` statement: :short: Enables or disables session resumption through TLS session tickets. Enables or disables session resumption through TLS session tickets, - as defined in RFC5077. Disabling the stateless session tickets + as defined in :rfc:`5077`. Disabling the stateless session tickets might be required in the cases when forward secrecy is needed, or the TLS certificate and key pair is planned to be used across multiple BIND instances. @@ -6068,7 +6068,7 @@ good example of when reconfiguration is necessary is when TLS keys and certificates are updated on the disk. BIND supports the following TLS authentication mechanisms described in -the RFC 9103, Section 9.3: Opportunistic TLS, Strict TLS, and Mutual +the :rfc:`9103`, Section 9.3: Opportunistic TLS, Strict TLS, and Mutual TLS. .. _opportunistic-tls: @@ -6076,7 +6076,7 @@ TLS. Opportunistic TLS provides encryption for data but does not provide any authentication for the channel. This mode is the default one and it is used whenever :any:`remote-hostname` and :any:`ca-file` options are not set -in :any:`tls` statements in use. RFC 9103 allows optional fallback to +in :any:`tls` statements in use. :rfc:`9103` allows optional fallback to clear-text DNS in the cases when TLS is not available. Still, BIND intentionally does not support that in order to protect from unexpected data leaks due to misconfiguration. Both BIND and its diff --git a/doc/arm/rpz.inc.rst b/doc/arm/rpz.inc.rst index 18349540a68..500d1539830 100644 --- a/doc/arm/rpz.inc.rst +++ b/doc/arm/rpz.inc.rst @@ -257,7 +257,7 @@ rely on these name servers. Here is an example that achieves this result: The ``*`` at the beginning of these CNAME target names is special, and it causes the original query name to be prepended to the CNAME target. So if a user tries to visit the Conficker command and control domain -http://racaldftn.com.ai/ (which was a valid Conficker command and control +`racaldftn.com.ai` (which was a valid Conficker command and control domain name on 19-October-2011), the RPZ-configured recursive name server will send back this answer: diff --git a/doc/design/qp-trie.md b/doc/design/qp-trie.md index fb0d9e28eb8..7ae64ec01fc 100644 --- a/doc/design/qp-trie.md +++ b/doc/design/qp-trie.md @@ -202,7 +202,7 @@ the packed vector is the popcount of the bits preceding `b`. } See "Hacker's Delight" by Hank Warren, section 5-1 "Counting 1 -bits", subsection "applications". http://www.hackersdelight.org +bits", subsection "applications". https://www.hackersdelight.org See under _"bitmap popcount shenanigans"_ in `lib/dns/qp.c` for how this is implemented in BIND. @@ -214,8 +214,8 @@ popcount for trie nodes Phil Bagwell's hashed array-mapped tries (HAMT) use popcount for compact trie nodes. In a HAMT, string keys are hashed, and the hash is used as the index to the trie, with radix 2^32 or 2^64. -http://infoscience.epfl.ch/record/64394/files/triesearches.pdf -http://infoscience.epfl.ch/record/64398/files/idealhashtrees.pdf +https://infoscience.epfl.ch/record/64394/files/triesearches.pdf +https://infoscience.epfl.ch/record/64398/files/idealhashtrees.pdf As discussed above, increasing the radix makes the tree shallower, so it should be faster. The downside is usually much greater memory diff --git a/doc/dev/dev.md b/doc/dev/dev.md index 7c3d71c91aa..f186a9ed2ea 100644 --- a/doc/dev/dev.md +++ b/doc/dev/dev.md @@ -1231,7 +1231,7 @@ implement a method. Type values range from 0 to 65536. These have been further divided into reserved values, values that have global definition and values that have -local definition as defined in [RFC 6895](http://tools.ietf.org/html/rfc6895). +local definition as defined in [RFC 6895](https://tools.ietf.org/html/rfc6895). Please use an appropriate value. You can use a private value (65280 - 65534) while waiting for a type assignment to be made, then rename the file and update the type values when the assignment has been diff --git a/doc/dev/libuv.md b/doc/dev/libuv.md index 0650889322b..52eb21dafc2 100644 --- a/doc/dev/libuv.md +++ b/doc/dev/libuv.md @@ -18,7 +18,7 @@ This document describes various notes related to the using of the libuv library. ### Queueing Events onto the ``uv_loop_t`` The upstream documentation on [the I/O -loop](http://docs.libuv.org/en/v1.x/design.html#the-i-o-loop) describes the +loop](https://docs.libuv.org/en/v1.x/design.html#the-i-o-loop) describes the order in which are the various handles processed. However, it does not describe the order in which the loop processes the events in the same buckets, and because it is counterintuitive, it is described here. diff --git a/doc/man/conf.py b/doc/man/conf.py index 3fc8d05ad84..1ba2af8b1f2 100644 --- a/doc/man/conf.py +++ b/doc/man/conf.py @@ -16,7 +16,7 @@ # # This file only contains a selection of the most common options. For a full # list see the documentation: -# http://www.sphinx-doc.org/en/master/config +# https://www.sphinx-doc.org/en/master/config # -- Path setup --------------------------------------------------------------