From 3b4098640dd85040270f39b9a5ee5e22de99d3d6 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 6 Jan 2006 01:55:39 +0000 Subject: [PATCH] regen --- bin/check/named-checkzone.8 | 20 ++- bin/check/named-checkzone.html | 30 ++-- bin/dig/nslookup.1 | 6 +- bin/dig/nslookup.html | 18 +-- bin/named/named.conf.5 | 28 +++- bin/named/named.conf.html | 57 +++++--- doc/arm/Bv9ARM.ch01.html | 52 +++---- doc/arm/Bv9ARM.ch02.html | 24 ++-- doc/arm/Bv9ARM.ch03.html | 28 ++-- doc/arm/Bv9ARM.ch04.html | 68 ++++----- doc/arm/Bv9ARM.ch05.html | 8 +- doc/arm/Bv9ARM.ch06.html | 231 +++++++++++++++++++++---------- doc/arm/Bv9ARM.ch07.html | 16 +-- doc/arm/Bv9ARM.ch08.html | 20 +-- doc/arm/Bv9ARM.ch09.html | 20 +-- doc/arm/Bv9ARM.ch10.html | 4 +- doc/arm/Bv9ARM.html | 146 +++++++++---------- doc/arm/man.dig.html | 22 +-- doc/arm/man.dnssec-keygen.html | 16 +-- doc/arm/man.dnssec-signzone.html | 14 +- doc/arm/man.host.html | 12 +- doc/arm/man.named-checkconf.html | 14 +- doc/arm/man.named-checkzone.html | 32 +++-- doc/arm/man.named.html | 18 +-- doc/arm/man.rndc-confgen.html | 14 +- doc/arm/man.rndc.conf.html | 14 +- doc/arm/man.rndc.html | 14 +- doc/misc/options | 20 +++ 28 files changed, 572 insertions(+), 394 deletions(-) diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 53e47c66d1..6d4875a953 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.31 2005/10/13 03:13:56 marka Exp $ +.\" $Id: named-checkzone.8,v 1.32 2006/01/06 01:55:38 marka Exp $ .\" .hy 0 .ad l @@ -30,9 +30,9 @@ named\-checkzone, named\-compilezone \- zone file validity checking or converting tool .SH "SYNOPSIS" .HP 16 -\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .HP 18 -\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} +\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename} .SH "DESCRIPTION" .PP \fBnamed\-checkzone\fR @@ -141,6 +141,13 @@ Specify whether MX records should be checked to see if they are addresses. Possi (default) and \fB"ignore"\fR. .TP +\-M \fImode\fR +Check if a MX record refers to a CNAME. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.TP \-n \fImode\fR Specify whether NS records should be checked to see if they are addresses. Possible modes are \fB"fail"\fR @@ -164,6 +171,13 @@ Specify the style of the dumped zone file. Possible styles are \fBnamed\-checkzone\fR this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text. .TP +\-S \fImode\fR +Check if a SRV record refers to a CNAME. Possible modes are +\fB"fail"\fR, +\fB"warn"\fR +(default) and +\fB"ignore"\fR. +.TP \-t \fIdirectory\fR chroot to \fIdirectory\fR diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index 575a87c8a9..cb8b2b2d8f 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -29,11 +29,11 @@

Synopsis

-

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+

named-checkzone [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-o filename] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -53,7 +53,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -149,6 +149,13 @@ "warn" (default) and "ignore".

+
-M mode
+

+ Check if a MX record refers to a CNAME. + Possible modes are "fail", + "warn" (default) and + "ignore". +

-n mode

Specify whether NS records should be checked to see if they @@ -179,6 +186,13 @@ It also does not have any meaning if the output format is not text.

+
-S mode
+

+ Check if a SRV record refers to a CNAME. + Possible modes are "fail", + "warn" (default) and + "ignore". +

-t directory

chroot to directory so that @@ -219,21 +233,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), RFC 1035, BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index 4fe6153cb5..6041ea39f4 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.7 2005/10/13 03:13:57 marka Exp $ +.\" $Id: nslookup.1,v 1.8 2006/01/06 01:55:38 marka Exp $ .\" .hy 0 .ad l @@ -147,7 +147,7 @@ Change the default TCP/UDP name server port to \fBquerytype=\fR\fIvalue\fR .TP \fBtype=\fR\fIvalue\fR -Change the top of the information query. +Change the type of the information query. .sp (Default = A; abbreviations = q, ty) .TP diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index 1e9b4604b5..2090334337 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -1,5 +1,5 @@ - + @@ -31,7 +31,7 @@

nslookup [-option] [name | -] [server]

-

DESCRIPTION

+

DESCRIPTION

Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows @@ -43,7 +43,7 @@

-

ARGUMENTS

+

ARGUMENTS

Interactive mode is entered in the following cases:

@@ -76,7 +76,7 @@ nslookup -query=hinfo -timeout=10

-

INTERACTIVE COMMANDS

+

INTERACTIVE COMMANDS

host [server]
@@ -231,7 +231,7 @@ nslookup -query=hinfo -timeout=10
type=value

- Change the top of the information query. + Change the type of the information query.

(Default = A; abbreviations = q, ty) @@ -288,19 +288,19 @@ nslookup -query=hinfo -timeout=10

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), host(1), named(8).

-

Author

+

Author

Andrew Cherenson

diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 1cac7ba30c..b0f0ee737a 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.15 2005/10/13 03:13:58 marka Exp $ +.\" $Id: named.conf.5,v 1.16 2006/01/06 01:55:38 marka Exp $ .\" .hy 0 .ad l @@ -69,6 +69,7 @@ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen bogus \fIboolean\fR; edns \fIboolean\fR; edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; provide\-ixfr \fIboolean\fR; request\-ixfr \fIboolean\fR; keys \fIserver_key\fR; @@ -200,7 +201,9 @@ options { check\-names ( master | slave | response ) ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); - integrity\-check \fIboolean\fR; + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); cache\-file \fIquoted_string\fR; suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; @@ -208,13 +211,15 @@ options { ( \fIquoted_string\fR [port \fIinteger\fR] | \fIipv4_address\fR [port \fIinteger\fR] | \fIipv6_address\fR [port \fIinteger\fR] ); ... - } + }; edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; + dnssec\-accept\-expired \fIboolean\fR; empty\-server \fIstring\fR; empty\-contact \fIstring\fR; empty\-zones\-enable \fIboolean\fR; @@ -259,6 +264,8 @@ options { use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; + zero\-no\-soa\-ttl \fIboolean\fR; + zero\-no\-soa\-ttl\-cache \fIboolean\fR; allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete deallocate\-on\-exit \fIboolean\fR; // obsolete fake\-iquery \fIboolean\fR; // obsolete @@ -323,7 +330,9 @@ view \fIstring\fR \fIoptional_class\fR { check\-names ( master | slave | response ) ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); - integrity\-check \fIboolean\fR; + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); cache\-file \fIquoted_string\fR; suppress\-initial\-notify \fIboolean\fR; // not yet implemented preferred\-glue \fIstring\fR; @@ -333,11 +342,13 @@ view \fIstring\fR \fIoptional_class\fR { \fIipv6_address\fR [port \fIinteger\fR] ); ... }; edns\-udp\-size \fIinteger\fR; + max\-udp\-size \fIinteger\fR; root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ]; disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; + dnssec\-accept\-expired \fIboolean\fR; empty\-server \fIstring\fR; empty\-contact \fIstring\fR; empty\-zones\-enable \fIboolean\fR; @@ -382,6 +393,8 @@ view \fIstring\fR \fIoptional_class\fR { use\-alt\-transfer\-source \fIboolean\fR; zone\-statistics \fIboolean\fR; key\-directory \fIquoted_string\fR; + zero\-no\-soa\-ttl \fIboolean\fR; + zero\-no\-soa\-ttl\-cache \fIboolean\fR; allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete fetch\-glue \fIboolean\fR; // obsolete maintain\-ixfr\-base \fIboolean\fR; // obsolete @@ -404,10 +417,13 @@ zone \fIstring\fR \fIoptional_class\fR { delegation\-only \fIboolean\fR; check\-names ( fail | warn | ignore ); check\-mx ( fail | warn | ignore ); - integrity\-check \fIboolean\fR; + check\-integrity \fIboolean\fR; + check\-mx\-cname ( fail | warn | ignore ); + check\-srv\-cname ( fail | warn | ignore ); dialup \fIdialuptype\fR; ixfr\-from\-differences \fIboolean\fR; journal \fIquoted_string\fR; + zero\-no\-soa\-ttl \fIboolean\fR; allow\-query { \fIaddress_match_element\fR; ... }; allow\-transfer { \fIaddress_match_element\fR; ... }; allow\-update { \fIaddress_match_element\fR; ... }; diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 4f4feadae0..bfef54eeb7 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ - + @@ -31,7 +31,7 @@

named.conf

-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed @@ -50,14 +50,14 @@

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -66,7 +66,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
masters | ipv4_address [port integer] |
@@ -75,12 +75,13 @@ masters

-

SERVER

+

SERVER


server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;
edns boolean;
edns-udp-size integer;
+ max-udp-size integer;
provide-ixfr boolean;
request-ixfr boolean;
keys server_key;
@@ -96,7 +97,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ... 
@@ -104,7 +105,7 @@ trusted-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -116,7 +117,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -134,7 +135,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -147,7 +148,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -218,7 +219,9 @@ options check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
- integrity-check boolean;
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
cache-file quoted_string;
suppress-initial-notify boolean; // not yet implemented
preferred-glue string;
@@ -226,13 +229,15 @@ options ( quoted_string [port integer] |
ipv4_address [port integer] |
ipv6_address [port integer] ); ...
- }
+ };
edns-udp-size integer;
+ max-udp-size integer;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
dnssec-lookaside string trust-anchor string;
dnssec-must-be-secure string boolean;
+ dnssec-accept-expired boolean;

empty-server string;
empty-contact string;
@@ -286,6 +291,8 @@ options
zone-statistics boolean;
key-directory quoted_string;
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete
deallocate-on-exit boolean; // obsolete
@@ -303,7 +310,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -357,7 +364,9 @@ view check-names ( master | slave | response )
( fail | warn | ignore );
check-mx ( fail | warn | ignore );
- integrity-check boolean;
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
cache-file quoted_string;
suppress-initial-notify boolean; // not yet implemented
preferred-glue string;
@@ -367,12 +376,13 @@ view ipv6_address [port integer] ); ...
};
edns-udp-size integer;
+ max-udp-size integer;
root-delegation-only [ exclude { quoted_string; ... } ];
disable-algorithms string { string; ... };
dnssec-enable boolean;
dnssec-lookaside string trust-anchor string;
-
dnssec-must-be-secure string boolean;
+ dnssec-accept-expired boolean;

empty-server string;
empty-contact string;
@@ -426,6 +436,8 @@ view
zone-statistics boolean;
key-directory quoted_string;
+ zero-no-soa-ttl boolean;
+ zero-no-soa-ttl-cache boolean;

allow-v6-synthesis { address_match_element; ... }; // obsolete
fetch-glue boolean; // obsolete
@@ -435,7 +447,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint |
@@ -452,10 +464,13 @@ zone delegation-only boolean;
check-names ( fail | warn | ignore );
check-mx ( fail | warn | ignore );
- integrity-check boolean;
+ check-integrity boolean;
+ check-mx-cname ( fail | warn | ignore );
+ check-srv-cname ( fail | warn | ignore );
dialup dialuptype;
ixfr-from-differences boolean;
journal quoted_string;
+ zero-no-soa-ttl boolean;

allow-query { address_match_element; ... };
allow-transfer { address_match_element; ... };
@@ -515,12 +530,12 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

named(8), rndc(8), BIND 9 Administrator Reference Manual. diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index a057b1eb7d..a9b6409408 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -1,5 +1,5 @@ - + @@ -45,17 +45,17 @@

Table of Contents

-
Scope of Document
-
Organization of This Document
-
Conventions Used in This Document
-
The Domain Name System (DNS)
+
Scope of Document
+
Organization of This Document
+
Conventions Used in This Document
+
The Domain Name System (DNS)
-
DNS Fundamentals
-
Domains and Domain Names
-
Zones
-
Authoritative Name Servers
-
Caching Name Servers
-
Name Servers in Multiple Roles
+
DNS Fundamentals
+
Domains and Domain Names
+
Zones
+
Authoritative Name Servers
+
Caching Name Servers
+
Name Servers in Multiple Roles
@@ -71,7 +71,7 @@

-Scope of Document

+Scope of Document

The Berkeley Internet Name Domain (BIND) implements an @@ -87,7 +87,7 @@

-Organization of This Document

+Organization of This Document

In this document, Section 1 introduces the basic DNS and BIND concepts. Section 2 @@ -116,7 +116,7 @@

-Conventions Used in This Document

+Conventions Used in This Document

In this document, we use the following general typographic conventions: @@ -243,7 +243,7 @@

-The Domain Name System (DNS)

+The Domain Name System (DNS)

The purpose of this document is to explain the installation and upkeep of the BIND software @@ -253,7 +253,7 @@

-DNS Fundamentals

+DNS Fundamentals

The Domain Name System (DNS) is a hierarchical, distributed database. It stores information for mapping Internet host names to @@ -273,7 +273,7 @@

-Domains and Domain Names

+Domains and Domain Names

The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, @@ -319,7 +319,7 @@

-Zones

+Zones

To properly operate a name server, it is important to understand the difference between a zone @@ -372,7 +372,7 @@

-Authoritative Name Servers

+Authoritative Name Servers

Each zone is served by at least one authoritative name server, @@ -389,7 +389,7 @@

-The Primary Master

+The Primary Master

The authoritative server where the master copy of the zone data is maintained is called the @@ -409,7 +409,7 @@

-Slave Servers

+Slave Servers

The other authoritative servers, the slave servers (also known as secondary servers) @@ -425,7 +425,7 @@

-Stealth Servers

+Stealth Servers

Usually all of the zone's authoritative servers are listed in NS records in the parent zone. These NS records constitute @@ -460,7 +460,7 @@

-Caching Name Servers

+Caching Name Servers

The resolver libraries provided by most operating systems are stub resolvers, meaning that they are not @@ -487,7 +487,7 @@

-Forwarding

+Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can @@ -514,7 +514,7 @@

-Name Servers in Multiple Roles

+Name Servers in Multiple Roles

The BIND name server can simultaneously act as diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html index 6b2d1108ed..157fd450f3 100644 --- a/doc/arm/Bv9ARM.ch02.html +++ b/doc/arm/Bv9ARM.ch02.html @@ -1,5 +1,5 @@ - + @@ -45,16 +45,16 @@

Table of Contents

-
Hardware requirements
-
CPU Requirements
-
Memory Requirements
-
Name Server Intensive Environment Issues
-
Supported Operating Systems
+
Hardware requirements
+
CPU Requirements
+
Memory Requirements
+
Name Server Intensive Environment Issues
+
Supported Operating Systems

-Hardware requirements

+Hardware requirements

DNS hardware requirements have traditionally been quite modest. @@ -73,7 +73,7 @@

-CPU Requirements

+CPU Requirements

CPU requirements for BIND 9 range from i486-class machines @@ -84,7 +84,7 @@

-Memory Requirements

+Memory Requirements

The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size @@ -107,7 +107,7 @@

-Name Server Intensive Environment Issues

+Name Server Intensive Environment Issues

For name server intensive environments, there are two alternative configurations that may be used. The first is where clients and @@ -124,7 +124,7 @@

-Supported Operating Systems

+Supported Operating Systems

ISC BIND 9 compiles and runs on a large number diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html index 5a488e7035..f3b7eaa3bd 100644 --- a/doc/arm/Bv9ARM.ch03.html +++ b/doc/arm/Bv9ARM.ch03.html @@ -1,5 +1,5 @@ - + @@ -47,14 +47,14 @@

Sample Configurations
-
A Caching-only Name Server
-
An Authoritative-only Name Server
+
A Caching-only Name Server
+
An Authoritative-only Name Server
-
Load Balancing
-
Name Server Operations
+
Load Balancing
+
Name Server Operations
-
Tools for Use With the Name Server Daemon
-
Signals
+
Tools for Use With the Name Server Daemon
+
Signals
@@ -68,7 +68,7 @@ Sample Configurations

-A Caching-only Name Server

+A Caching-only Name Server

The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All @@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {

-An Authoritative-only Name Server

+An Authoritative-only Name Server

This sample configuration is for an authoritative-only server that is the master server for "example.com" @@ -137,7 +137,7 @@ zone "eng.example.com" {

-Load Balancing

+Load Balancing

A primitive form of load balancing can be achieved in the DNS by using multiple A records for @@ -280,10 +280,10 @@ zone "eng.example.com" {

-Name Server Operations

+Name Server Operations

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

This section describes several indispensable diagnostic, administrative and monitoring tools available to the system @@ -741,7 +741,7 @@ controls {

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 0352504084..7667c8a032 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -1,5 +1,5 @@ - + @@ -49,28 +49,28 @@

Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
+
Split DNS
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
@@ -204,7 +204,7 @@

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a @@ -479,7 +479,7 @@ nameserver 172.16.72.4

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -487,7 +487,7 @@ nameserver 172.16.72.4

-Automatic Generation

+Automatic Generation

The following command will generate a 128 bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -512,7 +512,7 @@ nameserver 172.16.72.4

-Manual Generation

+Manual Generation

The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -527,7 +527,7 @@ nameserver 172.16.72.4

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -535,7 +535,7 @@ nameserver 172.16.72.4

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

Imagine host1 and host 2 are @@ -564,7 +564,7 @@ key host1-host2. {

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file @@ -596,7 +596,7 @@ server 10.1.2.3 {

-TSIG Key Based Access Control

+TSIG Key Based Access Control

BIND allows IP addresses and ranges to be specified in ACL @@ -624,7 +624,7 @@ allow-update { key host1-host2. ;};

-Errors

+Errors

The processing of TSIG signed messages can result in several errors. If a signed message is sent to a non-TSIG aware @@ -650,7 +650,7 @@ allow-update { key host1-host2. ;};

-TKEY

+TKEY

TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of @@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};

-SIG(0)

+SIG(0)

BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. @@ -747,7 +747,7 @@ allow-update { key host1-host2. ;};

-Generating Keys

+Generating Keys

The dnssec-keygen program is used to generate keys. @@ -798,7 +798,7 @@ allow-update { key host1-host2. ;};

-Signing the Zone

+Signing the Zone

The dnssec-signzone program is used to @@ -842,7 +842,7 @@ allow-update { key host1-host2. ;};

-Configuring Servers

+Configuring Servers

To enable named to respond appropriately to DNS requests from DNSSEC aware clients @@ -930,7 +930,7 @@ options {

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

BIND 9 fully supports all currently defined forms of IPv6 @@ -969,7 +969,7 @@ options {

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

The IPv6 AAAA record is a parallel to the IPv4 A record, and, unlike the deprecated A6 record, specifies the entire @@ -988,7 +988,7 @@ host 3600 IN AAAA 2001:db8::1

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html index 7db22f0a0e..76a144fa62 100644 --- a/doc/arm/Bv9ARM.ch05.html +++ b/doc/arm/Bv9ARM.ch05.html @@ -1,5 +1,5 @@ - + @@ -45,13 +45,13 @@

Table of Contents

-
The Lightweight Resolver Library
+
The Lightweight Resolver Library
Running a Resolver Daemon

-The Lightweight Resolver Library

+The Lightweight Resolver Library

Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 91d9cc52b9..a3ac86af63 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -1,5 +1,5 @@ - + @@ -48,52 +48,52 @@

Configuration File Elements
Address Match Lists
-
Comment Syntax
+
Comment Syntax
Configuration File Grammar
-
acl Statement Grammar
+
acl Statement Grammar
acl Statement Definition and Usage
-
controls Statement Grammar
+
controls Statement Grammar
controls Statement Definition and Usage
-
include Statement Grammar
-
include Statement Definition and +
include Statement Grammar
+
include Statement Definition and Usage
-
key Statement Grammar
-
key Statement Definition and Usage
-
logging Statement Grammar
-
logging Statement Definition and +
key Statement Grammar
+
key Statement Definition and Usage
+
logging Statement Grammar
+
logging Statement Definition and Usage
-
lwres Statement Grammar
-
lwres Statement Definition and Usage
-
masters Statement Grammar
-
masters Statement Definition and +
lwres Statement Grammar
+
lwres Statement Definition and Usage
+
masters Statement Grammar
+
masters Statement Definition and Usage
-
options Statement Grammar
+
options Statement Grammar
options Statement Definition and Usage
server Statement Grammar
server Statement Definition and Usage
-
trusted-keys Statement Grammar
-
trusted-keys Statement Definition +
trusted-keys Statement Grammar
+
trusted-keys Statement Definition and Usage
view Statement Grammar
-
view Statement Definition and Usage
+
view Statement Definition and Usage
zone Statement Grammar
-
zone Statement Definition and Usage
+
zone Statement Definition and Usage
-
Zone File
+
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
-
Inverse Mapping in IPv4
-
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
Additional File Formats
@@ -428,7 +428,7 @@ Address Match Lists

-Syntax

+Syntax
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -437,7 +437,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -514,7 +514,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -524,7 +524,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -539,7 +539,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -773,7 +773,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name {
     address_match_list
 };
@@ -856,7 +856,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    [ inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys { key_list }; ]
@@ -978,12 +978,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -998,7 +998,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1007,7 +1007,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1050,7 +1050,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -1074,7 +1074,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1108,7 +1108,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1627,7 +1627,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1642,7 +1642,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1693,14 +1693,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] };
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
           lists allow for a common set of masters to be easily used by
@@ -1709,7 +1709,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -1747,6 +1747,7 @@ category notify { null; };
     [ dnssec-enable yes_or_no; ]
     [ dnssec-lookaside domain trust-anchor domain; ]
     [ dnssec-must-be-secure domain yes_or_no; ]
+    [ dnssec-accept-expired yes_or_no; ]
     [ forward ( only | first ); ]
     [ forwarders { [ ip_addr [port ip_port] ; ... ] }; ]
     [ dual-stack-servers [port ip_port] {
@@ -1758,6 +1759,8 @@ category notify { null; };
     [ check-mx ( warn | fail | ignore ); ]
     [ check-wildcard yes_or_no; ]
     [ check-integrity yes_or_no; ]
+    [ check-mx-cname ( warn | fail | ignore ); ]
+    [ check-srv-cname ( warn | fail | ignore ); ]
     [ check-sibling yes_or_no; ]
     [ allow-notify { address_match_list }; ]
     [ allow-query { address_match_list }; ]
@@ -1835,6 +1838,7 @@ category notify { null; };
     [ match-mapped-addresses yes_or_no; ]
     [ preferred-glue ( A | AAAA | NONE ); ]
     [ edns-udp-size number; ]
+    [ max-udp-size number; ]
     [ root-delegation-only [ exclude { namelist } ] ; ]
     [ querylog yes_or_no ; ]
     [ disable-algorithms domain { algorithm; [ algorithm; ] }; ]
@@ -1848,6 +1852,8 @@ category notify { null; };
     [ empty-contact name ; ]
     [ empty-zones-enable yes_or_no ; ]
     [ disable-empty-zone zone_name ; ]
+    [ zero-no-soa-ttl yes_or_no ; ]
+    [ zero-no-soa-ttl-cache yes_or_no ; ]
 };
 

 
@@ -2631,6 +2637,11 @@ options {
                   named behaves as if it does not support DNSSEC.
                   The default is no.
                 

+
dnssec-accept-expired

+

+                  When verifying DNSSEC signatures accept expired signatures.
+                  The default is no.
+                

 
querylog

 

                   Specify whether query logging should be started when named
@@ -2697,16 +2708,39 @@ options {
                   checks use named-checkzone).  The default is
                   yes.
                 

+
check-mx-cname

+

+                  If check-integrity is set then
+                  fail, warn or ignore MX records that refer
+                  to CNAMES.  The default is to warn.
+                

+
check-srv-cname

+

+                  If check-integrity is set then
+                  fail, warn or ignore SRV records that refer
+                  to CNAMES.  The default is to warn.
+                

 
check-sibling

 

                   When performing integrity checks also check that
                   sibling glue exists.  The default is yes.
                 

+
zero-no-soa-ttl

+

+                  When returning authoritative negative responses to
+                  SOA queries set the TTL of the SOA recored returned in
+                  the authority section to zero.  Default yes.
+                

+
zero-no-soa-ttl-cache

+

+                  When caching a negative response to a SOA query
+                  set the TTL to zero.  Default no.
+                

 
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2750,7 +2784,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -2915,7 +2949,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -2995,7 +3029,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
 
 

 

-Query Address

+Query Address

 

             If the server doesn't know the answer to a question, it will
             query other name servers. query-source specifies
@@ -3025,6 +3059,13 @@ query-source-v6 address * port *;
 
 

 
Note

+

+              Solaris 2.5.1 and earlier does not support setting the source
+              address for TCP sockets.
+            

+

+

+
Note

 

               See also transfer-source and
               notify-source.
@@ -3167,7 +3208,8 @@ query-source-v6 address * port *;
                   of the server statement.
                 

 
transfer-source

-
transfer-source
+

+
transfer-source
                   determines which local address will be bound to IPv4
                   TCP connections used to fetch zones transferred
                   inbound by the server.  It also determines the
@@ -3187,7 +3229,15 @@ query-source-v6 address * port *;
                   the view or
                   zone block in the configuration
                   file.
-                

+                

+

+
Note

+

+                    Solaris 2.5.1 and earlier does not support setting the
+                    source address for TCP sockets.
+                  

+

+
 
transfer-source-v6

 

                   The same as transfer-source,
@@ -3227,7 +3277,8 @@ query-source-v6 address * port *;
                   compatibility).
                 

 
notify-source

-
notify-source
+

+
notify-source
                   determines which local source address, and
                   optionally UDP port, will be used to send NOTIFY
                   messages.  This address must appear in the slave
@@ -3240,7 +3291,15 @@ query-source-v6 address * port *;
                   the zone or
                   view block in the configuration
                   file.
-                

+                

+

+
Note

+

+                    Solaris 2.5.1 and earlier does not support setting the
+                    source address for TCP sockets.
+                  

+

+
 
notify-source-v6

 

                   Like notify-source,
@@ -3250,7 +3309,7 @@ query-source-v6 address * port *;
 

 

 

-Bad UDP Port Lists

+Bad UDP Port Lists

 
avoid-v4-udp-ports
             and avoid-v6-udp-ports specify a list
             of IPv4 and IPv6 UDP ports that will not be used as system
@@ -3264,7 +3323,7 @@ query-source-v6 address * port *;
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3324,7 +3383,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3402,7 +3461,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -3795,6 +3854,17 @@ query-source-v6 address * port *;
                   packets and/or block UDP packets that are greater
                   than 512 bytes.
                 

+
max-udp-size

+

+                  Sets the maximum EDNS UDP message size named will
+                  send.  Valid values are 512 to 4096 (values outside
+                  this range will be silently adjusted).  The default
+                  value is 4096.  The usual reason for setting
+                  max-udp-size to a non default value it to get UDP
+                  answers to pass through broken firewalls that
+                  block fragmented packets and/or block UDP packets
+                  that are greater than 512 bytes.
+                

 
masterfile-format

 
masterfile-format specifies
                   the file format of zone files (see
@@ -4242,6 +4312,7 @@ query-source-v6 address * port *;
     [ request-ixfr yes_or_no ; ]
     [ edns yes_or_no ; ]
     [ edns-udp-size number ; ]
+    [ max-udp-size number ; ]
     [ transfers number ; ]
     [ transfer-format ( one-answer | many-answers ) ; ]]
     [ keys { string ; [ string ; [...]] } ; ]
@@ -4337,6 +4408,14 @@ query-source-v6 address * port *;
             advertise globally, for example, when there is a firewall at the
             remote site that is blocking large replies.
           

+

+            The max-udp-size option sets the
+            maximum EDNS UDP message size named will send.  Valid
+            values are 512 to 4096 (values outside this range will
+            be silently adjusted).  This option is useful when you
+            know that there is a firewall that is blocking large
+            replies from named.
+          

 

             The server supports two zone transfer methods. The first, one-answer,
             uses one DNS message per resource record transferred. many-answers packs
@@ -4395,7 +4474,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4404,7 +4483,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4447,7 +4526,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -4614,16 +4693,17 @@ view "external" {
     [ max-retry-time number ; ]
     [ multi-master yes_or_no ; ]
     [ key-directory path_name; ]
+    [ zero-no-soa-ttl yes_or_no ; ]
 
 }];
 

 
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -4832,7 +4912,7 @@ view "external" {
 

 

-Class

+Class

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -4854,7 +4934,7 @@ view "external" {
 
 

 

-Zone Options

+Zone Options

 
journal

 

@@ -4941,6 +5021,11 @@ view "external" {
                     See the description of
                     check-sibling in the section called “Boolean Options”.
                   

+
zero-no-soa-ttl

+

+                    See the description of
+                    zero-no-soa-ttl in the section called “Boolean Options”.
+                  

 
database

 

 

@@ -5298,7 +5383,7 @@ view "external" {
 

 

-Zone File

+Zone File

 

 Types of Resource Records and When to Use Them

@@ -5311,7 +5396,7 @@ view "external" {
           

 

 

-Resource Records

+Resource Records

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -5962,7 +6047,7 @@ view "external" {
 
 

 

-Textual expression of RRs

+Textual expression of RRs

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -6165,7 +6250,7 @@ view "external" {
 
 

 

-Discussion of MX Records

+Discussion of MX Records

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -6423,7 +6508,7 @@ view "external" {
 
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -6484,7 +6569,7 @@ view "external" {
 
 

 

-Other Zone File Directives

+Other Zone File Directives

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -6499,7 +6584,7 @@ view "external" {
           

 

-The $ORIGIN Directive

+The $ORIGIN Directive

               Syntax: $ORIGIN
               domain-name
@@ -6527,7 +6612,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

               Syntax: $INCLUDE
               filename
@@ -6563,7 +6648,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

               Syntax: $TTL
               default-ttl
@@ -6582,7 +6667,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

             Syntax: $GENERATE
             range
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index bf36ddc64c..d514e4d01a 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 
Access Control Lists

-
chroot and setuid

+
chroot and setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -116,7 +116,7 @@ zone "example.com" {
 

 

-chroot and setuid

+chroot and setuid

           On UNIX servers, it is possible to run BIND in a chrooted environment
           (chroot()) by specifying the "-t"
@@ -139,7 +139,7 @@ zone "example.com" {
         

 

-The chroot Environment

+The chroot Environment

             In order for a chroot() environment
             to
@@ -167,7 +167,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 5bfd3596e3..ed875bc895 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers-they aren't date
           related.  A lot of people set them to a number that represents a
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index e3d617c21a..08bfaa8990 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 A Brief History of the DNS and BIND

@@ -145,7 +145,7 @@
 

 

-General DNS Reference Information

+General DNS Reference Information

 

 IPv6 addresses (AAAA)

@@ -232,7 +232,7 @@
           

 

 

-Bibliography

+Bibliography

 
Standards

 
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

@@ -417,11 +417,11 @@
 

 

-Other Documents About BIND

+Other Documents About BIND

 

-Bibliography

+Bibliography
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 0287f13dfc..a62e845d32 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -1,5 +1,5 @@
 
-
+
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index b35936714c..cedea57957 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,5 +1,5 @@
 
-
+
@@ -41,7 +41,7 @@
 

 

 BIND 9 Administrator Reference Manual

-
Copyright © 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

+
Copyright © 2004-2006 Internet Systems Consortium, Inc. ("ISC")

 
Copyright © 2000-2003 Internet Software Consortium.

 

@@ -51,39 +51,39 @@
 

 
1. Introduction

 

-
Scope of Document

-
Organization of This Document

-
Conventions Used in This Document

-
The Domain Name System (DNS)

+
Scope of Document

+
Organization of This Document

+
Conventions Used in This Document

+
The Domain Name System (DNS)

 

-
DNS Fundamentals

-
Domains and Domain Names

-
Zones

-
Authoritative Name Servers

-
Caching Name Servers

-
Name Servers in Multiple Roles

+
DNS Fundamentals

+
Domains and Domain Names

+
Zones

+
Authoritative Name Servers

+
Caching Name Servers

+
Name Servers in Multiple Roles

 

 

 
2. BIND Resource Requirements

 

-
Hardware requirements

-
CPU Requirements

-
Memory Requirements

-
Name Server Intensive Environment Issues

-
Supported Operating Systems

+
Hardware requirements

+
CPU Requirements

+
Memory Requirements

+
Name Server Intensive Environment Issues

+
Supported Operating Systems

 

 
3. Name Server Configuration

 

 
Sample Configurations

 

-
A Caching-only Name Server

-
An Authoritative-only Name Server

+
A Caching-only Name Server

+
An Authoritative-only Name Server

 

-
Load Balancing

-
Name Server Operations

+
Load Balancing

+
Name Server Operations

 

-
Tools for Use With the Name Server Daemon

-
Signals

+
Tools for Use With the Name Server Daemon

+
Signals

 

 

 
4. Advanced DNS Features

@@ -92,33 +92,33 @@
 
Dynamic Update

 
The journal file

 
Incremental Zone Transfers (IXFR)

-
Split DNS

+
Split DNS

 
TSIG

 

-
Generate Shared Keys for Each Pair of Hosts

-
Copying the Shared Secret to Both Machines

-
Informing the Servers of the Key's Existence

-
Instructing the Server to Use the Key

-
TSIG Key Based Access Control

-
Errors

+
Generate Shared Keys for Each Pair of Hosts

+
Copying the Shared Secret to Both Machines

+
Informing the Servers of the Key's Existence

+
Instructing the Server to Use the Key

+
TSIG Key Based Access Control

+
Errors

 

-
TKEY

-
SIG(0)

+
TKEY

+
SIG(0)

 
DNSSEC

 

-
Generating Keys

-
Signing the Zone

-
Configuring Servers

+
Generating Keys

+
Signing the Zone

+
Configuring Servers

 

-
IPv6 Support in BIND 9

+
IPv6 Support in BIND 9

 

-
Address Lookups Using AAAA Records

-
Address to Name Lookups Using Nibble Format

+
Address Lookups Using AAAA Records

+
Address to Name Lookups Using Nibble Format

 

 
5. The BIND 9 Lightweight Resolver

-
The Lightweight Resolver Library

+
The Lightweight Resolver Library

 
Running a Resolver Daemon

 
6. BIND 9 Configuration Reference

@@ -126,83 +126,83 @@
 
Configuration File Elements

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 
Configuration File Grammar

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 
7. BIND 9 Security Considerations

 
Access Control Lists

-
chroot and setuid

+
chroot and setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 
8. Troubleshooting

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 
A. Appendices

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 
I. Manual pages

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index dae4a58333..fecdc81d85 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -1,5 +1,5 @@
 
-
+
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -91,7 +91,7 @@
     

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -137,7 +137,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -236,7 +236,7 @@
     

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -555,7 +555,7 @@
     

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -601,7 +601,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -615,14 +615,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -630,7 +630,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 8c3c7e5975..a025ab6816 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC <TBA\>.  It can also generate keys for use with
@@ -58,7 +58,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -166,7 +166,7 @@
 

 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -212,7 +212,7 @@
     

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -233,7 +233,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535,
@@ -242,7 +242,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index fac80bdff2..4803948c6d 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -1,5 +1,5 @@
 
-
+
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-n nthreads] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -238,7 +238,7 @@
 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated in the dnssec-keygen
@@ -264,14 +264,14 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535.
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 99249a38a2..5a6fcc3609 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -1,5 +1,5 @@
 
-
+
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index bb51784706..0074563924 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-v] [-j] [-t directory] {filename} [-z]

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

-
OPTIONS

+
OPTIONS

 

 
-t directory

 

@@ -88,20 +88,20 @@
 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       BIND 9 Administrator Reference Manual.
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 536ffdfe2b..4aa1f50970 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -1,5 +1,5 @@
 
-
+
@@ -47,11 +47,11 @@
 

 
Synopsis

-
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-checkzone  [-d] [-j] [-q] [-v] [-c class] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-M mode] [-n mode] [-o filename] [-s style] [-S mode] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

+
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -167,6 +167,13 @@
             "warn" (default) and
             "ignore".
           

+
-M mode

+

+	    Check if a MX record refers to a CNAME.
+            Possible modes are "fail",
+            "warn" (default) and
+            "ignore".
+	  

 
-n mode

 

             Specify whether NS records should be checked to see if they
@@ -197,6 +204,13 @@
 	    It also does not have any meaning if the output format
 	    is not text.
 	  

+
-S mode

+

+	    Check if a SRV record refers to a CNAME.
+            Possible modes are "fail",
+            "warn" (default) and
+            "ignore".
+	  

 
-t directory

 

             chroot to directory so that
@@ -237,21 +251,21 @@
 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       RFC 1035,
       BIND 9 Administrator Reference Manual.
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index e961ab8e62..db14f34f61 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -1,5 +1,5 @@
 
-
+
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -198,7 +198,7 @@
 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -219,7 +219,7 @@
     

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -228,7 +228,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -241,7 +241,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -251,7 +251,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 219343d1b9..5cca293151 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -1,5 +1,5 @@
 
-
+
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 6e10ba5507..f28c6bd933 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -1,5 +1,5 @@
 
-
+
@@ -50,7 +50,7 @@
 
rndc.conf 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 6ad1bbf320..88b58509d8 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -1,5 +1,5 @@
 
-
+
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -152,7 +152,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -166,7 +166,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       named(8),
       named.conf(5)
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/misc/options b/doc/misc/options
index 742dd22659..f0499dd371 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -82,11 +82,13 @@ options {
         dual-stack-servers [ port  ] { (  [port
             ] |  [port ] |  [port ] ); ... };
         edns-udp-size ;
+        max-udp-size ;
         root-delegation-only [ exclude { ; ... } ];
         disable-algorithms  { ; ... };
         dnssec-enable ;
         dnssec-lookaside  trust-anchor ;
         dnssec-must-be-secure  ;
+        dnssec-accept-expired ;
         ixfr-from-differences ;
         use-additional-cache ;
         acache-cleaning-interval ;
@@ -97,6 +99,7 @@ options {
         empty-contact ;
         empty-zones-enable ;
         disable-empty-zone ;
+        zero-no-soa-ttl-cache ;
         allow-query { ; ... };
         allow-transfer { ; ... };
         allow-update { ; ... };
@@ -138,7 +141,10 @@ options {
         check-wildcard ;
         check-integrity ;
         check-mx ( fail | warn | ignore );
+        check-mx-cname ( fail | warn | ignore );
+        check-srv-cname ( fail | warn | ignore );
         check-sibling ;
+        zero-no-soa-ttl ;
 };
 
 controls {
@@ -237,7 +243,10 @@ view   {
                 check-wildcard ;
                 check-integrity ;
                 check-mx ( fail | warn | ignore );
+                check-mx-cname ( fail | warn | ignore );
+                check-srv-cname ( fail | warn | ignore );
                 check-sibling ;
+                zero-no-soa-ttl ;
         };
         dlz  {
                 database ;
@@ -252,6 +261,7 @@ view   {
                 keys ;
                 edns ;
                 edns-udp-size ;
+                max-udp-size ;
                 transfer-source (  | * ) [ port (  |
                     * ) ];
                 transfer-source-v6 (  | * ) [ port (
@@ -291,11 +301,13 @@ view   {
         dual-stack-servers [ port  ] { (  [port
             ] |  [port ] |  [port ] ); ... };
         edns-udp-size ;
+        max-udp-size ;
         root-delegation-only [ exclude { ; ... } ];
         disable-algorithms  { ; ... };
         dnssec-enable ;
         dnssec-lookaside  trust-anchor ;
         dnssec-must-be-secure  ;
+        dnssec-accept-expired ;
         ixfr-from-differences ;
         use-additional-cache ;
         acache-cleaning-interval ;
@@ -306,6 +318,7 @@ view   {
         empty-contact ;
         empty-zones-enable ;
         disable-empty-zone ;
+        zero-no-soa-ttl-cache ;
         allow-query { ; ... };
         allow-transfer { ; ... };
         allow-update { ; ... };
@@ -347,7 +360,10 @@ view   {
         check-wildcard ;
         check-integrity ;
         check-mx ( fail | warn | ignore );
+        check-mx-cname ( fail | warn | ignore );
+        check-srv-cname ( fail | warn | ignore );
         check-sibling ;
+        zero-no-soa-ttl ;
         database ;
 };
 
@@ -420,7 +436,10 @@ zone   {
         check-wildcard ;
         check-integrity ;
         check-mx ( fail | warn | ignore );
+        check-mx-cname ( fail | warn | ignore );
+        check-srv-cname ( fail | warn | ignore );
         check-sibling ;
+        zero-no-soa-ttl ;
 };
 
 dlz  {
@@ -437,6 +456,7 @@ server  {
         keys ;
         edns ;
         edns-udp-size ;
+        max-udp-size ;
         transfer-source (  | * ) [ port (  | * ) ];
         transfer-source-v6 (  | * ) [ port (  | * ) ];
 };