diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 91ef76ec15..edf896a37d 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -491,7 +491,7 @@ The length of time for which a record may be retained in - in the cache of a caching name server is controlled by the + the cache of a caching name server is controlled by the Time To Live (TTL) field associated with each resource record. @@ -1155,7 +1155,7 @@ zone "eng.example.com" { Suspend updates to a dynamic zone. If no zone is - specified + specified, then all zones are suspended. This allows manual edits to be made to a zone normally updated by dynamic update. It @@ -1177,7 +1177,7 @@ zone "eng.example.com" { Enable updates to a frozen dynamic zone. If no zone is - specified then all frozen zones are enabled. This + specified, then all frozen zones are enabled. This causes the server to reload the zone from disk, and re-enables dynamic updates @@ -1246,10 +1246,10 @@ zone "eng.example.com" { view ... - Dump the server's caches (default) and / or zones to + Dump the server's caches (default) and/or zones to the dump file for the specified views. If no view is - specified all + specified, all views are dumped. @@ -1335,9 +1335,9 @@ zone "eng.example.com" { Display status of the server. - Note the number of zones includes the internal bind/CH zone + Note that the number of zones includes the internal bind/CH zone and the default ./IN - hint zone if there is not a + hint zone if there is not an explicit root zone configured. @@ -1420,7 +1420,7 @@ zone "eng.example.com" { - The key statement defines an + The key statement defines a key to be used by rndc when authenticating with @@ -1672,7 +1672,7 @@ controls { The zone files of dynamic zones cannot normally be edited by hand because they are not guaranteed to contain the most recent - dynamic changes - those are only in the journal file. + dynamic changes — those are only in the journal file. The only way to ensure that the zone file of a dynamic zone is up to date is to run rndc stop. @@ -1855,7 +1855,7 @@ controls { Look up any hostnames on the Internet. - Exchange mail with internal AND external people. + Exchange mail with both internal and external people. @@ -2028,11 +2028,11 @@ nameserver 172.16.72.4 Automatic Generation - The following command will generate a 128 bit (16 byte) HMAC-MD5 + The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys are easier to read. Note that the maximum key length is 512 bits; - keys longer than that will be digested with MD5 to produce a 128 - bit key. + keys longer than that will be digested with MD5 to produce a + 128-bit key. dnssec-keygen -a hmac-md5 -b 128 -n HOST host1-host2. @@ -2320,7 +2320,7 @@ allow-update { key host1-host2. ;}; - The following command will generate a 768 bit RSASHA1 key for + The following command will generate a 768-bit RSASHA1 key for the child.example zone: @@ -2373,7 +2373,7 @@ allow-update { key host1-host2. ;}; records for the zone, as well as DS for the child zones if '-d' is specified. - If '-d' is not specified then + If '-d' is not specified, then DS RRsets for the secure child zones need to be added manually. @@ -2413,7 +2413,7 @@ allow-update { key host1-host2. ;}; To enable named to respond appropriately - to DNS requests from DNSSEC aware clients + to DNS requests from DNSSEC aware clients, dnssec-enable must be set to yes. @@ -2469,7 +2469,7 @@ trusted-keys { iA21AfUVe7u99WzTLzY3qlxDhxYQQ20FQ97S+LKUTpQcq27R7AT3/V5hRQxScI Nqwcz4jYqZD2fQdgxbcDTClU0CRBdiieyLMNzXG3"; -/* Key for out organizations forward zone */ +/* Key for our organization's forward zone */ example.com. 257 3 5 "AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1ZaARmPhEZZe 3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUptwgjGwhUS1558Hb4JKUbb OTcM8pwXlj0EiX3oDFVmjHO444gLkBO UKUf/mC7HvfwYH/Be22GnC @@ -2738,7 +2738,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. A named list of one or more ip_addr - with optional key_id and / or + with optional key_id and/or ip_port. A masters_list may include other masters_lists. @@ -2843,7 +2843,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. through 65535, with values below 1024 typically restricted to use by processes running as root. - In some cases an asterisk (`*') character can be used as a + In some cases, an asterisk (`*') character can be used as a placeholder to select a random high-numbered port. @@ -2905,7 +2905,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. - A non-negative 32 bit integer + A non-negative 32-bit integer (i.e., a number between 0 and 4294967295, inclusive). Its acceptable value might further be limited by the context in which it is used. @@ -3564,9 +3564,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. named is running as) can access it. If you desire greater flexibility in allowing other users to access - rndc commands then you need to create - an - rndc.conf and make it group + rndc commands, then you need to create + a + rndc.conf file and make it group readable by a group that contains the users who should have access. @@ -3759,9 +3759,9 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. option, then named will retain that many backup versions of the file by - renaming them when opening. For example, if you choose to keep 3 - old versions - of the file lamers.log then just + renaming them when opening. For example, if you choose to keep + three old versions + of the file lamers.log, then just before it is opened lamers.log.1 is renamed to lamers.log.2, lamers.log.0 is renamed @@ -4195,7 +4195,7 @@ category notify { null; }; The query log entry reports the client's IP address and - port number. The + port number, and the query name, class and type. It also reports whether the Recursion Desired flag was set (+ if set, - if not set), EDNS was in use @@ -4710,7 +4710,7 @@ digits" + "tkey-domain". In most cases, preferred-glue - If specified the listed type (A or AAAA) will be emitted + If specified, the listed type (A or AAAA) will be emitted before other glue in the additional section of a query response. The default is not to preference any type (NONE). @@ -4727,7 +4727,7 @@ digits" + "tkey-domain". In most cases, exclude list. - Note some TLDs are NOT delegation only (e.g. "DE", "LV", "US" + Note some TLDs are not delegation only (e.g. "DE", "LV", "US" and "MUSEUM"). @@ -4757,7 +4757,7 @@ options { dnssec-lookaside - When set dnssec-lookaside + When set, dnssec-lookaside provides the validator with an alternate method to validate DNSKEY records at the @@ -4780,12 +4780,12 @@ options { dnssec-must-be-secure - Specify hierarchies which must / may not be secure (signed and + Specify hierarchies which must be or may not be secure (signed and validated). - If yes then named will only accept + If yes, then named will only accept answers if they are secure. - If no then normal dnssec validation + If no, then normal dnssec validation applies allowing for insecure answers to be accepted. The specified domain must be under a trusted-key or @@ -4837,7 +4837,7 @@ options { If yes, then the server treats all zones as if they are doing zone transfers across - a dial on demand dialup link, which can be brought up by + a dial-on-demand dialup link, which can be brought up by traffic originating from this server. This has different effects according @@ -4856,7 +4856,7 @@ options { option. - If the zone is a master zone then the server will send out a + If the zone is a master zone, then the server will send out a NOTIFY request to all the slaves (default). This should trigger the zone serial @@ -5434,7 +5434,7 @@ options { ixfr-from-differences - When 'yes' and the server loads a new version of a master + When yes and the server loads a new version of a master zone from its zone file or receives a new version of a slave file by a non-incremental zone transfer, it will compare the new version to the previous one and calculate a set @@ -5471,7 +5471,7 @@ options { This should be set when you have multiple masters for a zone and the - addresses refer to different machines. If 'yes' named will + addresses refer to different machines. If yes, named will not log when the serial number on the master is less than what named currently @@ -5484,7 +5484,7 @@ options { dnssec-enable - Enable DNSSEC support in named. Unless set to yes + Enable DNSSEC support in named. Unless set to yes, named behaves as if it does not support DNSSEC. The default is yes. @@ -5507,7 +5507,7 @@ options { dnssec-accept-expired - When verifying DNSSEC signatures accept expired signatures. + Accept expired signatures when verifying DNSSEC signatures. The default is no. @@ -5518,8 +5518,8 @@ options { Specify whether query logging should be started when named - start. - If querylog is not specified + starts. + If querylog is not specified, then the query logging is determined by the presence of the logging category queries. @@ -5539,11 +5539,11 @@ options { master zones the default is fail. For slave zones the default is warn. - For answer received from the network (response) + For answers received from the network (response) the default is ignore. - The rules for legal hostnames or mail domains are derived + The rules for legal hostnames and mail domains are derived from RFC 952 and RFC 821 as modified by RFC 1123. check-names @@ -5628,7 +5628,7 @@ options { check-sibling - When performing integrity checks also check that + When performing integrity checks, also check that sibling glue exists. The default is yes. @@ -5707,8 +5707,8 @@ options { This option is only meaningful if the forwarders list is not empty. A value of first, the default, causes the server to query the forwarders - first, and - if that doesn't answer the question the server will then + first — and + if that doesn't answer the question, the server will then look for the answer itself. If only is specified, the @@ -5756,11 +5756,11 @@ options { Specifies host names or addresses of machines with access to - both IPv4 and IPv6 transports. If a hostname is used the + both IPv4 and IPv6 transports. If a hostname is used, the server must be able to resolve the name using only the transport it has. If the machine is dual - stacked then the dual-stack-servers have no effect unless + stacked, then the dual-stack-servers have no effect unless access to a transport has been disabled on the command line (e.g. named -4). @@ -6044,14 +6044,14 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; }; query other name servers. query-source specifies the address and port used for such queries. For queries sent over IPv6, there is a separate query-source-v6 option. - If address is * or is omitted, + If address is * (asterisk) or is omitted, a wildcard IP address (INADDR_ANY) will be used. If port is * or is omitted, - a random unprivileged port will be used, avoid-v4-udp-ports - and avoid-v6-udp-ports can be used + a random unprivileged port will be used. The avoid-v4-udp-ports + and avoid-v6-udp-ports options can be used to prevent named - from selecting certain ports. The defaults are + from selecting certain ports. The defaults are: query-source address * port *; @@ -6328,7 +6328,7 @@ query-source-v6 address * port *; If you do not wish the alternate transfer source - to be used you should set + to be used, you should set use-alt-transfer-source appropriately and you should not depend upon getting a answer back to the first refresh @@ -6542,7 +6542,7 @@ query-source-v6 address * port *; host-statistics-max - In BIND 8, specifies the maximum number of host statistic + In BIND 8, specifies the maximum number of host statistics entries to be kept. Not implemented in BIND 9. @@ -6630,7 +6630,7 @@ query-source-v6 address * port *; from the cache every cleaning-interval minutes. The default is 60 minutes. The maximum value is 28 days (40320 minutes). - If set to 0, no periodic cleaning will occur. + If set to 0, no periodic cleaning will occur. @@ -6756,7 +6756,7 @@ query-source-v6 address * port *; other addresses. However, not all resolvers can do this or are correctly configured. - When a client is using a local server the sorting can be performed + When a client is using a local server, the sorting can be performed in the server, based on the client's address. This only requires configuring the name servers, not all the clients. @@ -6875,7 +6875,7 @@ query-source-v6 address * port *; If no class is specified, the default is ANY. If no type is specified, the default is ANY. - If no name is specified, the default is "*". + If no name is specified, the default is "*" (asterisk). The legal values for ordering are: @@ -6963,8 +6963,8 @@ query-source-v6 address * port *; Sets the number of seconds to cache a lame server indication. 0 disables caching. (This is NOT recommended.) - Default is 600 (10 minutes). - Maximum value is + The default is 600 (10 minutes) and the + maximum value is 1800 (30 minutes). @@ -6975,7 +6975,7 @@ query-source-v6 address * port *; max-ncache-ttl - To reduce network traffic and increase performance + To reduce network traffic and increase performance, the server stores negative answers. max-ncache-ttl is used to set a maximum retention time for these answers in the server @@ -7005,7 +7005,7 @@ query-source-v6 address * port *; The minimum number of root servers that is required for a request for the root servers to be - accepted. Default + accepted. The default is 2. @@ -7065,11 +7065,11 @@ query-source-v6 address * port *; edns-udp-size - Sets the advertised EDNS UDP buffer size. Valid + Sets the advertised EDNS UDP buffer size in bytes. Valid values are 512 to 4096 (values outside this range will be silently adjusted). The default value is 4096. The usual reason for setting edns-udp-size to - a non default value it to get UDP answers to pass + a non-default value it to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes. @@ -7082,10 +7082,10 @@ query-source-v6 address * port *; Sets the maximum EDNS UDP message size named will - send. Valid values are 512 to 4096 (values outside + send in bytes. Valid values are 512 to 4096 (values outside this range will be silently adjusted). The default value is 4096. The usual reason for setting - max-udp-size to a non default value it to get UDP + max-udp-size to a non-default value is to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes. @@ -7102,7 +7102,7 @@ query-source-v6 address * port *; The default value is text, which is the standard textual representation. Files in other formats than text are typically expected - to be generated by the named-compilezone. + to be generated by the named-compilezone tool. Note that when a zone file in a different format than text is loaded, named may omit some of the checks which would be performed for a @@ -7138,20 +7138,20 @@ query-source-v6 address * port *; This value should reflect how many queries come in for a given name in the time it takes to resolve that name. - If the number of queries exceed this value named will + If the number of queries exceed this value, named will assume that it is dealing with a non-responsive zone and will drop additional queries. If it gets a response - after dropping queries it will raise the estimate. The + after dropping queries, it will raise the estimate. The estimate will then be lowered in 20 minutes if it has remained unchanged. - If clients-per-query is set to zero + If clients-per-query is set to zero, then there is no limit on the number of clients per query and no queries will be dropped. - If max-clients-per-query is set to zero + If max-clients-per-query is set to zero, then there is no upper bound other than imposed by recursive-clients. @@ -7297,13 +7297,13 @@ query-source-v6 address * port *; views of class IN. Disabled empty zones are only inherited from options if there are no disabled empty zones specified at the view level. To override the options list of disabled - zones you can disable the root zone at the view level, for example: + zones, you can disable the root zone at the view level, for example: disable-empty-zone "."; - If you are using the address ranges covered here you should + If you are using the address ranges covered here, you should already have reverse zones covering the addresses you use. In practice this appears to not be the case with many queries being made to the infrustructure servers for names in these @@ -7314,7 +7314,7 @@ query-source-v6 address * port *; The real parent servers for these zones should disable all empty zone under the parent zone they serve. For the real - root servers this is all built in empty zones. This will + root servers, this is all built in empty zones. This will enable them to return referrals to deeper in the tree. @@ -7323,7 +7323,7 @@ query-source-v6 address * port *; Specify what server name will appear in the returned - SOA record for empty zones. If none is specified then + SOA record for empty zones. If none is specified, then the zone's name will be used. @@ -7334,7 +7334,7 @@ query-source-v6 address * port *; Specify what contact name will appear in the returned - SOA record for empty zones. If none is specified then + SOA record for empty zones. If none is specified, then "." will be used. @@ -7344,7 +7344,7 @@ query-source-v6 address * port *; empty-zones-enable - Enable / disable all empty zones. By default they + Enable or disable all empty zones. By default they are enabled. @@ -7354,7 +7354,7 @@ query-source-v6 address * port *; disable-empty-zone - Disable a indiviual empty zones. By default none are + Disable individual empty zones. By default none are disabled. This option can be specified multiple times. @@ -7581,7 +7581,7 @@ query-source-v6 address * port *; based algorithm, every acache-cleaning-interval minutes. The default is 60 minutes. - If set to 0, no periodic cleaning will occur. + If set to 0, no periodic cleaning will occur. @@ -7590,11 +7590,10 @@ query-source-v6 address * port *; max-acache-size - The maximum amount of memory to use for the server's acache, - in bytes. + The maximum amount of memory in bytes to use for the server's acache. When the amount of data in the acache reaches this limit, the server - will clean more aggressivly so that the limit is not + will clean more aggressively so that the limit is not exceeded. In a server with multiple views, the limit applies separately to the @@ -7645,7 +7644,7 @@ query-source-v6 address * port *; The server statement defines characteristics to be associated with a remote name server. If a prefix length is - specified then a range of servers is covered. Only the most + specified, then a range of servers is covered. Only the most specific server clause applies regardless of the order in named.conf. @@ -7724,7 +7723,7 @@ query-source-v6 address * port *; The edns-udp-size option sets the EDNS UDP size that is advertised by named when querying the remote server. - Valid values are 512 to 4096 (values outside this range will be + Valid values are 512 to 4096 bytes (values outside this range will be silently adjusted). This option is useful when you wish to advertises a different value to this server than the value you advertise globally, for example, when there is a firewall at the @@ -7734,7 +7733,7 @@ query-source-v6 address * port *; The max-udp-size option sets the maximum EDNS UDP message size named will send. Valid - values are 512 to 4096 (values outside this range will + values are 512 to 4096 bytes (values outside this range will be silently adjusted). This option is useful when you know that there is a firewall that is blocking large replies from named. @@ -7794,7 +7793,7 @@ query-source-v6 address * port *; Similarly, for an IPv6 remote server, only transfer-source-v6 can be specified. - Form more details, see the description of + For more details, see the description of transfer-source and transfer-source-v6 in . @@ -7852,7 +7851,7 @@ query-source-v6 address * port *; trusted-keys are deemed to exist regardless of what parent zones say. Similarly for all keys listed in trusted-keys only those keys are - used to validate the DNSKEY RRset. The parents DS RRset + used to validate the DNSKEY RRset. The parent's DS RRset will not be used. @@ -7968,7 +7967,7 @@ query-source-v6 address * port *; Here is an example of a typical split DNS setup implemented - using view statements. + using view statements: view "internal" { @@ -8198,7 +8197,7 @@ zone zone_name classexample.com might place the zone contents into a file called @@ -8293,8 +8292,8 @@ zone zone_name classforward option - (that is, "forward first - to", then "forward only", or vice versa, but want to + (that is, "forward first" + to, then "forward only", or vice versa, but want to use the same servers as set globally) you need to re-specify the global forwarders. @@ -8330,14 +8329,14 @@ zone zone_name class - This is used to enforce the delegation only + This is used to enforce the delegation-only status of infrastructure zones (e.g. COM, NET, ORG). Any answer that - is received without a explicit or implicit delegation + is received without an explicit or implicit delegation in the authority section will be treated as NXDOMAIN. This does not apply to the zone - apex. This SHOULD NOT be applied to leaf zones. + apex. This should not be applied to leaf zones. delegation-only has no @@ -8591,7 +8590,7 @@ zone zone_name class The flag only applies to hint and stub zones. If set - to yes then the zone will also be + to yes, then the zone will also be treated as if it is also a delegation-only type zone. @@ -8617,7 +8616,7 @@ zone zone_name class Used to override the list of global forwarders. If it is not specified in a zone of type forward, - no forwarding is done for the zone; the global options are + no forwarding is done for the zone and the global options are not used. @@ -9022,7 +9021,7 @@ zone zone_name classidentity would - be specified as * in + be specified as * (an asterisk) in this case. @@ -9129,7 +9128,7 @@ zone zone_name class - An encoded 16 bit value that specifies + An encoded 16-bit value that specifies the type of the resource record. @@ -9142,8 +9141,8 @@ zone zone_name class - The time to live of the RR. This field - is a 32 bit integer in units of seconds, and is + The time-to-live of the RR. This field + is a 32-bit integer in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can @@ -9159,7 +9158,7 @@ zone zone_name class - An encoded 16 bit value that identifies + An encoded 16-bit value that identifies a protocol family or instance of a protocol. @@ -9413,7 +9412,7 @@ zone zone_name class Identifies a mail exchange for the domain with - a 16 bit preference value (lower is better) + a 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035. @@ -9887,13 +9886,13 @@ zone zone_name class - The MX RRs have an RDATA section which consists of a 16 bit + The MX RRs have an RDATA section which consists of a 16-bit number followed by a domain name. The address RRs use a standard - IP address format to contain a 32 bit internet address. + IP address format to contain a 32-bit internet address. - This example shows six RRs, with two RRs at each of three + The above example shows six RRs, with two RRs at each of three domain names. @@ -10132,7 +10131,7 @@ zone zone_name class Setting TTLs - The time to live of the RR field is a 32 bit integer represented + The time-to-live of the RR field is a 32-bit integer represented in units of seconds, and is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. The following three types of TTL are @@ -10406,7 +10405,7 @@ $GENERATE 1-127 $ CNAME $.0 This can be one of two forms: start-stop - or start-stop/step. If the first form is used then step + or start-stop/step. If the first form is used, then step is set to 1. All of start, stop and step must be positive. @@ -10420,6 +10419,7 @@ $GENERATE 1-127 $ CNAME $.0 lhs describes the owner name of the resource records to be created. Any single $ + (dollar sign) symbols within the lhs side are replaced by the iterator value. @@ -10437,7 +10437,7 @@ $GENERATE 1-127 $ CNAME $.0 ${offset[,width[,base]]}. For example, ${-20,3,d} subtracts 20 from the current value, prints the - result as a decimal in a zero padded field of + result as a decimal in a zero-padded field of width 3. Available output forms are decimal @@ -10451,7 +10451,7 @@ $GENERATE 1-127 $ CNAME $.0 to the name. - For compatibility with earlier versions $$ is still + For compatibility with earlier versions, $$ is still recognized as indicating a literal $ in the output. @@ -10584,7 +10584,7 @@ $GENERATE 1-127 $ CNAME $.0 It is a good idea to use ACLs, and to control access to your server. Limiting access to your server by - outside parties can help prevent spoofing and DoS attacks against + outside parties can help prevent spoofing and denial of service (DoS) attacks against your server. @@ -10635,7 +10635,7 @@ zone "example.com" { <command>chroot</command> and <command>setuid</command> On UNIX servers, it is possible to run BIND in a chrooted environment - (chroot()) by specifying the "" + (using the chroot() function) by specifying the "" option. This can help improve system security by placing BIND in a "sandbox", which will limit the damage done if a server is compromised. @@ -10646,7 +10646,7 @@ zone "example.com" { We suggest running as an unprivileged user when using the chroot feature. - Here is an example command line to load BIND in a chroot() sandbox, + Here is an example command line to load BIND in a chroot sandbox, /var/named, and to run named setuid to user 202: @@ -10711,7 +10711,7 @@ zone "example.com" { Access to the dynamic update facility should be strictly limited. In earlier versions of - BIND the only way to do this was + BIND, the only way to do this was based on the IP address of the host requesting the update, by listing an IP address or @@ -10740,7 +10740,7 @@ zone "example.com" { - Some sites choose to keep all dynamically updated DNS data + Some sites choose to keep all dynamically-updated DNS data in a subdomain and delegate that subdomain to a separate zone. This way, the top-level zone containing critical data such as the IP addresses @@ -10838,7 +10838,7 @@ zone "example.com" { core of the new system was described in 1983 in RFCs 882 and 883. From 1984 to 1987, the ARPAnet (the precursor to today's Internet) became a testbed of experimentation for developing the - new naming/addressing scheme in an rapidly expanding, + new naming/addressing scheme in a rapidly expanding, operational network environment. New RFCs were written and published in 1987 that modified the original documents to incorporate improvements based on the working model. RFC 1034, @@ -10886,7 +10886,7 @@ zone "example.com" { released by Digital Equipment Corporation (now Compaq Computer Corporation). Paul Vixie, then a DEC employee, became BIND's - primary caretaker. Paul was assisted + primary caretaker. He was assisted by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat @@ -10894,7 +10894,7 @@ zone "example.com" { Wolfhugel, and others. - BIND Version 4.9.2 was sponsored by + BIND version 4.9.2 was sponsored by Vixie Enterprises. Paul Vixie became BIND's principal architect/programmer. @@ -12044,7 +12044,7 @@ zone "example.com" { - Obsoleted DNS Security RFC + Obsoleted DNS Security RFCs Most of these have been consolidated into RFC4033,