diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 0f21b7394e..4e108c98c2 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + BIND 9 Administrator Reference Manual @@ -2111,7 +2111,7 @@ key host1-host2. { - The algorithm, hmac-md5, is the only one supported by BIND. + The algorithm, hmac-md5, is the only one supported by BIND. The secret is the one generated above. Since this is a secret, it is recommended that either named.conf be non-world readable, or the key directive be added to a non-world readable @@ -2171,7 +2171,7 @@ server 10.1.2.3 { be denoted key host1-host2. - An example of an allow-update directive would be: + An example of an allow-update directive would be: @@ -3124,8 +3124,8 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. The interpretation of a match depends on whether the list is being - used for access control, defining listen-on ports, or in a - sortlist, and whether the element was negated. + used for access control, defining listen-on ports, or in a + sortlist, and whether the element was negated. @@ -3143,7 +3143,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. allow-update, allow-update-forwarding, and blackhole all use address match - lists. Similarly, the listen-on option will cause the + lists. Similarly, the listen-on option will cause the server to refuse queries on any of the machine's addresses which do not match the list. @@ -3218,8 +3218,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. slash) and continue to the end of the physical line. They cannot be continued across multiple physical lines; to have one logical comment span multiple lines, each line must use the // pair. - - For example: @@ -3235,8 +3233,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. with the character # (number sign) and continue to the end of the physical line, as in C++ comments. - - For example: @@ -5060,7 +5056,7 @@ category notify { null; }; client requests a TKEY exchange, it may or may not specify the desired name for the key. If present, the name of the shared key will - will be client specified part + + be client specified part + tkey-domain. Otherwise, the name of the shared key will be random hex digits + tkey-domain. @@ -5128,7 +5124,7 @@ category notify { null; }; The pathname of the file the server writes its process ID in. If not specified, the default is /var/run/named/named.pid. - The pid-file is used by programs that want to send signals to + The PID file is used by programs that want to send signals to the running name server. Specifying pid-file none disables the use of a PID file — no file will be written and any @@ -6535,7 +6531,7 @@ options { The interfaces and ports that the server will answer queries from may be specified using the listen-on option. listen-on takes - an optional port, and an address_match_list. + an optional port and an address_match_list. The server will listen on all interfaces allowed by the address match list. If a port is not specified, port 53 will be used. @@ -7030,7 +7026,7 @@ avoid-v6-udp-ports {}; to be used, you should set use-alt-transfer-source appropriately and you should not depend upon - getting a answer back to the first refresh + getting an answer back to the first refresh query. @@ -7891,14 +7887,15 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; edns-udp-size - Sets the advertised EDNS UDP buffer size in bytes. Valid - values are 512 to 4096 (values outside this range - will be silently adjusted). The default value is - 4096. The usual reason for setting edns-udp-size to - a non-default value is to get UDP answers to pass - through broken firewalls that block fragmented - packets and/or block UDP packets that are greater - than 512 bytes. + Sets the advertised EDNS UDP buffer size in bytes + to control the size of packets received. + Valid values are 512 to 4096 (values outside this range + will be silently adjusted). The default value + is 4096. The usual reason for setting + edns-udp-size to a non-default + value is to get UDP answers to pass through broken + firewalls that block fragmented packets and/or + block UDP packets that are greater than 512 bytes. @@ -7911,7 +7908,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; send in bytes. Valid values are 512 to 4096 (values outside this range will be silently adjusted). The default value is 4096. The usual reason for setting - max-udp-size to a non-default value is to get UDP + max-udp-size to a non-default value is to get UDP answers to pass through broken firewalls that block fragmented packets and/or block UDP packets that are greater than 512 bytes. @@ -8094,7 +8091,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; loopback address and the IPv6 unknown address. - Named will attempt to determine if a built in zone already exists + Named will attempt to determine if a built-in zone already exists or is active (covered by a forward-only forwarding declaration) and will not create a empty zone in that case. @@ -8157,7 +8154,7 @@ XXX: end of RFC1918 addresses #defined out --> The real parent servers for these zones should disable all empty zone under the parent zone they serve. For the real - root servers, this is all built in empty zones. This will + root servers, this is all built-in empty zones. This will enable them to return referrals to deeper in the tree. @@ -9002,7 +8999,7 @@ zone zone_name classex/example.com where ex/ is just the first two letters of the zone name. (Most operating systems - behave very slowly if you put 100 000 files into + behave very slowly if you put 100000 files into a single directory.) @@ -10982,8 +10979,6 @@ zone zone_name class - For example: @@ -11513,7 +11508,7 @@ HOST-127.EXAMPLE. MX 0 . Specifies the time-to-live of the generated records. If not specified this will be inherited using the - normal ttl inheritance rules. + normal TTL inheritance rules. class and ttl can be @@ -13114,7 +13109,7 @@ HOST-127.EXAMPLE. MX 0 . Access Control Lists - Access Control Lists (ACLs), are address match lists that + Access Control Lists (ACLs) are address match lists that you can set up and nickname for future use in allow-notify, allow-query, allow-query-on, allow-recursion, allow-recursion-on, @@ -13179,11 +13174,13 @@ zone "example.com" { <command>Chroot</command> and <command>Setuid</command> - On UNIX servers, it is possible to run BIND in a chrooted environment - (using the chroot() function) by specifying the "" - option. This can help improve system security by placing BIND in - a "sandbox", which will limit the damage done if a server is - compromised. + On UNIX servers, it is possible to run BIND + in a chrooted environment (using + the chroot() function) by specifying + the "" option for named. + This can help improve system security by placing + BIND in a "sandbox", which will limit + the damage done if a server is compromised. Another useful feature in the UNIX version of BIND is the @@ -13196,7 +13193,7 @@ zone "example.com" { user 202: - /usr/local/bin/named -u 202 -t /var/named + /usr/local/sbin/named -u 202 -t /var/named @@ -13462,11 +13459,9 @@ zone "example.com" { BIND architecture. - BIND version 4 is officially deprecated and BIND version - 8 development is considered maintenance-only in favor - of BIND version 9. No additional development is done - on BIND version 4 or BIND version 8 other than for - security-related patches. + BIND versions 4 and 8 are officially deprecated. + No additional development is done + on BIND version 4 or BIND version 8. BIND development work is made