upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 11:49:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

whitespace

Browse source
This commit is contained in:
Mark Andrews 2015-07-23 19:52:25 +10:00
parent ff710362d9
commit 9115ff0255
1 changed files with 47 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

94
doc/arm/Bv9ARM-book.xml
View file

@ -646,7 +646,7 @@
<para>
ISC <acronym>BIND</acronym> 9 compiles and runs on a large
number
of Unix-like operating systems and on
of Unix-like operating systems and on
Microsoft Windows Server 2003 and 2008, and Windows XP and Vista.
For an up-to-date
list of supported systems, see the README file in the top level
@ -1390,7 +1390,7 @@ controls {
<command>allow-update</command> or an <command>update-policy</command>
clause in the <command>zone</command> statement.
</para>
<para>
If the zone's <command>update-policy</command> is set to
<userinput>local</userinput>, updates to the zone
@ -2234,10 +2234,10 @@ allow-update { key host1-host2. ;};
To enable <command>named</command> to validate answers from
other servers, the <command>dnssec-enable</command> option
must be set to <userinput>yes</userinput>, and the
<command>dnssec-validation</command> options must be set to
<command>dnssec-validation</command> options must be set to
<userinput>yes</userinput> or <userinput>auto</userinput>.
</para>
<para>
If <command>dnssec-validation</command> is set to
<userinput>auto</userinput>, then a default
@ -2250,7 +2250,7 @@ allow-update { key host1-host2. ;};
will not occur. The default setting is
<userinput>yes</userinput>.
</para>
<para>
<command>trusted-keys</command> are copies of DNSKEY RRs
for zones that are used to form the first link in the
@ -2359,7 +2359,7 @@ options {
including missing, expired, or invalid signatures, a key which
does not match the DS RRset in the parent zone, or an insecure
response from a zone which, according to its parent, should have
been secure.
been secure.
</para>
<note>
@ -2419,7 +2419,7 @@ options {
the traditional "nibble" format used in the
<emphasis>ip6.arpa</emphasis> domain, as well as the older, deprecated
<emphasis>ip6.int</emphasis> domain.
Older versions of <acronym>BIND</acronym> 9
Older versions of <acronym>BIND</acronym> 9
supported the "binary label" (also known as "bitstring") format,
but support of binary labels has been completely removed per
RFC 3363.
@ -2878,7 +2878,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
"as big as possible", depending on the context.
See the explanations of particular parameters
that use <varname>size_spec</varname>
for details on how they interpret its use.
for details on how they interpret its use.
</para>
<para>
Numeric values can optionally be followed by a
@ -2897,12 +2897,12 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
(including <option>max-cache-size</option>), it may
mean the largest possible 32-bit unsigned integer
(0xffffffff); this distinction can be important when
dealing with larger quantities.
dealing with larger quantities.
<varname>unlimited</varname> is usually the best way
to safely set a very large number.
</para>
<para>
<varname>default</varname>
<varname>default</varname>
uses the limit that was in force when the server was started.
</para>
</entry>
@ -3240,7 +3240,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<para>
defines a named masters list for
inclusion in stub and slave zones'
<command>masters</command> or
<command>masters</command> or
<command>also-notify</command> lists.
</para>
</entry>
@ -4652,7 +4652,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<title><command>masters</command> Statement Grammar</title>
<programlisting>
<command>masters</command> <replaceable>name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> |
<command>masters</command> <replaceable>name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>masters_list</replaceable> |
<replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional> ) ; <optional>...</optional> };
</programlisting>
@ -4731,7 +4731,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> forwarders { <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> dual-stack-servers <optional>port <replaceable>ip_port</replaceable></optional> {
( <replaceable>domain_name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> |
<replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ) ;
<replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ) ;
... }; </optional>
<optional> check-names ( <replaceable>master</replaceable> | <replaceable>slave</replaceable> | <replaceable>response</replaceable> )
( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
@ -4774,8 +4774,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<optional> address ( <replaceable>ip4_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> query-source-v6 ( ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> )
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
<optional> address ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> |
<optional> address ( <replaceable>ip6_addr</replaceable> | <replaceable>*</replaceable> ) </optional>
<optional> port ( <replaceable>ip_port</replaceable> | <replaceable>*</replaceable> ) </optional> ) ; </optional>
<optional> use-queryport-pool <replaceable>yes_or_no</replaceable>; </optional>
<optional> queryport-pool-ports <replaceable>number</replaceable>; </optional>
@ -5251,7 +5251,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
The pathname of a file to override the built-in trusted
keys provided by <command>named</command>.
See the discussion of <command>dnssec-lookaside</command>
and <command>dnssec-validation</command> for details.
and <command>dnssec-validation</command> for details.
If not specified, the default is
<filename>/etc/bind.keys</filename>.
</para>
@ -5529,7 +5529,7 @@ options {
<para>
Each <command>dns64</command> supports an optional
<command>mapped</command> ACL that selects which
IPv4 addresses are to be mapped in the corresponding
IPv4 addresses are to be mapped in the corresponding
A RRset. If not defined it defaults to
<userinput>any;</userinput>.
</para>
@ -6120,7 +6120,7 @@ options {
<listitem>
<para>
If <userinput>yes</userinput>, then an empty EDNS(0)
NSID (Name Server Identifier) option is sent with all
NSID (Name Server Identifier) option is sent with all
queries to authoritative name servers during iterative
resolution. If the authoritative server returns an NSID
option in its response, then its contents are logged in
@ -6343,7 +6343,7 @@ options {
<para>
If <userinput>yes</userinput>,
the DNS client is at an IPv4 address, in <command>filter-aaaa</command>,
and if the response does not include DNSSEC signatures,
and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
@ -6355,8 +6355,8 @@ options {
because the DNSSEC protocol is designed detect deletions.
</para>
<para>
This mechanism can erroneously cause other servers to
not give AAAA records to their clients.
This mechanism can erroneously cause other servers to
not give AAAA records to their clients.
A recursing server with both IPv6 and IPv4 network connections
that queries an authoritative server using this mechanism
via IPv4 will be denied AAAA records even if its client is
@ -7349,7 +7349,7 @@ avoid-v6-udp-ports {};
<para>
Note: BIND 9.5.0 introduced
the <command>use-queryport-pool</command>
the <command>use-queryport-pool</command>
option to support a pool of such random ports, but this
option is now obsolete because reusing the same ports in
the pool may not be sufficiently secure.
@ -7387,7 +7387,7 @@ avoid-v6-udp-ports {};
</para>
</listitem>
</varlistentry>
</variablelist>
<note>
<para>
@ -7956,7 +7956,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
A "soft quota" is also set. When this lower
quota is exceeded, incoming requests are accepted, but
for each one, a pending request will be dropped.
for each one, a pending request will be dropped.
If <option>recursive-clients</option> is greater than
1000, the soft quota is set to
<option>recursive-clients</option> minus 100;
@ -8215,7 +8215,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
waiting for
some data before being passed to accept. Nonzero values
less than 10 will be silently raised. A value of 0 may also
be used; on most platforms this sets the listen queue
be used; on most platforms this sets the listen queue
length to a system-defined default value.
</para>
</listitem>
@ -9160,7 +9160,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>empty-contact</command></term>
<listitem>
@ -9171,7 +9171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>empty-zones-enable</command></term>
<listitem>
@ -9181,7 +9181,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>disable-empty-zone</command></term>
<listitem>
@ -10174,7 +10174,7 @@ ns.domain.com.rpz-nsdname CNAME .
whether the local server will add a NSID EDNS option
to requests sent to the server. This overrides
<command>request-nsid</command> set at the view or
option level.
option level.
</para>
</sect2>
@ -10252,9 +10252,9 @@ ns.domain.com.rpz-nsdname CNAME .
>http://127.0.0.1:8888/</ulink> or
<ulink url="http://127.0.0.1:8888/xml"
>http://127.0.0.1:8888/xml</ulink>. A CSS file is
included which can format the XML statistics into tables
included which can format the XML statistics into tables
when viewed with a stylesheet-capable browser. When
<acronym>BIND</acronym> 9 is configured with --enable-newstats,
<acronym>BIND</acronym> 9 is configured with --enable-newstats,
a new XML schema is used (version 3) which adds additional
zone statistics and uses a flatter tree for more efficient
parsing. The stylesheet included uses the Google Charts API
@ -10264,10 +10264,10 @@ ns.domain.com.rpz-nsdname CNAME .
<para>
Applications that depend on a particular XML schema
can request
can request
<ulink url="http://127.0.0.1:8888/xml/v2"
>http://127.0.0.1:8888/xml/v2</ulink> for version 2
of the statistics XML schema or
of the statistics XML schema or
<ulink url="http://127.0.0.1:8888/xml/v3"
>http://127.0.0.1:8888/xml/v3</ulink> for version 3.
If the requested schema is supported by the server, then
@ -10341,7 +10341,7 @@ ns.domain.com.rpz-nsdname CNAME .
<title><command>managed-keys</command> Statement Definition
and Usage</title>
<para>
The <command>managed-keys</command> statement, like
The <command>managed-keys</command> statement, like
<command>trusted-keys</command>, defines DNSSEC
security roots. The difference is that
<command>managed-keys</command> can be kept up to date
@ -10387,7 +10387,7 @@ ns.domain.com.rpz-nsdname CNAME .
<literal>initial-key</literal>. The difference is, whereas the
keys listed in a <command>trusted-keys</command> continue to be
trusted until they are removed from
<filename>named.conf</filename>, an initializing key listed
<filename>named.conf</filename>, an initializing key listed
in a <command>managed-keys</command> statement is only trusted
<emphasis>once</emphasis>: for as long as it takes to load the
managed key database and start the RFC 5011 key maintenance
@ -10763,7 +10763,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
type static-stub;
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> server-addresses { <optional> <replaceable>ip_addr</replaceable> ; ... </optional> }; </optional>
<optional> server-names { <optional> <replaceable>namelist</replaceable> </optional> }; </optional>
<optional> server-names { <optional> <replaceable>namelist</replaceable> </optional> }; </optional>
<optional> zone-statistics <replaceable>yes_or_no</replaceable> ; </optional>
};
@ -10963,7 +10963,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<para>
Each static-stub zone is configured with
internally generated NS and (if necessary)
glue A or AAAA RRs
glue A or AAAA RRs
</para>
</entry>
</row>
@ -11047,7 +11047,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
2001:ffff:ffff::100.100.100.2, one would
configure a type redirect zone named ".",
with the zone file containing wildcard records
that point to the desired addresses:
that point to the desired addresses:
<literal>"*. IN A 100.100.100.2"</literal>
and
<literal>"*. IN AAAA 2001:ffff:ffff::100.100.100.2"</literal>.
@ -11055,7 +11055,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<para>
To redirect all Spanish names (under .ES) one
would use similar entries but with the names
"*.ES." instead of "*.". To redirect all
"*.ES." instead of "*.". To redirect all
commercial Spanish names (under COM.ES) one
would use wildcard entries called "*.COM.ES.".
</para>
@ -11824,7 +11824,7 @@ example.com. NS ns2.example.net.
<replaceable>zonename</replaceable></command> causes
<command>named</command> to load keys from the key
repository and sign the zone with all keys that are
active.
active.
<command>rndc loadkeys
<replaceable>zonename</replaceable></command> causes
<command>named</command> to load keys from the key
@ -11858,7 +11858,7 @@ example.com. NS ns2.example.net.
the zone is updated.
</para>
<para>
When set to
When set to
<command>serial-update-method unixtime;</command>, the
SOA serial number will be set to the number of seconds
since the UNIX epoch, unless the serial number is
@ -11891,7 +11891,7 @@ example.com. NS ns2.example.net.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>masterfile-format</command></term>
<listitem>
@ -12167,7 +12167,7 @@ example.com. NS ns2.example.net.
<para>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <replaceable>identity</replaceable>
field.
@ -12181,7 +12181,7 @@ example.com. NS ns2.example.net.
</para>
</entry> <entry colname="2">
<para>
This rule takes a Windows machine principal
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
@ -12199,7 +12199,7 @@ example.com. NS ns2.example.net.
<para>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
and converts it machine.realm allowing the machine
and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <replaceable>identity</replaceable>
field.
@ -12213,7 +12213,7 @@ example.com. NS ns2.example.net.
</para>
</entry> <entry colname="2">
<para>
This rule takes a Kerberos machine principal
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
@ -13609,7 +13609,7 @@ example.com. NS ns2.example.net.
<para>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
At the start of the zone file, it is the
At the start of the zone file, it is the
&lt;<varname>zone_name</varname>&gt; (followed by
trailing dot).
</para>