From 9115ff0255629236c01c5d504c84db45be16dee1 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 23 Jul 2015 19:52:25 +1000 Subject: [PATCH] whitespace --- doc/arm/Bv9ARM-book.xml | 94 ++++++++++++++++++++--------------------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index 7e640a7619..fdf1769c89 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -646,7 +646,7 @@ ISC BIND 9 compiles and runs on a large number - of Unix-like operating systems and on + of Unix-like operating systems and on Microsoft Windows Server 2003 and 2008, and Windows XP and Vista. For an up-to-date list of supported systems, see the README file in the top level @@ -1390,7 +1390,7 @@ controls { allow-update or an update-policy clause in the zone statement. - + If the zone's update-policy is set to local, updates to the zone @@ -2234,10 +2234,10 @@ allow-update { key host1-host2. ;}; To enable named to validate answers from other servers, the dnssec-enable option must be set to yes, and the - dnssec-validation options must be set to + dnssec-validation options must be set to yes or auto. - + If dnssec-validation is set to auto, then a default @@ -2250,7 +2250,7 @@ allow-update { key host1-host2. ;}; will not occur. The default setting is yes. - + trusted-keys are copies of DNSKEY RRs for zones that are used to form the first link in the @@ -2359,7 +2359,7 @@ options { including missing, expired, or invalid signatures, a key which does not match the DS RRset in the parent zone, or an insecure response from a zone which, according to its parent, should have - been secure. + been secure. @@ -2419,7 +2419,7 @@ options { the traditional "nibble" format used in the ip6.arpa domain, as well as the older, deprecated ip6.int domain. - Older versions of BIND 9 + Older versions of BIND 9 supported the "binary label" (also known as "bitstring") format, but support of binary labels has been completely removed per RFC 3363. @@ -2878,7 +2878,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. "as big as possible", depending on the context. See the explanations of particular parameters that use size_spec - for details on how they interpret its use. + for details on how they interpret its use. Numeric values can optionally be followed by a @@ -2897,12 +2897,12 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. (including ), it may mean the largest possible 32-bit unsigned integer (0xffffffff); this distinction can be important when - dealing with larger quantities. + dealing with larger quantities. unlimited is usually the best way to safely set a very large number. - default + default uses the limit that was in force when the server was started. @@ -3240,7 +3240,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. defines a named masters list for inclusion in stub and slave zones' - masters or + masters or also-notify lists. @@ -4652,7 +4652,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] <command>masters</command> Statement Grammar -masters name port ip_port { ( masters_list | +masters name port ip_port { ( masters_list | ip_addr port ip_port key key ) ; ... }; @@ -4731,7 +4731,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] forwarders { ip_addr port ip_port ; ... }; dual-stack-servers port ip_port { ( domain_name port ip_port | - ip_addr port ip_port ) ; + ip_addr port ip_port ) ; ... }; check-names ( master | slave | response ) ( warn | fail | ignore ); @@ -4774,8 +4774,8 @@ badresp:1,adberr:0,findfail:0,valfail:0] address ( ip4_addr | * ) port ( ip_port | * ) ) ; query-source-v6 ( ( ip6_addr | * ) - port ( ip_port | * ) | - address ( ip6_addr | * ) + port ( ip_port | * ) | + address ( ip6_addr | * ) port ( ip_port | * ) ) ; use-queryport-pool yes_or_no; queryport-pool-ports number; @@ -5251,7 +5251,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] The pathname of a file to override the built-in trusted keys provided by named. See the discussion of dnssec-lookaside - and dnssec-validation for details. + and dnssec-validation for details. If not specified, the default is /etc/bind.keys. @@ -5529,7 +5529,7 @@ options { Each dns64 supports an optional mapped ACL that selects which - IPv4 addresses are to be mapped in the corresponding + IPv4 addresses are to be mapped in the corresponding A RRset. If not defined it defaults to any;. @@ -6120,7 +6120,7 @@ options { If yes, then an empty EDNS(0) - NSID (Name Server Identifier) option is sent with all + NSID (Name Server Identifier) option is sent with all queries to authoritative name servers during iterative resolution. If the authoritative server returns an NSID option in its response, then its contents are logged in @@ -6343,7 +6343,7 @@ options { If yes, the DNS client is at an IPv4 address, in filter-aaaa, - and if the response does not include DNSSEC signatures, + and if the response does not include DNSSEC signatures, then all AAAA records are deleted from the response. This filtering applies to all responses and not only authoritative responses. @@ -6355,8 +6355,8 @@ options { because the DNSSEC protocol is designed detect deletions. - This mechanism can erroneously cause other servers to - not give AAAA records to their clients. + This mechanism can erroneously cause other servers to + not give AAAA records to their clients. A recursing server with both IPv6 and IPv4 network connections that queries an authoritative server using this mechanism via IPv4 will be denied AAAA records even if its client is @@ -7349,7 +7349,7 @@ avoid-v6-udp-ports {}; Note: BIND 9.5.0 introduced - the use-queryport-pool + the use-queryport-pool option to support a pool of such random ports, but this option is now obsolete because reusing the same ports in the pool may not be sufficiently secure. @@ -7387,7 +7387,7 @@ avoid-v6-udp-ports {}; - + @@ -7956,7 +7956,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; A "soft quota" is also set. When this lower quota is exceeded, incoming requests are accepted, but - for each one, a pending request will be dropped. + for each one, a pending request will be dropped. If is greater than 1000, the soft quota is set to minus 100; @@ -8215,7 +8215,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; waiting for some data before being passed to accept. Nonzero values less than 10 will be silently raised. A value of 0 may also - be used; on most platforms this sets the listen queue + be used; on most platforms this sets the listen queue length to a system-defined default value. @@ -9160,7 +9160,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - + empty-contact @@ -9171,7 +9171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - + empty-zones-enable @@ -9181,7 +9181,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; - + disable-empty-zone @@ -10174,7 +10174,7 @@ ns.domain.com.rpz-nsdname CNAME . whether the local server will add a NSID EDNS option to requests sent to the server. This overrides request-nsid set at the view or - option level. + option level. @@ -10252,9 +10252,9 @@ ns.domain.com.rpz-nsdname CNAME . >http://127.0.0.1:8888/ or http://127.0.0.1:8888/xml. A CSS file is - included which can format the XML statistics into tables + included which can format the XML statistics into tables when viewed with a stylesheet-capable browser. When - BIND 9 is configured with --enable-newstats, + BIND 9 is configured with --enable-newstats, a new XML schema is used (version 3) which adds additional zone statistics and uses a flatter tree for more efficient parsing. The stylesheet included uses the Google Charts API @@ -10264,10 +10264,10 @@ ns.domain.com.rpz-nsdname CNAME . Applications that depend on a particular XML schema - can request + can request http://127.0.0.1:8888/xml/v2 for version 2 - of the statistics XML schema or + of the statistics XML schema or http://127.0.0.1:8888/xml/v3 for version 3. If the requested schema is supported by the server, then @@ -10341,7 +10341,7 @@ ns.domain.com.rpz-nsdname CNAME . <command>managed-keys</command> Statement Definition and Usage - The managed-keys statement, like + The managed-keys statement, like trusted-keys, defines DNSSEC security roots. The difference is that managed-keys can be kept up to date @@ -10387,7 +10387,7 @@ ns.domain.com.rpz-nsdname CNAME . initial-key. The difference is, whereas the keys listed in a trusted-keys continue to be trusted until they are removed from - named.conf, an initializing key listed + named.conf, an initializing key listed in a managed-keys statement is only trusted once: for as long as it takes to load the managed key database and start the RFC 5011 key maintenance @@ -10763,7 +10763,7 @@ zone zone_name class allow-query { address_match_list }; server-addresses { ip_addr ; ... }; - server-names { namelist }; + server-names { namelist }; zone-statistics yes_or_no ; }; @@ -10963,7 +10963,7 @@ zone zone_name class Each static-stub zone is configured with internally generated NS and (if necessary) - glue A or AAAA RRs + glue A or AAAA RRs @@ -11047,7 +11047,7 @@ zone zone_name class"*. IN A 100.100.100.2" and "*. IN AAAA 2001:ffff:ffff::100.100.100.2". @@ -11055,7 +11055,7 @@ zone zone_name class To redirect all Spanish names (under .ES) one would use similar entries but with the names - "*.ES." instead of "*.". To redirect all + "*.ES." instead of "*.". To redirect all commercial Spanish names (under COM.ES) one would use wildcard entries called "*.COM.ES.". @@ -11824,7 +11824,7 @@ example.com. NS ns2.example.net. zonename causes named to load keys from the key repository and sign the zone with all keys that are - active. + active. rndc loadkeys zonename causes named to load keys from the key @@ -11858,7 +11858,7 @@ example.com. NS ns2.example.net. the zone is updated. - When set to + When set to serial-update-method unixtime;, the SOA serial number will be set to the number of seconds since the UNIX epoch, unless the serial number is @@ -11891,7 +11891,7 @@ example.com. NS ns2.example.net. - + masterfile-format @@ -12167,7 +12167,7 @@ example.com. NS ns2.example.net. This rule takes a Windows machine principal (machine$@REALM) for machine in REALM and - and converts it machine.realm allowing the machine + and converts it machine.realm allowing the machine to update machine.realm. The REALM to be matched is specified in the identity field. @@ -12181,7 +12181,7 @@ example.com. NS ns2.example.net. - This rule takes a Windows machine principal + This rule takes a Windows machine principal (machine$@REALM) for machine in REALM and converts it to machine.realm allowing the machine to update subdomains of machine.realm. The REALM @@ -12199,7 +12199,7 @@ example.com. NS ns2.example.net. This rule takes a Kerberos machine principal (host/machine@REALM) for machine in REALM and - and converts it machine.realm allowing the machine + and converts it machine.realm allowing the machine to update machine.realm. The REALM to be matched is specified in the identity field. @@ -12213,7 +12213,7 @@ example.com. NS ns2.example.net. - This rule takes a Kerberos machine principal + This rule takes a Kerberos machine principal (host/machine@REALM) for machine in REALM and converts it to machine.realm allowing the machine to update subdomains of machine.realm. The REALM @@ -13609,7 +13609,7 @@ example.com. NS ns2.example.net. When used in the label (or name) field, the asperand or at-sign (@) symbol represents the current origin. - At the start of the zone file, it is the + At the start of the zone file, it is the <zone_name> (followed by trailing dot).