From 9e7c5f15ca4ea8b638ca2f5c8c9f27031564db4d Mon Sep 17 00:00:00 2001 From: "Jeremy C. Reed" Date: Wed, 20 Aug 2014 15:45:57 -0500 Subject: [PATCH] miscellaneous minor fixes Say named instead of Named (be consistent). add sit-secret, automatic-interface-scan, policy tcp-only to grammar lowercase All-per-second to all-per-second fix typo cn to can Note this was not reviewed. --- doc/arm/Bv9ARM-book.xml | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index c2cd9db416..0b29da99f9 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -3702,8 +3702,8 @@ geoip org "Internet Systems Consortium"; The algorithm_id is a string - that specifies a security/authentication algorithm. Named - supports hmac-md5, + that specifies a security/authentication algorithm. The + named server supports hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512 TSIG authentication. @@ -4813,6 +4813,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] notify yes_or_no | explicit | master-only; recursion yes_or_no; request-sit yes_or_no; + sit-secret secret_string; request-nsid yes_or_no; rfc2308-type1 yes_or_no; use-id-pool yes_or_no; @@ -4852,6 +4853,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] allow-recursion-on { address_match_list }; allow-update { address_match_list }; allow-update-forwarding { address_match_list }; + automatic-interface-scan { yes_or_no }; update-check-ksk yes_or_no; dnssec-update-mode ( maintain | no-resign ); dnssec-dnskey-kskonly yes_or_no; @@ -5010,7 +5012,7 @@ badresp:1,adberr:0,findfail:0,valfail:0] } ; response-policy { zone zone_name ; - policy given | disabled | passthru | drop | nxdomain | nodata | cname domain ; + policy given | disabled | passthru | drop | tcp-only | nxdomain | nodata | cname domain ; recursive-only yes_or_no ; max-policy-ttl number ; ; recursive-only yes_or_no ; @@ -9179,7 +9181,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; Built-in Empty Zones - Named has some built-in empty zones (SOA and NS records only). + The named server has some built-in + empty zones (SOA and NS records only). These are for zones that should normally be answered locally and which queries should not be sent to the Internet's root servers. The official servers which cover these namespaces @@ -9191,9 +9194,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; }; IPv6 unknown address. - Named will attempt to determine if a built-in zone already exists - or is active (covered by a forward-only forwarding declaration) - and will not create an empty zone in that case. + The server will attempt to determine if a built-in zone + already exists or is active (covered by a forward-only + forwarding declaration) and will not create an empty + zone in that case. The current list of empty zones is: @@ -9790,7 +9794,7 @@ deny-answer-aliases { "example.net"; }; Any of the policies can be used with any of the triggers. For example, while the TCP-only policy is commonly used with client-IP triggers, - it cn be used with any type of trigger to force the use of + it can be used with any type of trigger to force the use of TCP for responses with owner names in a zone. @@ -10355,7 +10359,7 @@ rate-limit { as it considers the STMP Mail From command. Web browsers often repeatedly resolve the same names that are repeated in HTML <IMG> tags - in a page. All-per-second is similar + in a page. all-per-second is similar to the rate limiting offered by firewalls but often inferior. Attacks that justify ignoring the contents of DNS responses are likely to be attacks on the DNS @@ -10647,9 +10651,9 @@ rate-limit { whether the local server will add a SIT EDNS option to requests sent to the server. This overrides request-sit set at the view or - option level. Named may determine that SIT is not - supported by the remote server and not add a SIT - EDNS option to requests. + option level. The named server may + determine that SIT is not supported by the remote server + and not add a SIT EDNS option to requests.