modeCheck for records that are treated as different by DNSSEC but - are semantically equal in plain DNS. + are semantically equal in plain DNS. Possible modes are "fail", "warn" (default) and "ignore". diff --git a/bin/confgen/ddns-confgen.html b/bin/confgen/ddns-confgen.html index 153c3e572c..4414289291 100644 --- a/bin/confgen/ddns-confgen.html +++ b/bin/confgen/ddns-confgen.html @@ -60,7 +60,7 @@ local DDNS key for use with nsupdate -l: it does this when a zone is configured with update-policy local;. - ddns-confgen is only needed when a + ddns-confgen is only needed when a more elaborate configuration is required: for instance, if nsupdate is to be used from a remote system. diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 3c1e566ff2..848c4d8ad5 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -74,7 +74,7 @@
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the -t and
- -c options to specify the type and class,
+ -c options to specify the type and class,
use the -q the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
IDN_DISABLE environment variable.
- The IDN support is disabled if the variable is set when
+ The IDN support is disabled if the variable is set when
dig runs.
diff --git a/bin/dig/host.html b/bin/dig/host.html
index 3b4aea9a6e..fb8c08f67e 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -170,7 +170,7 @@
value for an integer quantity.
- The -s option tells host
+ The -s option tells host
not to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -190,7 +190,7 @@
If host has been built with IDN (internationalized - domain name) support, it can accept and display non-ASCII domain names. + domain name) support, it can accept and display non-ASCII domain names. host appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html index dc06420a27..d470db3272 100644 --- a/bin/dnssec/dnssec-dsfromkey.html +++ b/bin/dnssec/dnssec-dsfromkey.html @@ -94,7 +94,7 @@
Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS - records and printed. Useful only in zone file mode. + records and printed. Useful only in zone file mode.
domaindiff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index 89e40034de..93037d9bf1 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -281,7 +281,7 @@
If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
@@ -313,7 +313,7 @@ footprint).
-dnssec-keyfromlabel +
dnssec-keyfromlabel
creates two files, with names based
on the printed string. Knnnn.+aaa+iiiii.key
contains the public key, and
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index e2138ef40a..bce1ca4f69 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -328,7 +328,7 @@
If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
@@ -361,7 +361,7 @@ footprint).
-dnssec-keygen +
dnssec-keygen
creates two files, with names based
on the printed string. Knnnn.+aaa+iiiii.key
contains the public key, and
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index 8e5c38c046..e366fb215c 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -65,8 +65,8 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time. If no other values are specified,
- then the key's publication and activation dates will also
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
be set to the present time.
directoryIf the key is being set to be an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 9278764e6e..b36e1872a6 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -74,7 +74,7 @@
(-S) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with $INCLUDE. This option
- cannot be combined with -O raw,
+ cannot be combined with -O raw,
-O map, or serial number updating.
engine
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
- replaced with a new one, signatures from the old key
+ replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The -Q
@@ -388,7 +388,7 @@
If the key's activation date is set and in the past, the key is published (regardless of publication date) and - used to sign the zone. + used to sign the zone.
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 5438acf78a..c6afd57f62 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -39,7 +39,7 @@ server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
-lwresd +
lwresd
listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
means that lwresd can only be used by
@@ -123,7 +123,7 @@
trace,
record,
size, and
- mctx.
+ mctx.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<isc/mem.h>.
trusted-keys {
- domain_name flags protocol algorithm key; ...
+ domain_name flags protocol algorithm key; ...
};
managed-keys {
- domain_name initial-key flags protocol algorithm key; ...
+ domain_name initial-key flags protocol algorithm key; ...
};
domain- Check for a DLV record in the specified lookaside domain, + Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone's parent. For example, to check for DLV records for "example.com" in ISC's DLV zone, use: diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 607ff74807..8706db64ca 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -186,7 +186,7 @@ Delete a zone while the server is running. Only zones that were originally added via rndc addzone can be deleted - in this manner. + in this manner.
If the -clean is specified,
@@ -377,7 +377,7 @@
Fetch all DNSSEC keys for the given zone - from the key directory (see the + from the key directory (see the key-directory option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the @@ -407,7 +407,7 @@ operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type - sig-signing-type. + sig-signing-type. rndc signing -list converts these records into a human-readable form, indicating which keys are currently signing @@ -433,7 +433,7 @@ flags, iterations, and salt, in that order.
- Currently, the only defined value for hash algorithm
+ Currently, the only defined value for hash algorithm
is 1, representing SHA-1.
The flags may be set to
0 or 1,
diff --git a/bin/tools/named-journalprint.html b/bin/tools/named-journalprint.html
index eee59983f8..66b91a7441 100644
--- a/bin/tools/named-journalprint.html
+++ b/bin/tools/named-journalprint.html
@@ -34,10 +34,10 @@
named-journalprint prints the contents of a zone journal file in a human-readable - form. + form.
- Journal files are automatically created by named + Journal files are automatically created by named when changes are made to dynamic zones (e.g., by nsupdate). They record each addition or deletion of a resource record, in binary format, allowing the diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 0e178ed143..979d6434d0 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -574,7 +574,7 @@ nameserver 172.16.72.4
TSIG keys can be generated using the tsig-keygen
command; the output of the command is a key directive
- suitable for inclusion in named.conf. The
+ suitable for inclusion in named.conf. The
key name, algorithm and size can be specified by command line parameters;
the defaults are "tsig-key", HMAC-SHA256, and 256 bits, respectively.
Keys can also be specified in a server @@ -765,7 +765,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
The TKEY process is initiated by a client or server by sending a query of type TKEY to a TKEY-aware server. The query must include - an appropriate KEY record in the additional section, and + an appropriate KEY record in the additional section, and must be signed using either TSIG or SIG(0) with a previously established key. The server's response, if successful, will contain a TKEY record in its answer section. After this transaction, @@ -1107,15 +1107,15 @@ options {
Changing a zone from insecure to secure can be done in two - ways: using a dynamic DNS update, or the + ways: using a dynamic DNS update, or the auto-dnssec zone option.
-For either method, you need to configure - named so that it can see the +
For either method, you need to configure
+ named so that it can see the
K* files which contain the public and private
parts of the keys that will be used to sign the zone. These files
- will have been generated by
+ will have been generated by
dnssec-keygen. You can do this by placing them
- in the key-directory, as specified in
+ in the key-directory, as specified in
named.conf:
zone example.net {
@@ -1141,7 +1141,7 @@ options {
> send
While the update request will complete almost immediately, - the zone will not be completely signed until + the zone will not be completely signed until named has had time to walk the zone and generate the NSEC and RRSIG records. The NSEC record at the apex will be added last, to signal that there is a complete NSEC @@ -1159,7 +1159,7 @@ options { > send
Again, this update request will complete almost - immediately; however, the record won't show up until + immediately; however, the record won't show up until named has had a chance to build/remove the relevant chain. A private type record will be created to record the state of the operation (see below for more details), and will @@ -1168,17 +1168,17 @@ options { is happening, other updates are possible as well.
-To enable automatic signing, add the
- auto-dnssec option to the zone statement in
- named.conf.
- auto-dnssec has two possible arguments:
- allow or
+
To enable automatic signing, add the
+ auto-dnssec option to the zone statement in
+ named.conf.
+ auto-dnssec has two possible arguments:
+ allow or
maintain.
With - auto-dnssec allow, +
With + auto-dnssec allow, named can search the key directory for keys matching the zone, insert them into the zone, and use them to - sign the zone. It will do so only when it receives an + sign the zone. It will do so only when it receives an rndc sign <zonename>.
@@ -1186,7 +1186,7 @@ options { functionality, but will also automatically adjust the zone's DNSKEY records on schedule according to the keys' timing metadata. (See dnssec-keygen(8) and - dnssec-settime(8) for more information.) + dnssec-settime(8) for more information.)
named will periodically search the key directory @@ -1200,7 +1200,7 @@ options {
If keys are present in the key directory the first time the zone - is loaded, the zone will be signed immediately, without waiting for an + is loaded, the zone will be signed immediately, without waiting for an rndc sign or rndc loadkeys command. (Those commands can still be used when there are unscheduled key changes, however.) @@ -1222,10 +1222,10 @@ options { the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM record will appear in the zone.
-Using the +
Using the auto-dnssec option requires the zone to be - configured to allow dynamic updates, by adding an - allow-update or + configured to allow dynamic updates, by adding an + allow-update or update-policy statement to the zone configuration. If this has not been done, the configuration will fail.
@@ -1273,14 +1273,14 @@ options {As with insecure-to-secure conversions, rolling DNSSEC - keys can be done in two ways: using a dynamic DNS update, or the + keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.
To perform key rollovers via dynamic update, you need to add
- the K* files for the new keys so that
+ the K* files for the new keys so that
named can find them. You can then add the new
- DNSKEY RRs via dynamic update.
+ DNSKEY RRs via dynamic update.
named will then cause the zone to be signed
with the new keys. When the signing is complete the private type
records will be updated so that the last octet is non
@@ -1294,14 +1294,14 @@ options {
be able to verify at least one signature when you remove the old
DNSKEY.
The old DNSKEY can be removed via UPDATE. Take care to - specify the correct key. + specify the correct key. named will clean out any signatures generated by the old key after the update completes.
When a new key reaches its activation date (as set by
dnssec-keygen or dnssec-settime),
- if the auto-dnssec zone option is set to
+ if the auto-dnssec zone option is set to
maintain, named will
automatically carry out the key rollover. If the key's algorithm
has not previously been used to sign the zone, then the zone will
@@ -1339,9 +1339,9 @@ options {
nsupdate. All signatures, NSEC or NSEC3 chains,
and associated NSEC3PARAM records will be removed automatically.
This will take place after the update request completes.
This requires the
- dnssec-secure-to-insecure option to be set to
- yes in
+
This requires the
+ dnssec-secure-to-insecure option to be set to
+ yes in
named.conf.
In addition, if the auto-dnssec maintain zone statement is used, it should be removed or changed to @@ -1359,9 +1359,9 @@ options {
named only supports creating new NSEC3 chains where all the NSEC3 records in the zone have the same OPTOUT - state. + state. named supports UPDATES to zones where the NSEC3 - records in the chain have mixed OPTOUT state. + records in the chain have mixed OPTOUT state. named does not support changing the OPTOUT state of an individual NSEC3 record, the entire chain needs to be changed if the OPTOUT state of an individual NSEC3 needs to be @@ -1371,7 +1371,7 @@ options {
BIND 9.7.0 introduces support for RFC 5011, dynamic trust - anchor management. Using this feature allows + anchor management. Using this feature allows named to keep track of changes to critical DNSSEC keys without any need for the operator to make changes to configuration files.
@@ -1379,9 +1379,9 @@ options {To configure a validating resolver to use RFC 5011 to - maintain a trust anchor, configure the trust anchor using a + maintain a trust anchor, configure the trust anchor using a managed-keys statement. Information about - this can be found in + this can be found in the section called “managed-keys Statement Definition and Usage”.
@@ -1403,21 +1403,21 @@ options { timer has completed, the active KSK can be revoked, and the zone can be "rolled over" to the newly accepted key.The easiest way to place a stand-by key in a zone is to - use the "smart signing" features of - dnssec-keygen and + use the "smart signing" features of + dnssec-keygen and dnssec-signzone. If a key with a publication date in the past, but an activation date which is unset or in - the future, " + the future, " dnssec-signzone -S" will include the DNSKEY record in the zone, but will not sign with it:
$-dnssec-keygen -K keys -f KSK -P now -A now+2y example.net$dnssec-signzone -S -K keys example.net
To revoke a key, the new command +
To revoke a key, the new command
dnssec-revoke has been added. This adds the
- REVOKED bit to the key flags and re-generates the
- K*.key and
+ REVOKED bit to the key flags and re-generates the
+ K*.key and
K*.private files.
After revoking the active key, the zone must be signed
with both the revoked KSK and the new active KSK. (Smart
@@ -1435,7 +1435,7 @@ $ dnssec-signzone -S -K keys example.net<
"Kexample.com.+005+10128".
If two keys have ID's exactly 128 apart, and one is
revoked, then the two key ID's will collide, causing several
- problems. To prevent this,
+ problems. To prevent this,
dnssec-keygen will not generate a new key if
another key is present which may collide. This checking will
only occur if the new keys are written to the same directory
@@ -1719,8 +1719,8 @@ $ ./Configure solaris64-x86_64-cc \
(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
- After configuring, run - make and + After configuring, run + make and make test.
@@ -1867,9 +1867,9 @@ $./configure --enable-threads \
PKCS#11 Tools
BIND 9 includes a minimal set of tools to operate the
- HSM, including
+ HSM, including
pkcs11-keygen to generate a new key pair
- within the HSM,
+ within the HSM,
pkcs11-list to list objects currently
available,
pkcs11-destroy to remove objects, and
@@ -1906,7 +1906,7 @@ $ export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${L
For example, when operating an AEP Keyper, it is necessary to
specify the location of the "machine" file, which stores
information about the Keyper for use by the provider
- library. If the machine file is in
+ library. If the machine file is in
/opt/Keyper/PKCS11Provider/machine,
use:
@@ -1915,12 +1915,12 @@ $ export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11P
Such environment variables must be set whenever running
- any tool that uses the HSM, including
- pkcs11-keygen,
- pkcs11-list,
- pkcs11-destroy,
- dnssec-keyfromlabel,
- dnssec-signzone,
+ any tool that uses the HSM, including
+ pkcs11-keygen,
+ pkcs11-list,
+ pkcs11-destroy,
+ dnssec-keyfromlabel,
+ dnssec-signzone,
dnssec-keygen, and
named.
@@ -2028,7 +2028,7 @@ example.net.signed
$ dnssec-signzone -E '' -S example.net
- This causes
+ This causes
dnssec-signzone to run as if it were compiled
without the --with-pkcs11 option.
@@ -2046,7 +2046,7 @@ $ dnssec-signzone -E '' -S example.net/opt/pkcs11/usr/ssl/openssl.cnf).
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index ebb98be43b..598e95f92a 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -449,7 +449,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
removes all A RRs for foo.dynamic.example.com using the given key.
-
+
$ sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"
removes all RRs for foo.dynamic.example.com using the given key.
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 8424201b65..0d8c7b2e4a 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -79,7 +79,7 @@
local DDNS key for use with nsupdate -l:
it does this when a zone is configured with
update-policy local;.
- ddns-confgen is only needed when a
+ ddns-confgen is only needed when a
more elaborate configuration is required: for instance,
if nsupdate is to be used from a remote
system.
diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html
index 75afbcbb0c..65090f7abb 100644
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -414,7 +414,7 @@
+[no]all
Set or clear the display options
- +[no]comments,
+ +[no]comments,
+[no]rrcomments, and
+[no]trust as a group.
The IN and CH class names overlap with the IN and CH top level
domain names. Either use the -t and
- -c options to specify the type and class,
+ -c options to specify the type and class,
use the -q the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
@@ -755,7 +755,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the IDN_DISABLE environment variable.
- The IDN support is disabled if the variable is set when
+ The IDN support is disabled if the variable is set when
dig runs.
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 8c65d24128..7375aae20c 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -68,7 +68,7 @@
domain- Check for a DLV record in the specified lookaside domain, + Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone's parent. For example, to check for DLV records for "example.com" in ISC's DLV zone, use: diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index 88210d84b4..0fc1e19f91 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -97,7 +97,7 @@
The length of time to check for DNSSEC coverage. Key events
scheduled further into the future than duration
- will be ignored, and assumed to be correct.
+ will be ignored, and assumed to be correct.
The value of duration can be set in seconds,
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 9f7bd2c174..1dc44a1a44 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -113,7 +113,7 @@
Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS - records and printed. Useful only in zone file mode. + records and printed. Useful only in zone file mode.
domaindiff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index b643041ead..5ddc645dd6 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -300,7 +300,7 @@
If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
@@ -332,7 +332,7 @@ footprint).
-dnssec-keyfromlabel +
dnssec-keyfromlabel
creates two files, with names based
on the printed string. Knnnn.+aaa+iiiii.key
contains the public key, and
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 3f2c2bde3d..03dceb2319 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -346,7 +346,7 @@
If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
@@ -379,7 +379,7 @@ footprint).
-dnssec-keygen +
dnssec-keygen
creates two files, with names based
on the printed string. Knnnn.+aaa+iiiii.key
contains the public key, and
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 94325b45e2..43dab9a74f 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -84,8 +84,8 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time. If no other values are specified,
- then the key's publication and activation dates will also
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
be set to the present time.
directoryIf the key is being set to be an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero.
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index 7c7cd34f49..84cd1b3b9b 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -92,7 +92,7 @@
(-S) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with $INCLUDE. This option
- cannot be combined with -O raw,
+ cannot be combined with -O raw,
-O map, or serial number updating.
engine
Normally, when a previously-signed zone is passed as input
to the signer, and a DNSKEY record has been removed and
- replaced with a new one, signatures from the old key
+ replaced with a new one, signatures from the old key
that are still within their validity period are retained.
This allows the zone to continue to validate with cached
copies of the old DNSKEY RRset. The -Q
@@ -406,7 +406,7 @@
If the key's activation date is set and in the past, the key is published (regardless of publication date) and - used to sign the zone. + used to sign the zone.
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index e9cc7831ec..279e2b3d09 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -188,7 +188,7 @@ value for an integer quantity.
- The -s option tells host
+ The -s option tells host
not to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
@@ -208,7 +208,7 @@
If host has been built with IDN (internationalized - domain name) support, it can accept and display non-ASCII domain names. + domain name) support, it can accept and display non-ASCII domain names. host appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html index e200d3752a..d03fb77b54 100644 --- a/doc/arm/man.lwresd.html +++ b/doc/arm/man.lwresd.html @@ -57,7 +57,7 @@ server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
-lwresd +
lwresd
listens for resolver queries on a
UDP port on the IPv4 loopback interface, 127.0.0.1. This
means that lwresd can only be used by
@@ -141,7 +141,7 @@
trace,
record,
size, and
- mctx.
+ mctx.
These correspond to the ISC_MEM_DEBUGXXXX flags described in
<isc/mem.h>.
modeCheck for records that are treated as different by DNSSEC but - are semantically equal in plain DNS. + are semantically equal in plain DNS. Possible modes are "fail", "warn" (default) and "ignore". diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index f31bdeef9f..356587bf74 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -53,10 +53,10 @@
named-journalprint prints the contents of a zone journal file in a human-readable - form. + form.
- Journal files are automatically created by named + Journal files are automatically created by named when changes are made to dynamic zones (e.g., by nsupdate). They record each addition or deletion of a resource record, in binary format, allowing the diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index 6ebcbfc501..39fe8c477e 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -118,7 +118,7 @@ server
trusted-keys {
- domain_name flags protocol algorithm key; ...
+ domain_name flags protocol algorithm key; ...
};
managed-keys {
- domain_name initial-key flags protocol algorithm key; ...
+ domain_name initial-key flags protocol algorithm key; ...
};
If the -clean is specified,
@@ -395,7 +395,7 @@
Fetch all DNSSEC keys for the given zone - from the key directory (see the + from the key directory (see the key-directory option in the BIND 9 Administrator Reference Manual). If they are within their publication period, merge them into the @@ -425,7 +425,7 @@ operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type - sig-signing-type. + sig-signing-type. rndc signing -list converts these records into a human-readable form, indicating which keys are currently signing @@ -451,7 +451,7 @@ flags, iterations, and salt, in that order.
- Currently, the only defined value for hash algorithm
+ Currently, the only defined value for hash algorithm
is 1, representing SHA-1.
The flags may be set to
0 or 1,