From owner-svn-doc-head@FreeBSD.ORG Thu Aug 29 03:56:18 2013 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 59B2FF6A; Thu, 29 Aug 2013 03:56:18 +0000 (UTC) (envelope-from wblock@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 459EA2F58; Thu, 29 Aug 2013 03:56:18 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r7T3uIn9016978; Thu, 29 Aug 2013 03:56:18 GMT (envelope-from wblock@svn.freebsd.org) Received: (from wblock@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r7T3uIDK016977; Thu, 29 Aug 2013 03:56:18 GMT (envelope-from wblock@svn.freebsd.org) Message-Id: <201308290356.r7T3uIDK016977@svn.freebsd.org> From: Warren Block Date: Thu, 29 Aug 2013 03:56:18 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42603 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Aug 2013 03:56:18 -0000 Author: wblock Date: Thu Aug 29 03:56:17 2013 New Revision: 42603 URL: http://svnweb.freebsd.org/changeset/doc/42603 Log: Whitespace-only fixes. Translators, please ignore. Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Aug 29 01:46:14 2013 (r42602) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Thu Aug 29 03:56:17 2013 (r42603) @@ -22,12 +22,11 @@ Synopsis - This chapter covers some of the more frequently used - network services on &unix; systems. This includes - installing, configuring, testing, and maintaining - many different types of network services. Example - configuration files are included throughout this - chapter for reference. + This chapter covers some of the more frequently used network + services on &unix; systems. This includes installing, + configuring, testing, and maintaining many different types of + network services. Example configuration files are included + throughout this chapter for reference. By the end of this chapter, readers will know: @@ -134,16 +133,15 @@ The &man.inetd.8; daemon is sometimes referred to as the Internet Super-Server because it manages - connections for many services. When a connection is - received by inetd, it determines - which program the connection is destined for, spawns the - particular process and delegates the socket to it (the program - is invoked with the service socket as its standard input, - output and error descriptors). Running - inetd for servers that are not - heavily used can reduce the overall system load, when compared - to running each daemon individually in stand-alone - mode. + connections for many services. When a connection is received + by inetd, it determines which + program the connection is destined for, spawns the particular + process and delegates the socket to it (the program is invoked + with the service socket as its standard input, output and + error descriptors). Running inetd + for servers that are not heavily used can reduce the overall + system load, when compared to running each daemon individually + in stand-alone mode. Primarily, inetd is used to spawn other daemons, but several trivial protocols are handled @@ -413,8 +411,7 @@ server-program-argumentsnowait is mandatory. , and - are - optional. + are optional. A stream-type multi-threaded daemon without any , @@ -560,8 +557,8 @@ server-program-arguments&os; supports the Network File System (NFS), which allows a server to share directories and files with clients over a network. With - NFS, users and programs can access files - on remote systems as if they were stored locally. + NFS, users and programs can access files on + remote systems as if they were stored locally. The most notable benefits that NFS provides are: @@ -690,15 +687,14 @@ mountd_flags="-r" nfs_client_enable="YES" - /etc/exports specifies which - file systems the NFS server will - export. Each line in - /etc/exports specifies a file system to - be exported and which clients have access to that file system, - as well as any access options. There are many - such options that can be used in this file, but only a few will - be mentioned here. See &man.exports.5; for the full list of - options. + /etc/exports specifies which file + systems the NFS server will export. Each + line in /etc/exports specifies a file + system to be exported and which clients have access to that + file system, as well as any access options. There are many + such options that can be used in this file, but only a few + will be mentioned here. See &man.exports.5; for the full list + of options. NFS @@ -736,14 +732,14 @@ mountd_flags="-r" This next line exports /a so that two clients - from different domains may access the file system. - The flag allows the + from different domains may access the file system. The + flag allows the root user on the remote system to write data on the exported file system as root. If the -maproot=root flag is not specified, - the client's root user will be mapped - to the server's nobody account and will - be subject to the access limitations defined for user, + the client's root user will be mapped to + the server's nobody account and will be + subject to the access limitations defined for user, nobody. /a -maproot=root host.example.com box.example.org @@ -765,9 +761,9 @@ mountd_flags="-r" /usr/ports client The /usr file - system has two lines - specifying exports to the same host, client. - The correct format for this situation is: + system has two lines specifying exports to the same host, + client. The correct format for this + situation is: /usr/src /usr/ports client @@ -802,9 +798,8 @@ mountd_flags="-r" more information about using rc scripts. On a new server being configured with - NFS services, the server can be - started by running this command as - root: + NFS services, the server can be started by + running this command as root: &prompt.root; service nfsd start @@ -816,9 +811,9 @@ mountd_flags="-r" file system. In these examples, the server's name is server and the client's name is client. For testing or to temporarily mount - a remote file system, execute - mount as - root on client: + a remote file system, execute mount + as root on + client: NFS @@ -826,14 +821,11 @@ mountd_flags="-r" &prompt.root; mount server:/home /mnt - This mounts the - server: - /home - file system to the - client: - /mnt mount - point. The files and directories in the - server + This mounts the server: + /home file system to + the client: + /mnt mount point. The + files and directories in the server /home file system will now be available on client, in the /mnt directory. @@ -864,17 +856,17 @@ rpc_statd_enable="YES" NFS client and server are already configured. - Start the application, as - root, with: + Start the application, as root, + with: &prompt.root; service lockd start &prompt.root; service statd start If locking is not required on the server, the - NFS client can be configured to - lock locally by passing to - &man.mount.nfs.8;. Refer to the &man.mount.nfs.8; - manual page for further details. + NFS client can be configured to lock + locally by passing to &man.mount.nfs.8;. + Refer to the &man.mount.nfs.8; manual page for further + details. @@ -889,10 +881,10 @@ rpc_statd_enable="YES" - Share a CD-ROM or other media - with any number of clients. It is often more - convenient to install software on multiple - machines from a single location. + Share a CD-ROM or other media with + any number of clients. It is often more convenient to + install software on multiple machines from a single + location. @@ -904,8 +896,8 @@ rpc_statd_enable="YES" - Several clients may need access to the - /usr/ports/distfiles + Several clients may need access to the /usr/ports/distfiles directory. Sharing that directory allows for quick access to the source files without having to download them to each client. @@ -949,19 +941,19 @@ rpc_statd_enable="YES" amd operates by attaching itself as an NFS server to the - /host - and /net directories. When a file is - accessed within one of these directories, + /host and + /net directories. When + a file is accessed within one of these directories, amd looks up the corresponding remote mount and automatically mounts it. - /net is used to mount an exported file - system from an IP address, while - /host is - used to mount an export from a remote hostname. + /net is used to mount + an exported file system from an IP address, while + /host is used to mount + an export from a remote hostname. For instance, an attempt to access a file within - /host/foobar/usr would tell - amd to mount the + /host/foobar/usr would + tell amd to mount the /usr export on the host foobar. @@ -981,13 +973,13 @@ Exports list on foobar: &prompt.user; cd /host/foobar/usr - The output from showmount - shows /usr as an - export. When changing directories to + The output from showmount shows + /usr as an export. + When changing directories to /host/foobar/usr, amd intercepts the request and - attempts to resolve the hostname foobar. - If successful, amd automatically + attempts to resolve the hostname foobar. If + successful, amd automatically mounts the desired export. amd is enabled by placing @@ -1005,11 +997,10 @@ Exports list on foobar: amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" - /etc/amd.map defines the - default options with which exports are mounted. - /etc/amd.conf defines some of the - more advanced features of - amd. + /etc/amd.map defines the default + options with which exports are mounted. + /etc/amd.conf defines some of the more + advanced features of amd. Consult the &man.amd.8; and &man.amd.conf.5; manual pages for more information. @@ -1139,7 +1130,6 @@ Exports list on foobar: ypbind - Binds an NIS client to its NIS server. It will take the NIS domainname from the system, and using RPC, connect to @@ -1449,10 +1439,10 @@ Exports list on foobar: Depending on the NIS setup, additional entries may - be required. See the section about - NIS servers that are also NIS clients, below, for - details. + be required. See the + section + about NIS servers that are also NIS clients, + below, for details. After setting up the above entries, run the command @@ -1481,8 +1471,8 @@ Exports list on foobar: good reason, never propagate passwords for root and other administrative accounts to all the servers in the NIS domain. Therefore, - before the NIS maps are initialized, configure the - primary password files: + before the NIS maps are initialized, configure the primary + password files: &prompt.root; cp /etc/master.passwd /var/yp/master.passwd &prompt.root; cd /var/yp @@ -1541,12 +1531,11 @@ ellington has been setup as an YP master At this point, ypinit should have created /var/yp/Makefile from - /var/yp/Makefile.dist. - When created, this file assumes that the operating - environment is a single server NIS system with only &os; - machines. Since test-domain has - a slave server as well, edit - /var/yp/Makefile as well: + /var/yp/Makefile.dist. When created, + this file assumes that the operating environment is a + single server NIS system with only &os; machines. Since + test-domain has a slave server as well, + edit /var/yp/Makefile as well: ellington&prompt.root; vi /var/yp/Makefile @@ -2440,9 +2429,8 @@ nis_client_flags="-S NIS do Blowfish and MD5 encrypted passwords, respectively). If any changes were made to - /etc/login.conf, the - login capability database must be rebuilt by - running the following command as + /etc/login.conf, the login capability + database must be rebuilt by running the following command as root: &prompt.root; cap_mkdb /etc/login.conf @@ -2603,12 +2591,12 @@ result: 0 Success during the certificate creation process below. The following commands must be executed in the - - /usr/local/etc/openldap/private directory. This - is important as the file permissions will need to be - restrictive and users should not have access to these files - directly. To create the certificates, issues the following - commands. + /usr/local/etc/openldap/private + directory. This is important as the file permissions will + need to be restrictive and users should not have access to + these files directly. To create the certificates, issues the + following commands. &prompt.root; openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt @@ -2915,237 +2903,236 @@ result: 0 Success DHCP is supported by sysinstall. When configuring a - network interface within - sysinstall, the second question - asked is: Do you want to try DHCP configuration of - the interface?. Answering affirmatively will - execute dhclient, and if successful, will - fill in the network configuration information - automatically. + network interface within + sysinstall, the second question + asked is: Do you want to try DHCP configuration of the + interface?. Answering affirmatively will execute + dhclient, and if successful, will fill in + the network configuration information automatically. - There are two things required to have the system use - DHCP upon startup: - - DHCP - requirements - - - - Make sure that the bpf - device is compiled into the kernel. To do this, add - device bpf to the kernel - configuration file, and rebuild the kernel. For more - information about building kernels, see - . - - The bpf device is already - part of the GENERIC kernel that is - supplied with &os;, thus there is no need to build a - custom kernel for DHCP. In the case - of a custom kernel configuration file, this device must - be present for DHCP to function - properly. + There are two things required to have the system use + DHCP upon startup: + + DHCP + requirements + + + + Make sure that the bpf device + is compiled into the kernel. To do this, add + device bpf to the kernel configuration + file, and rebuild the kernel. For more information about + building kernels, see + . - - For those who are particularly security conscious, - take note that bpf - is also the device that allows packet sniffers to work - correctly (although they still have to be run as - root). - bpf is - required to use DHCP; however, the security sensitive - types should probably not add - bpf to the - kernel in the expectation that at some point in the - future the system will be using DHCP. - - + The bpf device is already + part of the GENERIC kernel that is + supplied with &os;, thus there is no need to build a + custom kernel for DHCP. In the case of + a custom kernel configuration file, this device must be + present for DHCP to function + properly. - - By default, DHCP configuration on &os; runs in the - background, or asynchronously. - Other startup scripts continue to run while DHCP - completes, speeding up system startup. - - Background DHCP works well when the DHCP server - responds quickly to requests and the DHCP configuration - process goes quickly. However, DHCP may take a long - time to complete on some systems. If network services - attempt to run before DHCP has completed, they will - fail. Using DHCP in synchronous - mode prevents the problem, pausing startup until DHCP - configuration has completed. - - To connect to a DHCP server in the background while - other startup continues (asynchronous mode), use the - DHCP value in - /etc/rc.conf: - - ifconfig_fxp0="DHCP" - - To pause startup while DHCP completes, use - synchronous mode with the - SYNCDHCP value: + + For those who are particularly security conscious, + take note that bpf is also the + device that allows packet sniffers to work correctly + (although they still have to be run as + root). + bpf is + required to use DHCP; however, the security sensitive + types should probably not add + bpf to the kernel in the + expectation that at some point in the future the system + will be using DHCP. + + - ifconfig_fxp0="SYNCDHCP" + + By default, DHCP configuration on &os; runs in the + background, or asynchronously. + Other startup scripts continue to run while DHCP + completes, speeding up system startup. + + Background DHCP works well when the DHCP server + responds quickly to requests and the DHCP configuration + process goes quickly. However, DHCP may take a long time + to complete on some systems. If network services attempt + to run before DHCP has completed, they will fail. Using + DHCP in synchronous mode prevents + the problem, pausing startup until DHCP configuration has + completed. + + To connect to a DHCP server in the background while + other startup continues (asynchronous mode), use the + DHCP value in + /etc/rc.conf: - - Replace the fxp0 shown - in these examples with the name of the interface to be - dynamically configured, as described in - . - + ifconfig_fxp0="DHCP" + + To pause startup while DHCP completes, use + synchronous mode with the + SYNCDHCP value: - When using a different file system location for - dhclient, or if - additional flags must be passed to - dhclient, - include (editing as necessary): + ifconfig_fxp0="SYNCDHCP" - dhclient_program="/sbin/dhclient" + + Replace the fxp0 shown + in these examples with the name of the interface to be + dynamically configured, as described in + . + + + When using a different file system location for + dhclient, or if additional flags must + be passed to dhclient, include (editing + as necessary): + + dhclient_program="/sbin/dhclient" dhclient_flags="" - - + + - - DHCP - server - - The DHCP server, dhcpd, is - included as part of the - net/isc-dhcp42-server - port in the ports collection. This port contains the ISC - DHCP server and documentation. - + + DHCP + server + + The DHCP server, dhcpd, is + included as part of the + net/isc-dhcp42-server port + in the ports collection. This port contains the ISC DHCP + server and documentation. + - - Files + + Files - - DHCP - configuration files - - - - /etc/dhclient.conf - dhclient requires a configuration - file, /etc/dhclient.conf. - Typically the file contains only comments, the defaults - being reasonably sane. This configuration file is - described by the &man.dhclient.conf.5; manual - page. - + + DHCP + configuration files + + + + /etc/dhclient.conf - - /sbin/dhclient - dhclient is statically linked and - resides in /sbin. The - &man.dhclient.8; manual page gives more information - about dhclient. - + dhclient requires a configuration + file, /etc/dhclient.conf. Typically + the file contains only comments, the defaults being + reasonably sane. This configuration file is described by + the &man.dhclient.conf.5; manual page. + - - /sbin/dhclient-script - dhclient-script is the - FreeBSD-specific DHCP client configuration script. It - is described in &man.dhclient-script.8;, but should not - need any user modification to function properly. - + + /sbin/dhclient - - /var/db/dhclient.leases.interface - The DHCP client keeps a database of valid leases - in this file, which is written as a log. - &man.dhclient.leases.5; gives a slightly longer - description. - - - + dhclient is statically linked and + resides in /sbin. The + &man.dhclient.8; manual page gives more information about + dhclient. + - - Further Reading + + /sbin/dhclient-script - The DHCP protocol is fully described in RFC - 2131. An informational resource has also been set - up at . - - - - Installing and Configuring a DHCP Server - - - What This Section Covers - - This section provides information on how to configure - a FreeBSD system to act as a DHCP server using the ISC - (Internet Systems Consortium) implementation of the DHCP - server. + dhclient-script is the + FreeBSD-specific DHCP client configuration script. It + is described in &man.dhclient-script.8;, but should not + need any user modification to function properly. + - The server is not provided as part of &os;, and so the - net/isc-dhcp42-server - port must be installed to provide this service. See - for more information on using the - Ports Collection. - + + /var/db/dhclient.leases.interface - - DHCP Server Installation + The DHCP client keeps a database of valid leases in + this file, which is written as a log. + &man.dhclient.leases.5; gives a slightly longer + description. + + + - - DHCP - installation - - In order to configure the &os; system as a DHCP - server, first ensure that the &man.bpf.4; device is - compiled into the kernel. To do this, add - device bpf to the kernel configuration - file, and rebuild the kernel. For more information about - building kernels, see - . + + Further Reading - The bpf device is already - part of the GENERIC kernel that is - supplied with &os;, so there is no need to create a - custom kernel in order to get DHCP - working. + The DHCP protocol is fully described in + RFC + 2131. An informational resource has also been set + up at . + - - Those who are particularly security conscious - should note that bpf is also - the device that allows packet sniffers to function - correctly (although such programs still need - privileged access). The bpf - device is required to use DHCP, but - if the sensitivity of the system's security is high, - this device should not be included in the kernel purely - because the use of DHCP may, at some - point in the future, be desired. - + + Installing and Configuring a DHCP Server - The next thing that is needed is to edit the - sample dhcpd.conf which was installed - by the net/isc-dhcp42-server port. - By default, this will be - /usr/local/etc/dhcpd.conf.sample, and - you should copy this to - /usr/local/etc/dhcpd.conf before - proceeding to make changes. - + + What This Section Covers - - Configuring the DHCP Server + This section provides information on how to configure a + FreeBSD system to act as a DHCP server using the ISC + (Internet Systems Consortium) implementation of the DHCP + server. - - DHCP - dhcpd.conf - - dhcpd.conf is comprised of - declarations regarding subnets and hosts, and is perhaps - most easily explained using an example : + The server is not provided as part of &os;, and so the + net/isc-dhcp42-server + port must be installed to provide this service. See + for more information on using the + Ports Collection. + + + + DHCP Server Installation + + + DHCP + installation + + + In order to configure the &os; system as a DHCP server, + first ensure that the &man.bpf.4; device is compiled into + the kernel. To do this, add device bpf + to the kernel configuration file, and rebuild the kernel. + For more information about building kernels, see + . + + The bpf device is already part + of the GENERIC kernel that is supplied + with &os;, so there is no need to create a custom kernel in + order to get DHCP working. + + + Those who are particularly security conscious should + note that bpf is also the device + that allows packet sniffers to function correctly + (although such programs still need privileged access). + The bpf device + is required to use DHCP, but if the + sensitivity of the system's security is high, this device + should not be included in the kernel purely because the + use of DHCP may, at some point in the + future, be desired. + - option domain-name "example.com"; + The next thing that is needed is to edit the sample + dhcpd.conf which was installed by the + net/isc-dhcp42-server + port. By default, this will be + /usr/local/etc/dhcpd.conf.sample, and + you should copy this to + /usr/local/etc/dhcpd.conf before + proceeding to make changes. + + + + Configuring the DHCP Server + + + DHCP + dhcpd.conf + + dhcpd.conf is comprised of + declarations regarding subnets and hosts, and is perhaps + most easily explained using an example : + + option domain-name "example.com"; option domain-name-servers 192.168.4.100; option subnet-mask 255.255.255.0; @@ -3248,13 +3235,12 @@ dhcpd_ifaces="dc0" &prompt.root; service isc-dhcpd start - Any future changes to the configuration - of the server will require the sending of a - SIGTERM signal to - dhcpd rather than a - SIGHUP. It is definitely more - simple to use &man.service.8; to completely restart - the service. + Any future changes to the configuration of the server + will require the sending of a SIGTERM + signal to dhcpd rather than a + SIGHUP. It is definitely more simple to + use &man.service.8; to completely restart the + service. @@ -3267,30 +3253,33 @@ dhcpd_ifaces="dc0" /usr/local/sbin/dhcpd + dhcpd is statically linked and resides in - /usr/local/sbin. The - &man.dhcpd.8; manual page installed with the port - gives more information about + /usr/local/sbin. The &man.dhcpd.8; + manual page installed with the port gives more + information about dhcpd. /usr/local/etc/dhcpd.conf + dhcpd requires a configuration file, - /usr/local/etc/dhcpd.conf before - it will start providing service to clients. This file + /usr/local/etc/dhcpd.conf before it + will start providing service to clients. This file needs to contain all the information that should be - provided to clients that are being serviced, along - with information regarding the operation of the - server. This configuration file is described - by the &man.dhcpd.conf.5; manual page installed - by the port. + provided to clients that are being serviced, along with + information regarding the operation of the server. This + configuration file is described by the + &man.dhcpd.conf.5; manual page installed by the + port. /var/db/dhcpd.leases + The DHCP server keeps a database of leases it has issued in this file, which is written as a log. The manual page &man.dhcpd.leases.5;, installed by the @@ -3299,14 +3288,15 @@ dhcpd_ifaces="dc0" /usr/local/sbin/dhcrelay + dhcrelay is used in advanced environments where one DHCP server forwards a request from a client to another DHCP server on a separate network. If this functionality is required, - then install the net/isc-dhcp42-relay port. - The &man.dhcrelay.8; manual page provided with the - port contains more detail. + then install the + net/isc-dhcp42-relay + port. The &man.dhcrelay.8; manual page provided with + the port contains more detail. @@ -3345,11 +3335,11 @@ dhcpd_ifaces="dc0" of the DNS protocol. DNS is the protocol through which names are mapped to IP addresses, and vice versa. - For example, a query for www.FreeBSD.org will receive a reply - with the IP address of The &os; Project's - web server, whereas, a query for ftp.FreeBSD.org will return the + For example, a query for + www.FreeBSD.org will receive a + reply with the IP address of The &os; + Project's web server, whereas, a query for + ftp.FreeBSD.org will return the IP address of the corresponding FTP machine. Likewise, the opposite can happen. A query for an IP address can @@ -3479,12 +3469,11 @@ dhcpd_ifaces="dc0" As one can see, the more specific part of a hostname - appears to its left. For example, example.org. is more specific - than org., as org. is more - specific than the root zone. The layout of each part of a - hostname is - much like a file system: the + appears to its left. For example, + example.org. is more + specific than org., as org. + is more specific than the root zone. The layout of each part + of a hostname is much like a file system: the /dev directory falls within the root, and so on. @@ -3493,8 +3482,8 @@ dhcpd_ifaces="dc0" Reasons to Run a Name Server Name servers generally come in two forms: authoritative - name servers, and caching (also known as resolving) - name servers. + name servers, and caching (also known as resolving) name + servers. An authoritative name server is needed when: @@ -3505,10 +3494,10 @@ dhcpd_ifaces="dc0" - A domain, such as example.org, is registered - and IP addresses need to be assigned - to hostnames under it. + A domain, such as + example.org, is + registered and IP addresses need to be + assigned to hostnames under it. @@ -4109,7 +4098,7 @@ www IN CNAME example. example.org. + role="domainname">example.org. the domain name, also the origin for this @@ -4141,16 +4130,16 @@ www IN CNAME example. 2006051501 - the serial number of the file. This - must be incremented each time the zone file is - modified. Nowadays, many admins prefer a + the serial number of the file. This must be + incremented each time the zone file is modified. + Nowadays, many admins prefer a yyyymmddrr format for the serial - number. 2006051501 would mean - last modified 05/15/2006, the latter - 01 being the first time the zone - file has been modified this day. The serial number - is important as it alerts slave name servers for a - zone when it is updated. + number. 2006051501 would mean last + modified 05/15/2006, the latter 01 + being the first time the zone file has been modified + this day. The serial number is important as it alerts + slave name servers for a zone when it is + updated. @@ -4263,12 +4252,12 @@ mail IN A 192.168. Domain Name System Security Extensions, or DNSSEC - for short, is a suite of specifications to protect resolving - name servers from forged DNS data, such - as spoofed DNS records. By using digital - signatures, a resolver can verify the integrity of the - record. Note that DNSSEC for *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***