Date: Mon, 25 May 2009 17:08:09 GMT From: Rene Ladan <rene@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 162729 for review Message-ID: <200905251708.n4PH890r093897@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=162729 Change 162729 by rene@rene_self on 2009/05/25 17:07:12 IFC Affected files ... .. //depot/projects/docproj_nl/en_US.ISO8859-1/articles/contributors/contrib.additional.sgml#21 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/articles/contributors/contrib.committers.sgml#21 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml#7 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mirrors/chapter.sgml#16 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml#13 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/books/porters-handbook/book.sgml#29 integrate .. //depot/projects/docproj_nl/en_US.ISO8859-1/share/sgml/authors.ent#19 integrate .. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/advanced-networking/chapter.sgml#34 integrate .. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/cutting-edge/chapter.sgml#25 integrate .. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/kernelconfig/chapter.sgml#11 integrate .. //depot/projects/docproj_nl/nl_NL.ISO8859-1/books/handbook/mirrors/chapter.sgml#25 integrate .. //depot/projects/docproj_nl/nl_NL.ISO8859-1/share/sgml/glossary/freebsd-glossary.sgml#7 integrate .. //depot/projects/docproj_nl/share/pgpkeys/dfr.key#2 integrate .. //depot/projects/docproj_nl/share/pgpkeys/jilles.key#1 branch .. //depot/projects/docproj_nl/share/pgpkeys/pgpkeys-developers.sgml#17 integrate .. //depot/projects/docproj_nl/share/pgpkeys/pgpkeys.ent#17 integrate .. //depot/projects/docproj_nl/share/pgpkeys/stas.key#3 integrate .. //depot/projects/docproj_nl/share/pgpkeys/tota.key#1 branch .. //depot/projects/docproj_nl/share/sgml/mirrors.xml#8 integrate .. //depot/projects/docproj_nl/www/en/developers.sgml#17 integrate .. //depot/projects/docproj_nl/www/en/multimedia/multimedia-input.xml#6 integrate .. //depot/projects/docproj_nl/www/en/projects/ideas/ideas.xml#5 integrate .. //depot/projects/docproj_nl/www/en/releases/7.2R/errata.html#4 integrate .. //depot/projects/docproj_nl/www/share/sgml/events.xml#17 integrate .. //depot/projects/docproj_nl/www/share/sgml/news.xml#41 integrate Differences ... ==== //depot/projects/docproj_nl/en_US.ISO8859-1/articles/contributors/contrib.additional.sgml#21 (text+ko) ==== @@ -1,4 +1,4 @@ -<!-- $FreeBSD: doc/en_US.ISO8859-1/articles/contributors/contrib.additional.sgml,v 1.850 2009/05/05 09:13:27 snb Exp $ --> +<!-- $FreeBSD: doc/en_US.ISO8859-1/articles/contributors/contrib.additional.sgml,v 1.852 2009/05/22 22:06:51 jilles Exp $ --> <!-- NOTE TO COMMITTERS: Contributors lists are sorted in alphabetical order by first name. @@ -4327,11 +4327,6 @@ </listitem> <listitem> - <para>Jilles Tjoelker - <email>jilles@stack.nl</email></para> - </listitem> - - <listitem> <para>Jim Babb <email>babb@FreeBSD.org</email></para> </listitem> @@ -9125,11 +9120,6 @@ </listitem> <listitem> - <para>TAKATSU Tomonari - <email>tota@rtfm.jp</email></para> - </listitem> - - <listitem> <para>TERAMOTO Masahiro <email>markun@onohara.to</email></para> </listitem> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/articles/contributors/contrib.committers.sgml#21 (text+ko) ==== @@ -1,4 +1,4 @@ -<!-- $FreeBSD: doc/en_US.ISO8859-1/articles/contributors/contrib.committers.sgml,v 1.260 2009/05/05 09:13:27 snb Exp $ --> +<!-- $FreeBSD: doc/en_US.ISO8859-1/articles/contributors/contrib.committers.sgml,v 1.262 2009/05/22 22:06:51 jilles Exp $ --> <!-- NOTE TO NEW COMMITTERS: Core and committers lists are sorted in alphabetical order by last name. Please keep in mind that fact while @@ -1403,6 +1403,10 @@ </listitem> <listitem> + <para>&a.tota;</para> + </listitem> + + <listitem> <para>&a.tanimura;</para> </listitem> @@ -1447,6 +1451,10 @@ </listitem> <listitem> + <para>&a.jilles;</para> + </listitem> + + <listitem> <para>&a.ganbold;</para> </listitem> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml#7 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.87 2009/05/13 17:20:58 manolis Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml,v 1.89 2009/05/19 15:43:13 ganbold Exp $ --> <chapter id="firewalls"> @@ -1484,7 +1484,7 @@ logs all packets and can be used to create the legal evidence needed to prosecute the people who are attacking your system.</para> - <para>Another thing that should be taken care of, is to insure there is no + <para>Another thing that should be taken care of, is to ensure there is no response returned for any of the undesirable traffic. Invalid packets should just get dropped and vanish. This way the attacker has no knowledge if his packets have reached your system. The @@ -3151,7 +3151,7 @@ and we want people on the public Internet to be able to access the local web site. The new inbound start request packet matches rule 100 and its IP address is mapped to LAN - IP for the firewall box. The packet is them matched against + IP for the firewall box. The packet is then matched against all the nasty things that need to be checked for and finally matches against rule 425. On a match two things occur. The packet rule is posted to the keep-state dynamic table but this time ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/mirrors/chapter.sgml#16 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/mirrors/chapter.sgml,v 1.463 2009/05/16 07:24:14 hrs Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/mirrors/chapter.sgml,v 1.464 2009/05/24 12:41:40 jkoshy Exp $ --> <appendix id="mirrors"> @@ -184,6 +184,17 @@ <listitem> <address> + <otheraddr>LinuxCenter.Kz</otheraddr> + <city>Ust-Kamenogorsk</city> + <country>Kazakhstan</country> + Phone: <phone>+7-705-501-6001</phone> + Email: <email>info@linuxcenter.kz</email> + WWW: <otheraddr><ulink url="http://linuxcenter.kz/page.php?page=fr"></ulink></otheraddr>; + </address> + </listitem> + + <listitem> + <address> <otheraddr>LinuxCenter.Ru</otheraddr> <street>Galernaya Street, 55</street> <city>Saint-Petersburg</city> ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml#13 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml,v 1.116 2009/02/01 07:07:43 keramida Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml,v 1.118 2009/05/17 09:42:35 hrs Exp $ --> <chapter id="network-servers"> @@ -2532,13 +2532,13 @@ <see>DHCP</see> </indexterm> <indexterm> - <primary>Internet Software Consortium (ISC)</primary> + <primary>Internet Systems Consortium (ISC)</primary> </indexterm> <para>DHCP, the Dynamic Host Configuration Protocol, describes the means by which a system can connect to a network and obtain the necessary information for communication upon that network. FreeBSD - versions prior to 6.0 use the ISC (Internet Software + versions prior to 6.0 use the ISC (Internet Systems Consortium) DHCP client (&man.dhclient.8;) implementation. Later versions use the OpenBSD <command>dhclient</command> taken from OpenBSD 3.7. All @@ -2724,7 +2724,7 @@ <para>This section provides information on how to configure a FreeBSD system to act as a DHCP server using the ISC - (Internet Software Consortium) implementation of the DHCP + (Internet Systems Consortium) implementation of the DHCP server.</para> <para>The server is not provided as part of @@ -2997,8 +2997,8 @@ information.</para> <para>Currently, BIND is maintained by the - Internet Software Consortium - <ulink url="http://www.isc.org/"></ulink>.</para>; + Internet Systems Consortium + <ulink url="https://www.isc.org/"></ulink>.</para>; </sect2> <sect2> @@ -3036,7 +3036,7 @@ </row> <row> - <entry><application>named</application>, BIND, name server</entry> + <entry><application>named</application>, BIND</entry> <entry>Common names for the BIND name server package within &os;.</entry> </row> @@ -3049,8 +3049,7 @@ <row> <entry>Reverse <acronym>DNS</acronym></entry> - <entry>The opposite of forward <acronym>DNS</acronym>; - mapping of <acronym>IP</acronym> addresses to + <entry>Mapping of <acronym>IP</acronym> addresses to hostnames.</entry> </row> @@ -3082,7 +3081,8 @@ <itemizedlist> <listitem> - <para><hostid>.</hostid> is the root zone.</para> + <para><hostid>.</hostid> is how the root zone is usually + referred to in documentation.</para> </listitem> <listitem> @@ -3100,7 +3100,7 @@ <para><hostid>1.168.192.in-addr.arpa</hostid> is a zone referencing all <acronym>IP</acronym> addresses which fall under the <hostid role="ipaddr">192.168.1.*</hostid> - <acronym>IP</acronym> space.</para> + <acronym>IP</acronym> address space.</para> </listitem> </itemizedlist> @@ -3171,7 +3171,7 @@ <sect2> <title>How It Works</title> <para>In &os;, the BIND daemon is called - <application>named</application> for obvious reasons.</para> + <application>named</application>.</para> <informaltable frame="none" pgwide="1"> <tgroup cols="2"> @@ -3218,6 +3218,7 @@ <sect2> <title>Starting BIND</title> + <indexterm> <primary>BIND</primary> <secondary>starting</secondary> @@ -3228,10 +3229,12 @@ <para>The default <application>named</application> configuration is that of a basic resolving name server, running in a - &man.chroot.8; environment. To start the server one time with + &man.chroot.8; environment, and restricted to listening on + the local IPv4 loopback address (127.0.0.1). + To start the server one time with this configuration, use the following command:</para> - <screen>&prompt.root; <userinput>/etc/rc.d/named forcestart</userinput></screen> + <screen>&prompt.root; <userinput>/etc/rc.d/named onestart</userinput></screen> <para>To ensure the <application>named</application> daemon is started at boot each time, put the following line into the @@ -3252,6 +3255,7 @@ <sect2> <title>Configuration Files</title> + <indexterm> <primary>BIND</primary> <secondary>configuration files</secondary> @@ -3260,29 +3264,11 @@ <para>Configuration files for <application>named</application> currently reside in <filename class="directory">/etc/namedb</filename> directory and - will need modification before use, unless all that is needed is + will need modification before use unless all that is needed is a simple resolver. This is where most of the configuration will be performed.</para> <sect3> - <title>Using <command>make-localhost</command></title> - - <para>To configure a master zone for the localhost visit the - <filename class="directory">/etc/namedb</filename> directory - and run the following command:</para> - - <screen>&prompt.root; <userinput>sh make-localhost</userinput></screen> - - <para>If all went well, a new file should exist in the - <filename class="directory">master</filename> subdirectory. - The filenames should be <filename>localhost.rev</filename> for - the local domain name and <filename>localhost-v6.rev</filename> - for <acronym>IPv6</acronym> configurations. As the default - configuration file, required information will - be present in the <filename>named.conf</filename> file.</para> - </sect3> - - <sect3> <title><filename>/etc/namedb/named.conf</filename></title> <programlisting>// $FreeBSD$ @@ -3296,6 +3282,7 @@ // or cause huge amounts of useless Internet traffic. options { + // Relative to the chroot directory, if any directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; @@ -3311,11 +3298,11 @@ // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; -// In addition to the "forwarders" clause, you can force your name -// server to never initiate queries of its own, but always ask its -// forwarders only, by enabling the following line: -// -// forward only; +// These zones are already covered by the empty zones listed below. +// If you remove the related empty zones below, comment these lines out. + disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; + disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; + disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you @@ -3324,7 +3311,20 @@ forwarders { 127.0.0.1; }; -*/</programlisting> +*/ + +// If the 'forwarders' clause is not empty the default is to 'forward first' +// which will fall back to sending a query from your local server if the name +// servers in 'forwarders' do not have the answer. Alternatively you can +// force your name server to never initiate queries of its own by enabling the +// following line: +// forward only; + +// If you wish to have forwarding configured automatically based on +// the entries in /etc/resolv.conf, uncomment the following line and +// set named_auto_forward=yes in /etc/rc.conf. You can also enable +// named_auto_forward_only (the effect of which is described above). +// include "/etc/namedb/auto_forward.conf";</programlisting> <para>Just as the comment says, to benefit from an uplink's cache, <literal>forwarders</literal> can be enabled here. @@ -3344,34 +3344,187 @@ </warning> <programlisting> /* - * If there is a firewall between you and nameservers you want - * to talk to, you might need to uncomment the query-source - * directive below. Previous versions of BIND always asked - * questions using port 53, but BIND versions 8 and later - * use a pseudo-random unprivileged UDP port by default. - */ - // query-source address * port 53; + Modern versions of BIND use a random UDP port for each outgoing + query by default in order to dramatically reduce the possibility + of cache poisoning. All users are strongly encouraged to utilize + this feature, and to configure their firewalls to accommodate it. + + AS A LAST RESORT in order to get around a restrictive firewall + policy you can try enabling the option below. Use of this option + will significantly reduce your ability to withstand cache poisoning + attacks, and should be avoided if at all possible. + + Replace NNNNN in the example with a number between 49160 and 65530. + */ + // query-source address * port NNNNN; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. +// The traditional root hints mechanism. Use this, OR the slave zones below. +zone "." { type hint; file "named.root"; }; + +/* Slaving the following zones from the root name servers has some + significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots + 3. Greater resilience to any potential root server failure/DDoS + + On the other hand, this method requires more monitoring than the + hints file to be sure that an unexpected failure mode has not + incapacitated your server. Name servers that are serving a lot + of clients will benefit more from this approach than individual + hosts. Use with caution. + + To use this mechanism, uncomment the entries below, and comment + the hint zone above. +*/ +/* zone "." { - type hint; - file "named.root"; + type slave; + file "slave/root.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +zone "arpa" { + type slave; + file "slave/arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; +}; +zone "in-addr.arpa" { + type slave; + file "slave/in-addr.arpa.slave"; + masters { + 192.5.5.241; // F.ROOT-SERVERS.NET. + }; + notify no; }; +*/ + +/* Serving the following zones locally will prevent any queries + for these zones leaving your network and going to the root + name servers. This has two significant advantages: + 1. Faster local resolution for your users + 2. No spurious traffic will be sent from your network to the roots +*/ +// RFC 1912 +zone "localhost" { type master; file "master/localhost-forward.db"; }; +zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; }; +zone "255.in-addr.arpa" { type master; file "master/empty.db"; }; + +// RFC 1912-style zone for IPv6 localhost address +zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; }; + +// "This" Network (RFCs 1912 and 3330) +zone "0.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Private Use Networks (RFC 1918) +zone "10.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Link-local/APIPA (RFCs 3330 and 3927) +zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; }; + +// TEST-NET for Documentation (RFC 3330) +zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; }; + +// Router Benchmark Testing (RFC 3330) +zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IANA Reserved - Old Class E Space +zone "240.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "241.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "242.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "243.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "244.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "245.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "246.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "247.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "248.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "249.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "250.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "251.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "252.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "253.in-addr.arpa" { type master; file "master/empty.db"; }; +zone "254.in-addr.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Unassigned Addresses (RFC 4291) +zone "1.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.ip6.arpa" { type master; file "master/empty.db"; }; +zone "c.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "8.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 ULA (RFC 4193) +zone "c.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.f.ip6.arpa" { type master; file "master/empty.db"; }; + +// IPv6 Link Local (RFC 4291) +zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; }; -zone "0.0.127.IN-ADDR.ARPA" { - type master; - file "master/localhost.rev"; -}; +// IPv6 Deprecated Site-Local Addresses (RFC 3879) +zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; }; +zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; }; -// RFC 3152 -zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { - type master; - file "master/localhost-v6.rev"; -}; +// IP6.INT is Deprecated (RFC 4159) +zone "ip6.int" { type master; file "master/empty.db"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! @@ -3379,26 +3532,19 @@ // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible -// primary. +// master name server. // -// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! -// (This is named after the first bytes of the IP address, in reverse -// order, with ".IN-ADDR.ARPA" appended.) +// Do not forget to include the reverse lookup zone! +// This is named after the first bytes of the IP address, in reverse +// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // -// Before starting to set up a primary zone, make sure you fully -// understand how DNS and BIND works. There are sometimes -// non-obvious pitfalls. Setting up a slave zone is simpler. +// Before starting to set up a master zone, make sure you fully +// understand how DNS and BIND work. There are sometimes +// non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. -/* An example master zone -zone "example.net" { - type master; - file "master/example.net"; -}; -*/ - /* An example dynamic zone key "exampleorgkey" { algorithm hmac-md5; @@ -3413,14 +3559,7 @@ }; */ -/* Examples of forward and reverse slave zones -zone "example.com" { - type slave; - file "slave/example.com"; - masters { - 192.168.1.1; - }; -}; +/* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "slave/1.168.192.in-addr.arpa"; @@ -3469,19 +3608,19 @@ <primary>BIND</primary> <secondary>zone files</secondary> </indexterm> - + <para>An example master zone file for <hostid role="domainname">example.org</hostid> (existing within <filename>/etc/namedb/master/example.org</filename>) is as follows:</para> - <programlisting>$TTL 3600 ; 1 hour + <programlisting>$TTL 3600 ; 1 hour default TTL example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire - 86400 ; Minimum TTL + 300 ; Negative Reponse TTL ) ; DNS Servers @@ -3502,31 +3641,24 @@ mail IN A 192.168.1.5 ; Aliases -www IN CNAME @</programlisting> +www IN CNAME example.org.</programlisting> - <para> - Note that every hostname ending in a <quote>.</quote> is an + <para>Note that every hostname ending in a <quote>.</quote> is an exact hostname, whereas everything without a trailing - <quote>.</quote> is referenced to the origin. For example, - <literal>www</literal> is translated into - <literal>www.<replaceable>origin</replaceable></literal>. - In our fictitious zone file, our origin is - <hostid>example.org.</hostid>, so <literal>www</literal> - would translate to <hostid>www.example.org.</hostid> - </para> + <quote>.</quote> is relative to the origin. For example, + <literal>ns1</literal> is translated into + <literal>ns1.<replaceable>example.org.</replaceable></literal></para> + + <para>The format of a zone file follows:</para> - <para> - The format of a zone file follows: - </para> <programlisting>recordname IN recordtype value</programlisting> <indexterm> <primary>DNS</primary> <secondary>records</secondary> </indexterm> - <para> - The most commonly used DNS records: - </para> + + <para>The most commonly used DNS records:</para> <variablelist> <varlistentry> @@ -3567,37 +3699,39 @@ </varlistentry> </variablelist> - <programlisting> -example.org. IN SOA ns1.example.org. admin.example.org. ( + <programlisting>example.org. IN SOA ns1.example.org. admin.example.org. ( 2006051501 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week - 86400 ) ; Minimum TTL of 1 day</programlisting> - + 300 ) ; Negative Reponse TTL</programlisting> - <variablelist> <varlistentry> <term><hostid role="domainname">example.org.</hostid></term> - <listitem><para>the domain name, also the origin for this - zone file.</para></listitem> + <listitem> + <para>the domain name, also the origin for this + zone file.</para> + </listitem> </varlistentry> <varlistentry> <term><hostid role="fqdn">ns1.example.org.</hostid></term> - <listitem><para>the primary/authoritative name server for this - zone.</para></listitem> + <listitem> + <para>the primary/authoritative name server for this + zone.</para> + </listitem> </varlistentry> <varlistentry> <term><literal>admin.example.org.</literal></term> - <listitem><para>the responsible person for this zone, + <listitem> + <para>the responsible person for this zone, email address with <quote>@</quote> - replaced. (<email>admin@example.org</email> becomes + replaced. (<email>admin@example.org</email> becomes <literal>admin.example.org</literal>)</para> </listitem> </varlistentry> @@ -3605,91 +3739,75 @@ <varlistentry> <term><literal>2006051501</literal></term> - <listitem><para>the serial number of the file. This - must be incremented each time the zone file is - modified. Nowadays, many admins prefer a - <literal>yyyymmddrr</literal> format for the serial - number. <literal>2006051501</literal> would mean - last modified 05/15/2006, the latter - <literal>01</literal> being the first time the zone - file has been modified this day. The serial number - is important as it alerts slave name servers for a - zone when it is updated.</para> - </listitem> + <listitem> + <para>the serial number of the file. This + must be incremented each time the zone file is + modified. Nowadays, many admins prefer a + <literal>yyyymmddrr</literal> format for the serial + number. <literal>2006051501</literal> would mean + last modified 05/15/2006, the latter + <literal>01</literal> being the first time the zone + file has been modified this day. The serial number + is important as it alerts slave name servers for a + zone when it is updated.</para> + </listitem> </varlistentry> </variablelist> - <programlisting> - IN NS ns1.example.org.</programlisting> + <programlisting> IN NS ns1.example.org.</programlisting> - <para> - This is an NS entry. Every name server that is going to reply - authoritatively for the zone must have one of these entries. - </para> + <para>This is an NS entry. Every name server that is going to reply + authoritatively for the zone must have one of these entries.</para> - <programlisting> -localhost IN A 127.0.0.1 + <programlisting>localhost IN A 127.0.0.1 ns1 IN A 192.168.1.2 ns2 IN A 192.168.1.3 mx IN A 192.168.1.4 mail IN A 192.168.1.5</programlisting> - <para> - The A record indicates machine names. As seen above, + <para>The A record indicates machine names. As seen above, <hostid role="fqdn">ns1.example.org</hostid> would resolve - to <hostid role="ipaddr">192.168.1.2</hostid>. - </para> + to <hostid role="ipaddr">192.168.1.2</hostid>.</para> - <programlisting> - IN A 192.168.1.1</programlisting> + <programlisting> IN A 192.168.1.1</programlisting> <para>This line assigns IP address <hostid role="ipaddr">192.168.1.1</hostid> to the current origin, in this case <hostid role="domainname">example.org</hostid>.</para> - <programlisting> -www IN CNAME @</programlisting> + <programlisting>www IN CNAME @</programlisting> - <para> - The canonical name record is usually used for giving aliases + <para>The canonical name record is usually used for giving aliases to a machine. In the example, <hostid>www</hostid> is - aliased to the <quote>master</quote> machine which name equals - to domain name <hostid role="domainname">example.org</hostid> + aliased to the <quote>master</quote> machine whose name happens + to be the same as the domain name + <hostid role="domainname">example.org</hostid> (<hostid role="ipaddr">192.168.1.1</hostid>). - CNAMEs can be used to provide alias - hostnames, or round robin one hostname among multiple - machines. - </para> + CNAMEs can never be used together with another kind of record + for the same hostname.</para> <indexterm> <primary>MX record</primary> </indexterm> - <programlisting> - IN MX 10 mail.example.org.</programlisting> + <programlisting> IN MX 10 mail.example.org.</programlisting> - <para> - The MX record indicates which mail + <para>The MX record indicates which mail servers are responsible for handling incoming mail for the zone. <hostid role="fqdn">mail.example.org</hostid> is the hostname of the mail server, and 10 being the priority of - that mail server. - </para> + that mail server.</para> - <para> - One can have several mail servers, with priorities of 10, + <para>One can have several mail servers, with priorities of 10, 20 and so on. A mail server attempting to deliver to <hostid - role="domainname">example.org</hostid> would first try the + role="domainname">example.org</hostid> would first try the highest priority MX (the record with the lowest priority number), then the second highest, etc, until the mail can be - properly delivered. - </para> + properly delivered.</para> - <para> - For in-addr.arpa zone files (reverse DNS), the same format is + <para>For in-addr.arpa zone files (reverse DNS), the same format is used, except with PTR entries instead of - A or CNAME. - </para> + A or CNAME.</para> <programlisting>$TTL 3600 @@ -3698,7 +3816,7 @@ 10800 ; Refresh 3600 ; Retry 604800 ; Expire - 3600 ) ; Minimum + 300 ) ; Negative Reponse TTL IN NS ns1.example.org. IN NS ns2.example.org. @@ -3711,6 +3829,10 @@ <para>This file gives the proper IP address to hostname mappings of our above fictitious domain.</para> + + <para>It is worth noting that all names on the right side + of a PTR record need to be fully qualified (i.e., end in + a <quote>.</quote>).</para> </sect3> </sect2> @@ -3721,11 +3843,9 @@ <secondary>caching name server</secondary> </indexterm> - <para>A caching name server is a name server that is not - authoritative for any zones. It simply asks queries of its - own, and remembers them for later use. To set one up, just - configure the name server as usual, omitting any inclusions of - zones.</para> + <para>A caching name server is a name server whose primary role + is to resolve recursive queries. It simply asks queries of its + own, and remembers the answers for later use.</para> </sect2> <sect2> @@ -3763,36 +3883,30 @@ <itemizedlist> <listitem> <para><ulink - url="http://www.isc.org/products/BIND/">Official ISC BIND + url="https://www.isc.org/software/bind">Official ISC BIND Page</ulink></para> </listitem> <listitem> <para><ulink - url="http://www.isc.org/sw/guild/bf/">Official ISC BIND + url="https://www.isc.org/software/guild">Official ISC BIND Forum</ulink></para> </listitem> <listitem> - <para><ulink - url="http://www.isc.org/index.pl?/sw/bind/FAQ.php">; - BIND9 FAQ</ulink></para> - </listitem> - - <listitem> <para><ulink url="http://www.oreilly.com/catalog/dns5/">O'Reilly DNS and BIND 5th Edition</ulink></para> </listitem> <listitem> <para><ulink - url="ftp://ftp.isi.edu/in-notes/rfc1034.txt">RFC1034 + url="http://www.rfc-editor.org/rfc/rfc1034.txt">RFC1034 - Domain Names - Concepts and Facilities</ulink></para> </listitem> <listitem> <para><ulink - url="ftp://ftp.isi.edu/in-notes/rfc1035.txt">RFC1035 + url="http://www.rfc-editor.org/rfc/rfc1035.txt">RFC1035 - Domain Names - Implementation and Specification</ulink></para> </listitem> </itemizedlist> @@ -3863,7 +3977,7 @@ <listitem> <para>This specifies the default directory hierarchy for the <application>Apache</application> installation. Binaries are stored in the - <filename class="directory">bin</filename> and + <filename class="directory">bin</filename> and <filename class="directory">sbin</filename> subdirectories of the server root, and configuration files are stored in <filename class="directory">etc/apache</filename>.</para> @@ -4153,7 +4267,7 @@ from the ports system.</para> <screen>&prompt.root; <userinput>cd /usr/ports/www/rubygem-rails; make all install clean</userinput></screen> - </sect3> + </sect3> <sect3> <title>mod_perl</title> @@ -5087,7 +5201,7 @@ <para>Similar to log servers, clients must also meet a few minimum requirements:</para> - + <itemizedlist> <listitem> <para>&man.syslogd.8; must be configured to send messages of ==== //depot/projects/docproj_nl/en_US.ISO8859-1/books/porters-handbook/book.sgml#29 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/porters-handbook/book.sgml,v 1.1006 2009/05/15 18:52:43 jhb Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/porters-handbook/book.sgml,v 1.1009 2009/05/24 08:51:41 bz Exp $ --> <!DOCTYPE BOOK PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [ @@ -3872,20 +3872,23 @@ are allowed.</para> <para><makevar>OPTIONS</makevar> definition must appear before - the inclusion of <filename>bsd.port.pre.mk</filename>. + the inclusion of <filename>bsd.port.options.mk</filename>. The <makevar>WITH_*</makevar> and <makevar>WITHOUT_*</makevar> variables can only be tested after the inclusion of - <filename>bsd.port.pre.mk</filename>.</para> - </sect3> + <filename>bsd.port.options.mk</filename>. Inclusion of + <filename>bsd.port.pre.mk</filename> can be used instead, too, + and is still widely used in ports written before the introduction + of <filename>bsd.port.options.mk</filename>. But be aware that + some variables will not work as expected after the inclusion of + <filename>bsd.port.pre.mk</filename>, typically + <makevar>USE_*</makevar> flags.</para> - <sect3> - <title>Example</title> <example id="ports-options-simple-use"> <title>Simple use of <makevar>OPTIONS</makevar></title> <para><programlisting>OPTIONS= FOO "Enable option foo" On \ BAR "Support feature bar" Off -.include <bsd.port.pre.mk> +.include <bsd.port.options.mk> >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905251708.n4PH890r093897>