From owner-svn-src-all@FreeBSD.ORG Mon Mar 29 20:15:32 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD9DB1065672; Mon, 29 Mar 2010 20:15:32 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B95538FC20; Mon, 29 Mar 2010 20:15:32 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o2TKFWOW060053; Mon, 29 Mar 2010 20:15:32 GMT (envelope-from dougb@svn.freebsd.org) Received: (from dougb@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o2TKFWjB060042; Mon, 29 Mar 2010 20:15:32 GMT (envelope-from dougb@svn.freebsd.org) Message-Id: <201003292015.o2TKFWjB060042@svn.freebsd.org> From: Doug Barton Date: Mon, 29 Mar 2010 20:15:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r205856 - in vendor/bind9/dist-9.4: . bin/named doc/arm doc/draft lib/dns lib/dns/include/dns X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Mar 2010 20:15:32 -0000 Author: dougb Date: Mon Mar 29 20:15:32 2010 New Revision: 205856 URL: http://svn.freebsd.org/changeset/base/205856 Log: Vendor import of BIND 9.4-ESV-R1 Added: vendor/bind9/dist-9.4/doc/draft/draft-ietf-6man-text-addr-representation-07.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-ietf-behave-dns64-06.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-axfr-clarify-13.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-dnssec-gost-06.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc3597-bis-02.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsop-dnssec-trust-history-01.txt (contents, props changed) vendor/bind9/dist-9.4/doc/draft/draft-kerr-ixfr-only-01.txt (contents, props changed) Deleted: vendor/bind9/dist-9.4/doc/draft/draft-ietf-6man-text-addr-representation-01.txt vendor/bind9/dist-9.4/doc/draft/draft-ietf-behave-dns64-01.txt vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-axfr-clarify-12.txt vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-dnssec-gost-05.txt vendor/bind9/dist-9.4/doc/draft/draft-ietf-dnsext-rfc3597-bis-00.txt Modified: vendor/bind9/dist-9.4/CHANGES vendor/bind9/dist-9.4/bin/named/server.c vendor/bind9/dist-9.4/doc/arm/Bv9ARM-book.xml vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch01.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch02.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch03.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch04.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch05.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch06.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch07.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch08.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch09.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch10.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.html vendor/bind9/dist-9.4/doc/arm/Bv9ARM.pdf vendor/bind9/dist-9.4/doc/arm/man.dig.html vendor/bind9/dist-9.4/doc/arm/man.dnssec-keygen.html vendor/bind9/dist-9.4/doc/arm/man.dnssec-signzone.html vendor/bind9/dist-9.4/doc/arm/man.host.html vendor/bind9/dist-9.4/doc/arm/man.named-checkconf.html vendor/bind9/dist-9.4/doc/arm/man.named-checkzone.html vendor/bind9/dist-9.4/doc/arm/man.named.html vendor/bind9/dist-9.4/doc/arm/man.rndc-confgen.html vendor/bind9/dist-9.4/doc/arm/man.rndc.conf.html vendor/bind9/dist-9.4/doc/arm/man.rndc.html vendor/bind9/dist-9.4/lib/dns/include/dns/rdataset.h vendor/bind9/dist-9.4/lib/dns/include/dns/resolver.h vendor/bind9/dist-9.4/lib/dns/include/dns/result.h vendor/bind9/dist-9.4/lib/dns/include/dns/validator.h vendor/bind9/dist-9.4/lib/dns/ncache.c vendor/bind9/dist-9.4/lib/dns/rbtdb.c vendor/bind9/dist-9.4/lib/dns/rdatalist.c vendor/bind9/dist-9.4/lib/dns/rdataset.c vendor/bind9/dist-9.4/lib/dns/rdataslab.c vendor/bind9/dist-9.4/lib/dns/resolver.c vendor/bind9/dist-9.4/lib/dns/result.c vendor/bind9/dist-9.4/lib/dns/sdb.c vendor/bind9/dist-9.4/lib/dns/sdlz.c vendor/bind9/dist-9.4/lib/dns/validator.c vendor/bind9/dist-9.4/lib/dns/view.c vendor/bind9/dist-9.4/version Modified: vendor/bind9/dist-9.4/CHANGES ============================================================================== --- vendor/bind9/dist-9.4/CHANGES Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/CHANGES Mon Mar 29 20:15:32 2010 (r205856) @@ -1,3 +1,7 @@ + --- 9.4-ESV-R1 released --- + +2852. [bug] Handle broken DNSSEC trust chains better. [RT #15619] + --- 9.4-ESV released --- 2831. [security] Do not attempt to validate or cache Modified: vendor/bind9/dist-9.4/bin/named/server.c ============================================================================== --- vendor/bind9/dist-9.4/bin/named/server.c Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/bin/named/server.c Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.419.18.75 2009/07/11 04:30:49 marka Exp $ */ +/* $Id: server.c,v 1.419.18.77 2010/02/26 23:46:32 tbox Exp $ */ /*! \file */ @@ -4563,6 +4563,8 @@ dumpdone(void *arg, isc_result_t result) } if (dctx->cache != NULL) { dns_adb_dump(dctx->view->view->adb, dctx->fp); + dns_resolver_printbadcache(dctx->view->view->resolver, + dctx->fp); dns_db_detach(&dctx->cache); } if (dctx->dumpzones) { Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM-book.xml ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM-book.xml Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM-book.xml Mon Mar 29 20:15:32 2010 (r205856) @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []> - + BIND 9 Administrator Reference Manual @@ -30,6 +30,7 @@ 2007 2008 2009 + 2010 Internet Systems Consortium, Inc. ("ISC") @@ -7422,6 +7423,13 @@ avoid-v6-udp-ports { 40000; range 50000 1800 (30 minutes). + + Lame-ttl also controls the amount of time DNSSEC + validation failures are cached. There is a minimum + of 30 seconds applied to bad cache entries if the + lame-ttl is set to less than 30 seconds. + + Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch01.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch01.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch01.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -45,17 +45,17 @@

Table of Contents

-
Scope of Document
-
Organization of This Document
-
Conventions Used in This Document
-
The Domain Name System (DNS)
+
Scope of Document
+
Organization of This Document
+
Conventions Used in This Document
+
The Domain Name System (DNS)
-
DNS Fundamentals
-
Domains and Domain Names
-
Zones
-
Authoritative Name Servers
-
Caching Name Servers
-
Name Servers in Multiple Roles
+
DNS Fundamentals
+
Domains and Domain Names
+
Zones
+
Authoritative Name Servers
+
Caching Name Servers
+
Name Servers in Multiple Roles
@@ -71,7 +71,7 @@

-Scope of Document

+Scope of Document

The Berkeley Internet Name Domain (BIND) implements a @@ -87,7 +87,7 @@

-Organization of This Document

+Organization of This Document

In this document, Chapter 1 introduces the basic DNS and BIND concepts. Chapter 2 @@ -116,7 +116,7 @@

-Conventions Used in This Document

+Conventions Used in This Document

In this document, we use the following general typographic conventions: @@ -243,7 +243,7 @@

-The Domain Name System (DNS)

+The Domain Name System (DNS)

The purpose of this document is to explain the installation and upkeep of the BIND (Berkeley Internet @@ -253,7 +253,7 @@

-DNS Fundamentals

+DNS Fundamentals

The Domain Name System (DNS) is a hierarchical, distributed database. It stores information for mapping Internet host names to @@ -273,7 +273,7 @@

-Domains and Domain Names

+Domains and Domain Names

The data stored in the DNS is identified by domain names that are organized as a tree according to organizational or administrative boundaries. Each node of the tree, @@ -319,7 +319,7 @@

-Zones

+Zones

To properly operate a name server, it is important to understand the difference between a zone @@ -372,7 +372,7 @@

-Authoritative Name Servers

+Authoritative Name Servers

Each zone is served by at least one authoritative name server, @@ -389,7 +389,7 @@

-The Primary Master

+The Primary Master

The authoritative server where the master copy of the zone data is maintained is called the @@ -409,7 +409,7 @@

-Slave Servers

+Slave Servers

The other authoritative servers, the slave servers (also known as secondary servers) @@ -425,7 +425,7 @@

-Stealth Servers

+Stealth Servers

Usually all of the zone's authoritative servers are listed in NS records in the parent zone. These NS records constitute @@ -460,7 +460,7 @@

-Caching Name Servers

+Caching Name Servers

The resolver libraries provided by most operating systems are stub resolvers, meaning that they are not @@ -487,7 +487,7 @@

-Forwarding

+Forwarding

Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can @@ -514,7 +514,7 @@

-Name Servers in Multiple Roles

+Name Servers in Multiple Roles

The BIND name server can simultaneously act as Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch02.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch02.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch02.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -45,16 +45,16 @@

Table of Contents

-
Hardware requirements
-
CPU Requirements
-
Memory Requirements
-
Name Server Intensive Environment Issues
-
Supported Operating Systems
+
Hardware requirements
+
CPU Requirements
+
Memory Requirements
+
Name Server Intensive Environment Issues
+
Supported Operating Systems

-Hardware requirements

+Hardware requirements

DNS hardware requirements have traditionally been quite modest. @@ -73,7 +73,7 @@

-CPU Requirements

+CPU Requirements

CPU requirements for BIND 9 range from i486-class machines @@ -84,7 +84,7 @@

-Memory Requirements

+Memory Requirements

The memory of the server has to be large enough to fit the cache and zones loaded off disk. The max-cache-size @@ -107,7 +107,7 @@

-Name Server Intensive Environment Issues

+Name Server Intensive Environment Issues

For name server intensive environments, there are two alternative configurations that may be used. The first is where clients and @@ -124,7 +124,7 @@

-Supported Operating Systems

+Supported Operating Systems

ISC BIND 9 compiles and runs on a large number of Unix-like operating systems, and on some versions of Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch03.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch03.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch03.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -47,14 +47,14 @@

Sample Configurations
-
A Caching-only Name Server
-
An Authoritative-only Name Server
+
A Caching-only Name Server
+
An Authoritative-only Name Server
-
Load Balancing
-
Name Server Operations
+
Load Balancing
+
Name Server Operations
-
Tools for Use With the Name Server Daemon
-
Signals
+
Tools for Use With the Name Server Daemon
+
Signals
@@ -68,7 +68,7 @@ Sample Configurations

-A Caching-only Name Server

+A Caching-only Name Server

The following sample configuration is appropriate for a caching-only name server for use by clients internal to a corporation. All @@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {

-An Authoritative-only Name Server

+An Authoritative-only Name Server

This sample configuration is for an authoritative-only server that is the master server for "example.com" @@ -137,7 +137,7 @@ zone "eng.example.com" {

-Load Balancing

+Load Balancing

A primitive form of load balancing can be achieved in the DNS by using multiple records @@ -280,10 +280,10 @@ zone "eng.example.com" {

-Name Server Operations

+Name Server Operations

-Tools for Use With the Name Server Daemon

+Tools for Use With the Name Server Daemon

This section describes several indispensable diagnostic, administrative and monitoring tools available to the system @@ -739,7 +739,7 @@ controls {

-Signals

+Signals

Certain UNIX signals cause the name server to take specific actions, as described in the following table. These signals can Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch04.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch04.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch04.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -49,29 +49,29 @@

Dynamic Update
The journal file
Incremental Zone Transfers (IXFR)
-
Split DNS
-
Example split DNS setup
+
Split DNS
+
Example split DNS setup
TSIG
-
Generate Shared Keys for Each Pair of Hosts
-
Copying the Shared Secret to Both Machines
-
Informing the Servers of the Key's Existence
-
Instructing the Server to Use the Key
-
TSIG Key Based Access Control
-
Errors
+
Generate Shared Keys for Each Pair of Hosts
+
Copying the Shared Secret to Both Machines
+
Informing the Servers of the Key's Existence
+
Instructing the Server to Use the Key
+
TSIG Key Based Access Control
+
Errors
-
TKEY
-
SIG(0)
+
TKEY
+
SIG(0)
DNSSEC
-
Generating Keys
-
Signing the Zone
-
Configuring Servers
+
Generating Keys
+
Signing the Zone
+
Configuring Servers
-
IPv6 Support in BIND 9
+
IPv6 Support in BIND 9
-
Address Lookups Using AAAA Records
-
Address to Name Lookups Using Nibble Format
+
Address Lookups Using AAAA Records
+
Address to Name Lookups Using Nibble Format
@@ -205,7 +205,7 @@

-Split DNS

+Split DNS

Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a @@ -235,7 +235,7 @@

-Example split DNS setup

+Example split DNS setup

Let's say a company named Example, Inc. (example.com) @@ -481,7 +481,7 @@ nameserver 172.16.72.4

-Generate Shared Keys for Each Pair of Hosts

+Generate Shared Keys for Each Pair of Hosts

A shared secret is generated to be shared between host1 and host2. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -489,7 +489,7 @@ nameserver 172.16.72.4

-Automatic Generation

+Automatic Generation

The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -514,7 +514,7 @@ nameserver 172.16.72.4

-Manual Generation

+Manual Generation

The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -529,7 +529,7 @@ nameserver 172.16.72.4

-Copying the Shared Secret to Both Machines

+Copying the Shared Secret to Both Machines

This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -537,7 +537,7 @@ nameserver 172.16.72.4

-Informing the Servers of the Key's Existence

+Informing the Servers of the Key's Existence

Imagine host1 and host 2 are @@ -566,7 +566,7 @@ key host1-host2. {

-Instructing the Server to Use the Key

+Instructing the Server to Use the Key

Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the named.conf file @@ -598,7 +598,7 @@ server 10.1.2.3 {

-TSIG Key Based Access Control

+TSIG Key Based Access Control

BIND allows IP addresses and ranges to be specified in ACL @@ -626,7 +626,7 @@ allow-update { key host1-host2. ;};

-Errors

+Errors

The processing of TSIG signed messages can result in several errors. If a signed message is sent to a non-TSIG aware @@ -652,7 +652,7 @@ allow-update { key host1-host2. ;};

-TKEY

+TKEY

TKEY is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of @@ -688,7 +688,7 @@ allow-update { key host1-host2. ;};

-SIG(0)

+SIG(0)

BIND 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC 2931. @@ -749,7 +749,7 @@ allow-update { key host1-host2. ;};

-Generating Keys

+Generating Keys

The dnssec-keygen program is used to generate keys. @@ -800,7 +800,7 @@ allow-update { key host1-host2. ;};

-Signing the Zone

+Signing the Zone

The dnssec-signzone program is used to @@ -844,7 +844,7 @@ allow-update { key host1-host2. ;};

-Configuring Servers

+Configuring Servers

To enable named to respond appropriately to DNS requests from DNSSEC aware clients, @@ -932,7 +932,7 @@ options {

-IPv6 Support in BIND 9

+IPv6 Support in BIND 9

BIND 9 fully supports all currently defined forms of IPv6 @@ -971,7 +971,7 @@ options {

-Address Lookups Using AAAA Records

+Address Lookups Using AAAA Records

The IPv6 AAAA record is a parallel to the IPv4 A record, and, unlike the deprecated A6 record, specifies the entire @@ -990,7 +990,7 @@ host 3600 IN AAAA

-Address to Name Lookups Using Nibble Format

+Address to Name Lookups Using Nibble Format

When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch05.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch05.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch05.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -45,13 +45,13 @@

Table of Contents

-
The Lightweight Resolver Library
+
The Lightweight Resolver Library
Running a Resolver Daemon

-The Lightweight Resolver Library

+The Lightweight Resolver Library

Traditionally applications have been linked with a stub resolver library that sends recursive DNS queries to a local caching name Modified: vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch06.html ============================================================================== --- vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch06.html Mon Mar 29 20:12:44 2010 (r205855) +++ vendor/bind9/dist-9.4/doc/arm/Bv9ARM.ch06.html Mon Mar 29 20:15:32 2010 (r205856) @@ -1,5 +1,5 @@ - + @@ -48,52 +48,52 @@

Configuration File Elements
Address Match Lists
-
Comment Syntax
+
Comment Syntax
Configuration File Grammar
-
acl Statement Grammar
+
acl Statement Grammar
acl Statement Definition and Usage
-
controls Statement Grammar
+
controls Statement Grammar
controls Statement Definition and Usage
-
include Statement Grammar
-
include Statement Definition and +
include Statement Grammar
+
include Statement Definition and Usage
-
key Statement Grammar
-
key Statement Definition and Usage
-
logging Statement Grammar
-
logging Statement Definition and +
key Statement Grammar
+
key Statement Definition and Usage
+
logging Statement Grammar
+
logging Statement Definition and Usage
-
lwres Statement Grammar
-
lwres Statement Definition and Usage
-
masters Statement Grammar
-
masters Statement Definition and +
lwres Statement Grammar
+
lwres Statement Definition and Usage
+
masters Statement Grammar
+
masters Statement Definition and Usage
-
options Statement Grammar
+
options Statement Grammar
options Statement Definition and Usage
server Statement Grammar
server Statement Definition and Usage
-
trusted-keys Statement Grammar
-
trusted-keys Statement Definition +
trusted-keys Statement Grammar
+
trusted-keys Statement Definition and Usage
view Statement Grammar
-
view Statement Definition and Usage
+
view Statement Definition and Usage
zone Statement Grammar
-
zone Statement Definition and Usage
+
zone Statement Definition and Usage
-
Zone File
+
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
-
Inverse Mapping in IPv4
-
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
Additional File Formats
@@ -455,7 +455,7 @@ Address Match Lists

-Syntax

+Syntax
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -464,7 +464,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -542,7 +542,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -552,7 +552,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -567,7 +567,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -797,7 +797,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name {
     address_match_list
 };
@@ -880,7 +880,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    [ inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys { key_list }; ]
@@ -1002,12 +1002,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -1022,7 +1022,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1031,7 +1031,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1078,7 +1078,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path_name
@@ -1102,7 +1102,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1136,7 +1136,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1665,7 +1665,7 @@ category notify { null; };
 
 

 

-The query-errors Category

+The query-errors Category

 

             The query-errors category is
             specifically intended for debugging purposes: To identify
@@ -1893,7 +1893,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1908,7 +1908,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1959,14 +1959,14 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] };
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
           lists allow for a common set of masters to be easily used by
@@ -1975,7 +1975,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -3086,7 +3086,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -3130,7 +3130,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -3286,7 +3286,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -3719,7 +3719,7 @@ avoid-v6-udp-ports {};
 
 

 

-UDP Port Lists

+UDP Port Lists

 

             use-v4-udp-ports,
             avoid-v4-udp-ports,
@@ -3761,7 +3761,7 @@ avoid-v6-udp-ports { 40000; range 50000 
 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3922,7 +3922,7 @@ avoid-v6-udp-ports { 40000; range 50000 
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 


*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***