Date: Wed, 16 Oct 2013 20:19:56 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42977 - head/en_US.ISO8859-1/books/handbook/network-servers Message-ID: <201310162019.r9GKJuMq049616@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Wed Oct 16 20:19:56 2013 New Revision: 42977 URL: http://svnweb.freebsd.org/changeset/doc/42977 Log: White space fix only. Translators can ignore. Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 19:40:27 2013 (r42976) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 20:19:56 2013 (r42977) @@ -200,8 +200,8 @@ <literal>inetd_flags</literal> is set to <literal>-wW -C 60</literal>, which turns on TCP wrapping for <application>inetd</application>'s services, and prevents any - single <acronym>IP</acronym> address from requesting any service more than 60 - times in any given minute.</para> + single <acronym>IP</acronym> address from requesting any + service more than 60 times in any given minute.</para> <para>Although we mention rate-limiting options below, novice users may be pleased to note that these parameters usually do @@ -227,9 +227,10 @@ <listitem> <para>Specify the default maximum number of times a - service can be invoked from a single <acronym>IP</acronym> address in one - minute; the default is unlimited. May be overridden on - a per-service basis with the + service can be invoked from a single + <acronym>IP</acronym> address in one minute; the default + is unlimited. May be overridden on a per-service basis + with the <option>max-connections-per-ip-per-minute</option> parameter.</para> </listitem> @@ -250,9 +251,9 @@ <listitem> <para>Specify the maximum number of times a service can be - invoked from a single <acronym>IP</acronym> address at any one time; the - default is unlimited. May be overridden on a - per-service basis with the + invoked from a single <acronym>IP</acronym> address at + any one time; the default is unlimited. May be + overridden on a per-service basis with the <option>max-child-per-ip</option> parameter.</para> </listitem> </varlistentry> @@ -403,14 +404,15 @@ server-program-arguments</programlisting options which limit the maximum connections from a single place to a particular daemon can be enabled. <option>max-connections-per-ip-per-minute</option> - limits the number of connections from any particular <acronym>IP</acronym> - address per minutes, e.g., a value of ten would limit - any particular <acronym>IP</acronym> address connecting to a particular - service to ten attempts per minute. - <option>max-child-per-ip</option> limits the number of - children that can be started on behalf on any single <acronym>IP</acronym> - address at any moment. These options are useful to - prevent intentional or unintentional excessive resource + limits the number of connections from any particular + <acronym>IP</acronym> address per minutes, e.g., a value + of ten would limit any particular <acronym>IP</acronym> + address connecting to a particular service to ten + attempts per minute. <option>max-child-per-ip</option> + limits the number of children that can be started on + behalf on any single <acronym>IP</acronym> address at + any moment. These options are useful to prevent + intentional or unintentional excessive resource consumption and Denial of Service (DoS) attacks to a machine.</para> @@ -430,8 +432,8 @@ server-program-arguments</programlisting would read: <literal>nowait/10</literal>.</para> <para>The same setup with a limit of twenty connections - per <acronym>IP</acronym> address per minute and a maximum total limit of - ten child daemons would read: + per <acronym>IP</acronym> address per minute and a + maximum total limit of ten child daemons would read: <literal>nowait/10/20</literal>.</para> <para>These options are utilized by the default @@ -723,8 +725,8 @@ mountd_flags="-r"</programlisting> <para>The next example exports <filename class="directory">/home</filename> to three clients - by <acronym>IP</acronym> address. This can be useful for networks without - <acronym>DNS</acronym>. Optionally, + by <acronym>IP</acronym> address. This can be useful for + networks without <acronym>DNS</acronym>. Optionally, <filename>/etc/hosts</filename> could be configured for internal hostnames; please review &man.hosts.5; for more information. The <literal>-alldirs</literal> flag allows @@ -951,11 +953,11 @@ rpc_statd_enable="YES"</programlisting> <filename class="directory">/net</filename> directories. When a file is accessed within one of these directories, <application>amd</application> looks up the corresponding - remote mount and automatically mounts it. - <filename class="directory">/net</filename> is used to mount - an exported file system from an <acronym>IP</acronym> address, while - <filename class="directory">/host</filename> is used to mount - an export from a remote hostname.</para> + remote mount and automatically mounts it. <filename + class="directory">/net</filename> is used to mount an + exported file system from an <acronym>IP</acronym> address, + while <filename class="directory">/host</filename> is used to + mount an export from a remote hostname.</para> <para>For instance, an attempt to access a file within <filename class="directory">/host/foobar/usr</filename> would @@ -2617,7 +2619,8 @@ result: 0 Success </authorgroup> </sect1info> --> - <title>Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>)</title> + <title>Dynamic Host Configuration Protocol + (<acronym>DHCP</acronym>)</title> <indexterm> <primary>Dynamic Host Configuration Protocol</primary> @@ -2627,108 +2630,115 @@ result: 0 Success <primary>Internet Systems Consortium (ISC)</primary> </indexterm> - <para>The Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>) allows - a system to connect to a network in order to be assigned - the necessary addressing information for communication on that - network. &os; includes the OpenBSD version of <command>dhclient</command> - which is used by the client to obtain the addressing information. - &os; does not install a <acronym>DHCP</acronym> server, but several - servers are available in the &os; Ports Collection. - The <acronym>DHCP</acronym> protocol is fully described in - <ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC - 2131</ulink>. Informational resources are also available at - <ulink url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>; - - <para>This section describes how to use the built-in <acronym>DHCP</acronym> client. - It then describes how to install and configure a - <acronym>DHCP</acronym> server.</para> + <para>The Dynamic Host Configuration Protocol + (<acronym>DHCP</acronym>) allows a system to connect to a + network in order to be assigned the necessary addressing + information for communication on that network. &os; includes + the OpenBSD version of <command>dhclient</command> which is used + by the client to obtain the addressing information. &os; does + not install a <acronym>DHCP</acronym> server, but several + servers are available in the &os; Ports Collection. The + <acronym>DHCP</acronym> protocol is fully described in <ulink + url="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</ulink>. + Informational resources are also available at <ulink + url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>; + + <para>This section describes how to use the built-in + <acronym>DHCP</acronym> client. It then describes how to + install and configure a <acronym>DHCP</acronym> server.</para> - <sect2> - <title>Configuring a <acronym>DHCP</acronym> Client</title> + <sect2> + <title>Configuring a <acronym>DHCP</acronym> Client</title> - <para><acronym>DHCP</acronym> client support is included in the &os; - installer, making it easy to configure a system to automatically - receive its networking addressing information from an existing - <acronym>DHCP</acronym> server.</para> - - <indexterm><primary><acronym>UDP</acronym></primary></indexterm> - <para>When <command>dhclient</command> is - executed on the client machine, it begins broadcasting - requests for configuration information. By default, these - requests use <acronym>UDP</acronym> port 68. The server replies on <acronym>UDP</acronym> port 67, - giving the client an <acronym>IP</acronym> address and other relevant network - information such as a subnet mask, default gateway, and <acronym>DNS</acronym> server addresses. - This information is in the form of a <acronym>DHCP</acronym> - <quote>lease</quote> and is valid for a configurable time. This allows - stale <acronym>IP</acronym> addresses for clients no longer connected to the - network to automatically be reused.</para> - - <para><acronym>DHCP</acronym> clients can obtain a great deal of information from - the server. An exhaustive list may be found in - &man.dhcp-options.5;.</para> - - <para>The <devicename>bpf</devicename> device is already - part of the <filename>GENERIC</filename> kernel that is - supplied with &os;, thus there is no need to build a - custom kernel for <acronym>DHCP</acronym>. In the case of - a custom kernel configuration file, this device must be - present for <acronym>DHCP</acronym> to function - properly.</para> + <para><acronym>DHCP</acronym> client support is included in the + &os; installer, making it easy to configure a system to + automatically receive its networking addressing information + from an existing <acronym>DHCP</acronym> server.</para> + + <indexterm><primary><acronym>UDP</acronym></primary></indexterm> + <para>When <command>dhclient</command> is executed on the client + machine, it begins broadcasting requests for configuration + information. By default, these requests use + <acronym>UDP</acronym> port 68. The server replies on + <acronym>UDP</acronym> port 67, giving the client an + <acronym>IP</acronym> address and other relevant network + information such as a subnet mask, default gateway, and + <acronym>DNS</acronym> server addresses. This information is + in the form of a <acronym>DHCP</acronym> + <quote>lease</quote> and is valid for a configurable time. + This allows stale <acronym>IP</acronym> addresses for clients + no longer connected to the network to automatically be + reused.</para> + + <para><acronym>DHCP</acronym> clients can obtain a great deal of + information from the server. An exhaustive list may be found + in &man.dhcp-options.5;.</para> + + <para>The <devicename>bpf</devicename> device is already + part of the <filename>GENERIC</filename> kernel that is + supplied with &os;, thus there is no need to build a + custom kernel for <acronym>DHCP</acronym>. In the case of + a custom kernel configuration file, this device must be + present for <acronym>DHCP</acronym> to function + properly.</para> - <note> - <para>For those who are particularly security conscious, - take note that <devicename>bpf</devicename> is also the - device that allows packet sniffers to work correctly - (although they still have to be run as - <username>root</username>). - <devicename>bpf</devicename> <emphasis>is</emphasis> - required to use <acronym>DHCP</acronym>; however, the security sensitive - types should probably not add - <devicename>bpf</devicename> to the kernel in the - expectation that at some point in the future the system - will be using <acronym>DHCP</acronym>.</para> - </note> + <note> + <para>For those who are particularly security conscious, + take note that <devicename>bpf</devicename> is also the + device that allows packet sniffers to work correctly + (although they still have to be run as + <username>root</username>). + <devicename>bpf</devicename> <emphasis>is</emphasis> + required to use <acronym>DHCP</acronym>; however, the + security sensitive types should probably not add + <devicename>bpf</devicename> to the kernel in the + expectation that at some point in the future the system + will be using <acronym>DHCP</acronym>.</para> + </note> - <para>By default, <acronym>DHCP</acronym> configuration on &os; runs in the - background, or <firstterm>asynchronously</firstterm>. - Other startup scripts continue to run while <acronym>DHCP</acronym> - completes, speeding up system startup.</para> - - <para>Background <acronym>DHCP</acronym> works well when the <acronym>DHCP</acronym> server - responds quickly to requests and the <acronym>DHCP</acronym> configuration - process goes quickly. However, <acronym>DHCP</acronym> may take a long time - to complete on some systems. If network services attempt - to run before <acronym>DHCP</acronym> has completed, they will fail. Using - <acronym>DHCP</acronym> in <firstterm>synchronous</firstterm> mode prevents - the problem, pausing startup until <acronym>DHCP</acronym> configuration has - completed.</para> - - <para>To connect to a <acronym>DHCP</acronym> server in the background while - other startup continues (asynchronous mode), use the - <quote><literal>DHCP</literal></quote> value in - <filename>/etc/rc.conf</filename>:</para> - - <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting> - - <para>To pause startup while <acronym>DHCP</acronym> completes, use - synchronous mode with the - <quote><literal>SYNCDHCP</literal></quote> value:</para> - - <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting> - - <note> - <para>Replace the <replaceable>fxp0</replaceable> shown - in these examples with the name of the interface to be - dynamically configured, as described in - <xref linkend="config-network-setup"/>.</para> - </note> + <para>By default, <acronym>DHCP</acronym> configuration on &os; + runs in the background, or + <firstterm>asynchronously</firstterm>. Other startup scripts + continue to run while <acronym>DHCP</acronym> completes, + speeding up system startup.</para> + + <para>Background <acronym>DHCP</acronym> works well when the + <acronym>DHCP</acronym> server responds quickly to requests + and the <acronym>DHCP</acronym> configuration process goes + quickly. However, <acronym>DHCP</acronym> may take a long + time to complete on some systems. If network services attempt + to run before <acronym>DHCP</acronym> has completed, they will + fail. Using <acronym>DHCP</acronym> in + <firstterm>synchronous</firstterm> mode prevents the problem, + pausing startup until <acronym>DHCP</acronym> configuration + has completed.</para> + + <para>To connect to a <acronym>DHCP</acronym> server in the + background while other startup continues (asynchronous mode), + use the <quote><literal>DHCP</literal></quote> value in + <filename>/etc/rc.conf</filename>:</para> + + <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting> + + <para>To pause startup while <acronym>DHCP</acronym> completes, + use synchronous mode with the + <quote><literal>SYNCDHCP</literal></quote> value:</para> + + <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting> + + <note> + <para>Replace the <replaceable>fxp0</replaceable> shown + in these examples with the name of the interface to be + dynamically configured, as described in + <xref linkend="config-network-setup"/>.</para> + </note> - <para>When using a different file system location for - <command>dhclient</command>, or if additional flags must - be passed to <command>dhclient</command>, include (editing - as necessary):</para> + <para>When using a different file system location for + <command>dhclient</command>, or if additional flags must + be passed to <command>dhclient</command>, include (editing + as necessary):</para> - <programlisting>dhclient_program="/sbin/dhclient" + <programlisting>dhclient_program="/sbin/dhclient" dhclient_flags=""</programlisting> <indexterm> @@ -2736,7 +2746,8 @@ dhclient_flags=""</programlisting> <secondary>configuration files</secondary> </indexterm> - <para>The <acronym>DHCP</acronym> client uses the following files:</para> + <para>The <acronym>DHCP</acronym> client uses the following + files:</para> <itemizedlist> <listitem> @@ -2760,86 +2771,90 @@ dhclient_flags=""</programlisting> <para><filename>/sbin/dhclient-script</filename></para> <para><command>dhclient-script</command> is the - &os;-specific <acronym>DHCP</acronym> client configuration script. It - is described in &man.dhclient-script.8;, but should not - need any user modification to function properly.</para> + &os;-specific <acronym>DHCP</acronym> client configuration + script. It is described in &man.dhclient-script.8;, but + should not need any user modification to function + properly.</para> </listitem> <listitem> <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para> - <para>The <acronym>DHCP</acronym> client keeps a database of valid leases in - this file, which is written as a log. + <para>The <acronym>DHCP</acronym> client keeps a database of + valid leases in this file, which is written as a log. &man.dhclient.leases.5; gives a slightly longer - description. Refer to - &man.dhclient.8;, &man.dhcp-options.5;, and - &man.dhclient.conf.5;, in addition to the - references below, for more information.</para> + description. Refer to &man.dhclient.8;, + &man.dhcp-options.5;, and &man.dhclient.conf.5;, in + addition to the references below, for more + information.</para> </listitem> </itemizedlist> </sect2> <sect2 id="network-dhcp-server"> - <title>Installing and Configuring a <acronym>DHCP</acronym> Server</title> + <title>Installing and Configuring a <acronym>DHCP</acronym> + Server</title> - <para>This section provides information on how to configure a - &os; system to act as a <acronym>DHCP</acronym> server using the ISC - (Internet Systems Consortium) implementation of the <acronym>DHCP</acronym> - server.</para> + <para>This section provides information on how to configure a + &os; system to act as a <acronym>DHCP</acronym> server using + the ISC (Internet Systems Consortium) implementation of the + <acronym>DHCP</acronym> server.</para> <indexterm> <primary><acronym>DHCP</acronym></primary> <secondary>server</secondary> </indexterm> - <para>The <acronym>DHCP</acronym> server, <application>dhcpd</application>, is - included as part of the + <para>The <acronym>DHCP</acronym> server, + <application>dhcpd</application>, is included as part of the <filename role="package">net/isc-dhcp42-server</filename> port - in the ports collection. This port contains the ISC <acronym>DHCP</acronym> - server and documentation.</para> - <para>The server is not provided as part of &os;, and so the - <filename role="package">net/isc-dhcp42-server</filename> - port must be installed to provide this service. See - <xref linkend="ports"/> for more information on using the - Ports Collection.</para> + in the ports collection. This port contains the ISC + <acronym>DHCP</acronym> server and documentation.</para> - <indexterm> - <primary><acronym>DHCP</acronym></primary> + <para>The server is not provided as part of &os;, and so the + <filename role="package">net/isc-dhcp42-server</filename> + port must be installed to provide this service. See + <xref linkend="ports"/> for more information on using the + Ports Collection.</para> + + <indexterm> + <primary><acronym>DHCP</acronym></primary> <secondary>installation</secondary> - </indexterm> + </indexterm> - <para>In order to configure the &os; system as a <acronym>DHCP</acronym> server, - first ensure that the &man.bpf.4; device is compiled into - the kernel. To do this, add <literal>device bpf</literal> - to the kernel configuration file, and rebuild the kernel. - For more information about building kernels, see - <xref linkend="kernelconfig"/>.</para> - - <para>The <devicename>bpf</devicename> device is already part - of the <filename>GENERIC</filename> kernel that is supplied - with &os;, so there is no need to create a custom kernel in - order to get <acronym>DHCP</acronym> working.</para> + <para>In order to configure the &os; system as a + <acronym>DHCP</acronym> server, first ensure that the + &man.bpf.4; device is compiled into the kernel. To do this, + add <literal>device bpf</literal> to the kernel configuration + file, and rebuild the kernel. For more information about + building kernels, see <xref linkend="kernelconfig"/>.</para> + + <para>The <devicename>bpf</devicename> device is already part + of the <filename>GENERIC</filename> kernel that is supplied + with &os;, so there is no need to create a custom kernel in + order to get <acronym>DHCP</acronym> working.</para> - <note> - <para>Those who are particularly security conscious should - note that <devicename>bpf</devicename> is also the device - that allows packet sniffers to function correctly - (although such programs still need privileged access). - The <devicename>bpf</devicename> device - <emphasis>is</emphasis> required to use <acronym>DHCP</acronym>, but if the - sensitivity of the system's security is high, this device - should not be included in the kernel purely because the - use of <acronym>DHCP</acronym> may, at some point in the - future, be desired.</para> - </note> + <note> + <para>Those who are particularly security conscious should + note that <devicename>bpf</devicename> is also the device + that allows packet sniffers to function correctly + (although such programs still need privileged access). + The <devicename>bpf</devicename> device + <emphasis>is</emphasis> required to use + <acronym>DHCP</acronym>, but if the sensitivity of the + system's security is high, this device should not be + included in the kernel purely because the use of + <acronym>DHCP</acronym> may, at some point in the future, be + desired.</para> + </note> - <para>An example configuration file is installed by the - <filename role="package">net/isc-dhcp42-server</filename> - port. Copy the example - <filename>/usr/local/etc/dhcpd.conf.example</filename> - to the actual configuration file, - <filename>/usr/local/etc/dhcpd.conf</filename>. Edits - will be made to this new file.</para> + <para>An example configuration file is installed by the + <filename role="package">net/isc-dhcp42-server</filename> + port. Copy the example + <filename>/usr/local/etc/dhcpd.conf.example</filename> + to the actual configuration file, + <filename>/usr/local/etc/dhcpd.conf</filename>. Edits + will be made to this new file.</para> <sect3> <title>Configuring the <acronym>DHCP</acronym> Server</title> @@ -2880,7 +2895,8 @@ host mailhost { <callout arearefs="domain-name-servers"> <para>This option specifies a comma separated list of - <acronym>DNS</acronym> servers that the client should use.</para> + <acronym>DNS</acronym> servers that the client should + use.</para> </callout> <callout arearefs="subnet-mask"> @@ -2904,17 +2920,19 @@ host mailhost { </callout> <callout arearefs="ddns-update-style"> - <para>This option specifies whether the <acronym>DHCP</acronym> server - should attempt to update <acronym>DNS</acronym> when a lease is accepted - or released. In the ISC implementation, this option - is <emphasis>required</emphasis>.</para> + <para>This option specifies whether the + <acronym>DHCP</acronym> server should attempt to update + <acronym>DNS</acronym> when a lease is accepted or + released. In the ISC implementation, this option is + <emphasis>required</emphasis>.</para> </callout> <callout arearefs="range"> - <para>This denotes which <acronym>IP</acronym> addresses should be used in - the pool reserved for allocating to clients. <acronym>IP</acronym> - addresses between, and including, the ones stated are - handed out to clients.</para> + <para>This denotes which <acronym>IP</acronym> addresses + should be used in the pool reserved for allocating to + clients. <acronym>IP</acronym> addresses between, and + including, the ones stated are handed out to + clients.</para> </callout> <callout arearefs="routers"> @@ -2924,14 +2942,15 @@ host mailhost { <callout arearefs="hardware"> <para>The hardware MAC address of a host (so that the - <acronym>DHCP</acronym> server can recognize a host when it makes a - request).</para> + <acronym>DHCP</acronym> server can recognize a host when + it makes a request).</para> </callout> <callout arearefs="fixed-address"> <para>Specifies that the host should always be given the - same <acronym>IP</acronym> address. Note that using a hostname is - correct here, since the <acronym>DHCP</acronym> server will resolve the + same <acronym>IP</acronym> address. Note that using a + hostname is correct here, since the + <acronym>DHCP</acronym> server will resolve the hostname itself before returning the lease information.</para> </callout> @@ -2947,8 +2966,8 @@ dhcpd_ifaces="dc0"</programlisting> <para>Replace the <literal>dc0</literal> interface name with the interface (or interfaces, separated by whitespace) - that the <acronym>DHCP</acronym> server should listen on for <acronym>DHCP</acronym> client - requests.</para> + that the <acronym>DHCP</acronym> server should listen on for + <acronym>DHCP</acronym> client requests.</para> <para>Proceed to start the server by issuing the following command:</para> @@ -3000,20 +3019,20 @@ dhcpd_ifaces="dc0"</programlisting> <listitem> <para><filename>/var/db/dhcpd.leases</filename></para> - <para>The <acronym>DHCP</acronym> server keeps a database of leases it has - issued in this file, which is written as a log. The - port installs &man.dhcpd.leases.5;, which gives a - slightly longer description.</para> + <para>The <acronym>DHCP</acronym> server keeps a database + of leases it has issued in this file, which is written + as a log. The port installs &man.dhcpd.leases.5;, which + gives a slightly longer description.</para> </listitem> <listitem> <para><filename>/usr/local/sbin/dhcrelay</filename></para> <para><application>dhcrelay</application> is used in - advanced environments where one <acronym>DHCP</acronym> server forwards a - request from a client to another <acronym>DHCP</acronym> server on a - separate network. If this functionality is required, - then install the + advanced environments where one <acronym>DHCP</acronym> + server forwards a request from a client to another + <acronym>DHCP</acronym> server on a separate network. + If this functionality is required, then install the <filename role="package">net/isc-dhcp42-relay</filename> port. The port installs &man.dhcrelay.8;, which provides more detail.</para> @@ -3094,7 +3113,8 @@ dhcpd_ifaces="dc0"</programlisting> <acronym>DNS</acronym> must be understood.</para> <indexterm><primary>resolver</primary></indexterm> - <indexterm><primary>reverse <acronym>DNS</acronym></primary></indexterm> + <indexterm><primary>reverse + <acronym>DNS</acronym></primary></indexterm> <indexterm><primary>root zone</primary></indexterm> <informaltable frame="none" pgwide="1"> @@ -3112,7 +3132,8 @@ dhcpd_ifaces="dc0"</programlisting> <tbody> <row> <entry>Forward <acronym>DNS</acronym></entry> - <entry>Mapping of hostnames to <acronym>IP</acronym> addresses.</entry> + <entry>Mapping of hostnames to <acronym>IP</acronym> + addresses.</entry> </row> <row> @@ -3765,7 +3786,8 @@ www IN CNAME example. <secondary>records</secondary> </indexterm> - <para>The most commonly used <acronym>DNS</acronym> records:</para> + <para>The most commonly used <acronym>DNS</acronym> + records:</para> <variablelist> <varlistentry> @@ -3919,9 +3941,9 @@ mail IN A 192.168. priority number), then the second highest, etc, until the mail can be properly delivered.</para> - <para>For in-addr.arpa zone files (reverse <acronym>DNS</acronym>), the same - format is used, except with PTR entries instead of A or - CNAME.</para> + <para>For in-addr.arpa zone files (reverse + <acronym>DNS</acronym>), the same format is used, except + with PTR entries instead of A or CNAME.</para> <programlisting>$TTL 3600 @@ -3941,8 +3963,8 @@ mail IN A 192.168. 4 IN PTR mx.example.org. 5 IN PTR mail.example.org.</programlisting> - <para>This file gives the proper <acronym>IP</acronym> address to hostname - mappings for the above fictitious domain.</para> + <para>This file gives the proper <acronym>IP</acronym> address + to hostname mappings for the above fictitious domain.</para> <para>It is worth noting that all names on the right side of a PTR record need to be fully qualified (i.e., end in @@ -3970,7 +3992,8 @@ mail IN A 192.168. <indexterm> <primary>BIND</primary> - <secondary><acronym>DNS</acronym> security extensions</secondary> + <secondary><acronym>DNS</acronym> security + extensions</secondary> </indexterm> <para>Domain Name System Security Extensions, or <acronym @@ -4335,9 +4358,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key <sect2> <title>Security</title> - <para>Although BIND is the most common implementation of <acronym>DNS</acronym>, - there is always the issue of security. Possible and - exploitable security holes are sometimes found.</para> + <para>Although BIND is the most common implementation of + <acronym>DNS</acronym>, there is always the issue of security. + Possible and exploitable security holes are sometimes + found.</para> <para>While &os; automatically drops <application>named</application> into a &man.chroot.8; @@ -4381,7 +4405,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key <listitem> <para><ulink url="http://www.oreilly.com/catalog/dns5/">O'Reilly - <acronym>DNS</acronym> and BIND 5th Edition</ulink></para> + <acronym>DNS</acronym> and BIND 5th + Edition</ulink></para> </listitem> <listitem> @@ -4420,15 +4445,15 @@ $include Kexample.com.+005+nnnnn.ZSK.key <listitem> <para><ulink url="http://tools.ietf.org/html/rfc4034">RFC4034 - - Resource Records for the <acronym>DNS</acronym> Security - Extensions</ulink></para> + - Resource Records for the <acronym>DNS</acronym> + Security Extensions</ulink></para> </listitem> <listitem> <para><ulink url="http://tools.ietf.org/html/rfc4035">RFC4035 - - Protocol Modifications for the <acronym>DNS</acronym> Security - Extensions</ulink></para> + - Protocol Modifications for the <acronym>DNS</acronym> + Security Extensions</ulink></para> </listitem> <listitem> @@ -4630,7 +4655,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key types of Virtual Hosting. The first method is Name-based Virtual Hosting. Name-based virtual hosting uses the clients HTTP/1.1 headers to figure out the hostname. This allows many - different domains to share the same <acronym>IP</acronym> address.</para> + different domains to share the same <acronym>IP</acronym> + address.</para> <para>To setup <application>Apache</application> to use Name-based Virtual Hosting add an entry like the following to @@ -5524,8 +5550,8 @@ driftfile /var/db/ntp.drift</programlist <programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting> <para>instead, where - <hostid role="ipaddr">192.168.1.0</hostid> is an <acronym>IP</acronym> address - on the network and + <hostid role="ipaddr">192.168.1.0</hostid> is an + <acronym>IP</acronym> address on the network and <hostid role="netmask">255.255.255.0</hostid> is the network's netmask.</para>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310162019.r9GKJuMq049616>