d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of 9.4.1-P1, which has fixes for the following:

Browse Source 
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925

2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

Approved by:	re (kensmith, implicit)
This commit is contained in:
Doug Barton 2007-07-25 08:12:36 +00:00
parent c197e4d678
commit 56a78b5211
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/bind9/dist/; revision=171577
30 changed files with 2239 additions and 1781 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
contrib/bind9/CHANGES
View File

@ -1,4 +1,34 @@
--- 9.4.1-P1 released ---
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost;) is used.
[RT #16987]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2193. [port] win32: BINDInstall.exe is now linked statically.
[RT #16906]
2192. [port] win32: use vcredist_x86.exe to install Visual
Studio's redistributable dlls if building with
Visual Stdio 2005 or later.
--- 9.4.1 released ---
2172. [bug] query_addsoa() was being called with a non zone db.

5
contrib/bind9/README
View File

@ -43,6 +43,11 @@ BIND 9
Nominum, Inc.
BIND 9.4.1-P1
BIND 9.4.1-P1 is a security release, containing a fixes for a
security bugs in BIND 9.4.1.
BIND 9.4.1
BIND 9.4.1 is a security release, containing a fix for a

10
contrib/bind9/bin/named/client.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.219.18.20 2006/07/22 01:02:36 marka Exp $ */
/* $Id: client.c,v 1.219.18.20.14.1 2007/06/26 02:58:54 marka Exp $ */
#include <config.h>
@ -1439,6 +1439,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
}
}
/*
* Hash the incoming request here as it is after
* dns_dispatch_importrecv().
*/
dns_dispatch_hash(&client->now, sizeof(client->now));
dns_dispatch_hash(isc_buffer_base(buffer),
isc_buffer_usedlength(buffer));
/*
* It's a request. Parse it.
*/

32
contrib/bind9/bin/named/server.c
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.419.18.49 2006/12/07 05:24:19 marka Exp $ */
/* $Id: server.c,v 1.419.18.49.12.2 2007/07/09 02:23:16 marka Exp $ */
/*! \file */
@ -1435,12 +1435,12 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
view->additionalfromcache = ISC_TRUE;
}
/*
* Set "allow-query-cache" and "allow-recursion" acls if
* configured in named.conf.
*/
CHECK(configure_view_acl(vconfig, config, "allow-query-cache",
actx, ns_g_mctx, &view->queryacl));
if (view->queryacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_defaults,
"allow-query-cache", actx,
ns_g_mctx, &view->queryacl));
if (strcmp(view->name, "_bind") != 0)
CHECK(configure_view_acl(vconfig, config, "allow-recursion",
@ -1460,11 +1460,29 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
"active%s%s", forview, viewname);
/*
* Set default "allow-recursion" acl.
* "allow-query-cache" inherits from "allow-recursion" if set,
* otherwise from "allow-query" if set.
* "allow-recursion" inherits from "allow-query-cache" if set,
* otherwise from "allow-query" if set.
*/
if (view->queryacl == NULL && view->recursionacl != NULL)
dns_acl_attach(view->recursionacl, &view->queryacl);
if (view->queryacl == NULL)
CHECK(configure_view_acl(vconfig, config, "allow-query",
actx, ns_g_mctx, &view->queryacl));
if (view->recursionacl == NULL && view->queryacl != NULL)
dns_acl_attach(view->queryacl, &view->recursionacl);
/*
* Set default "allow-recursion" and "allow-query-cache" acls.
*/
if (view->recursionacl == NULL && view->recursion)
CHECK(configure_view_acl(NULL, ns_g_defaults, "allow-recursion",
CHECK(configure_view_acl(NULL, ns_g_config, "allow-recursion",
actx, ns_g_mctx, &view->recursionacl));
if (view->queryacl == NULL)
CHECK(configure_view_acl(NULL, ns_g_config,
"allow-query-cache", actx,
ns_g_mctx, &view->queryacl));
CHECK(configure_view_acl(vconfig, config, "sortlist",
actx, ns_g_mctx, &view->sortlist));

35
contrib/bind9/doc/arm/Bv9ARM-book.xml
View File

@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.66 2007/01/29 23:57:20 marka Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.66.10.1 2007/07/09 02:23:16 marka Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@ -5827,15 +5827,12 @@ options {
<listitem>
<para>
Specifies which hosts are allowed to get answers
from the cache. The default is the builtin acls
<command>localnets</command> and
<command>localhost</command>.
</para>
<para>
The way to set query access to the cache is now
via <command>allow-query-cache</command>.
This differs from earlier versions which used
<command>allow-query</command>.
from the cache. If <command>allow-query-cache</command>
is not set then <command>allow-recursion</command>
is used if set, otherwise <command>allow-query</command>
is used if set, otherwise the default
(<command>localnets;</command>
<command>localhost;</command>) is used.
</para>
</listitem>
</varlistentry>
@ -5843,16 +5840,16 @@ options {
<varlistentry>
<term><command>allow-recursion</command></term>
<listitem>
<para>
<para>
Specifies which hosts are allowed to make recursive
queries through this server. If not specified,
the default is to allow recursive queries from
the builtin acls <command>localnets</command> and
<command>localhost</command>.
Note that disallowing recursive queries for a
host does not prevent the host from retrieving
data that is already in the server's cache.
</para>
queries through this server. If
<command>allow-recursion</command> is not set
then <command>allow-query-cache</command> is
used if set, otherwise <command>allow-query</command>
is used if set, otherwise the default
(<command>localnets;</command>
<command>localhost;</command>) is used.
</para>
</listitem>
</varlistentry>

42
contrib/bind9/doc/arm/Bv9ARM.ch01.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.19 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.19.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,15 +47,15 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564115">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564138">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563473">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564746">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563472">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564813">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564802">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564886">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567284">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567525">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567587">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564835">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564869">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564953">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567283">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567524">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567586">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2563473"></a>Conventions Used in This Document</h2></div></div></div>
<a name="id2563472"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2564746"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<a name="id2564813"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> software
@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564768"></a>DNS Fundamentals</h3></div></div></div>
<a name="id2564835"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@ -273,7 +273,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564802"></a>Domains and Domain Names</h3></div></div></div>
<a name="id2564869"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@ -319,7 +319,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2564886"></a>Zones</h3></div></div></div>
<a name="id2564953"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@ -372,7 +372,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567284"></a>Authoritative Name Servers</h3></div></div></div>
<a name="id2567283"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@ -389,7 +389,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567307"></a>The Primary Master</h4></div></div></div>
<a name="id2567306"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@ -409,7 +409,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567337"></a>Slave Servers</h4></div></div></div>
<a name="id2567336"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@ -425,7 +425,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567358"></a>Stealth Servers</h4></div></div></div>
<a name="id2567357"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@ -460,7 +460,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567525"></a>Caching Name Servers</h3></div></div></div>
<a name="id2567524"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@ -487,7 +487,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2567560"></a>Forwarding</h4></div></div></div>
<a name="id2567559"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@ -514,7 +514,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2567587"></a>Name Servers in Multiple Roles</h3></div></div></div>
<a name="id2567586"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as

22
contrib/bind9/doc/arm/Bv9ARM.ch02.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.18 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.18.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567648">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567660">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567687">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567698">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567646">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567659">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567686">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567697">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567621"></a>Hardware requirements</h2></div></div></div>
<a name="id2567620"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567648"></a>CPU Requirements</h2></div></div></div>
<a name="id2567646"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567660"></a>Memory Requirements</h2></div></div></div>
<a name="id2567659"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567687"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<a name="id2567686"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@ -124,7 +124,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2567698"></a>Supported Operating Systems</h2></div></div></div>
<a name="id2567697"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number

26
contrib/bind9/doc/arm/Bv9ARM.ch03.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.26 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.26.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568003">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568019">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568002">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568018">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568041">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568040">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568464">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569972">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568469">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570039">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568003"></a>A Caching-only Name Server</h3></div></div></div>
<a name="id2568002"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568019"></a>An Authoritative-only Name Server</h3></div></div></div>
<a name="id2568018"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@ -137,7 +137,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568041"></a>Load Balancing</h2></div></div></div>
<a name="id2568040"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple A records for
@ -280,10 +280,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
<a name="id2568464"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<a name="id2568469"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@ -741,7 +741,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2569972"></a>Signals</h3></div></div></div>
<a name="id2570039"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can

66
contrib/bind9/doc/arm/Bv9ARM.ch04.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.34 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.34.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -49,28 +49,28 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570429">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570428">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570949">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571022">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571033">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571198">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571243">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570948">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571021">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571032">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571140">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571197">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571242">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571257">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571306">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571256">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571305">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571579">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571649">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571728">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571578">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571648">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571726">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571802">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571801">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572001">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572022">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572000">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572021">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@ -204,7 +204,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2570429"></a>Split DNS</h2></div></div></div>
<a name="id2570428"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@ -479,7 +479,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2570949"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<a name="id2570948"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@ -487,7 +487,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2570966"></a>Automatic Generation</h4></div></div></div>
<a name="id2570965"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
@ -512,7 +512,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2571004"></a>Manual Generation</h4></div></div></div>
<a name="id2571003"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@ -527,7 +527,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571022"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<a name="id2571021"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@ -535,7 +535,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571033"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<a name="id2571032"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@ -564,7 +564,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571141"></a>Instructing the Server to Use the Key</h3></div></div></div>
<a name="id2571140"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@ -596,7 +596,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571198"></a>TSIG Key Based Access Control</h3></div></div></div>
<a name="id2571197"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@ -624,7 +624,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571243"></a>Errors</h3></div></div></div>
<a name="id2571242"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@ -650,7 +650,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571257"></a>TKEY</h2></div></div></div>
<a name="id2571256"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@ -686,7 +686,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571306"></a>SIG(0)</h2></div></div></div>
<a name="id2571305"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC2931.
@ -747,7 +747,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571579"></a>Generating Keys</h3></div></div></div>
<a name="id2571578"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@ -798,7 +798,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571649"></a>Signing the Zone</h3></div></div></div>
<a name="id2571648"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to
@ -842,7 +842,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2571728"></a>Configuring Servers</h3></div></div></div>
<a name="id2571726"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@ -930,7 +930,7 @@ options {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2571802"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<a name="id2571801"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6
@ -969,7 +969,7 @@ options {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572001"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<a name="id2572000"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@ -988,7 +988,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2572022"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<a name="id2572021"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and

6
contrib/bind9/doc/arm/Bv9ARM.ch05.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.28 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.28.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572055">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572054">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2572055"></a>The Lightweight Resolver Library</h2></div></div></div>
<a name="id2572054"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name

171
contrib/bind9/doc/arm/Bv9ARM.ch06.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.63 2007/01/30 00:23:45 marka Exp $ -->
<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.63.10.1 2007/07/09 02:25:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,52 +48,52 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573470">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573333">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574151"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574013"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574341"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574203"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574770"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574785"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574632"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574647"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574808"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574829"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574920"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575046"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574670"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574692"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574782"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574908"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576396"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576470"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576534"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576578"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576395"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576469"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576533"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576577"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576593"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576592"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585018"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585136"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585031"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585216"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585228"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586586"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586599"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2588846">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2588791">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590800">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590812">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591419">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591546">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591803"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591432">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591559">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591816"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl>
@ -428,7 +428,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573336"></a>Syntax</h4></div></div></div>
<a name="id2573198"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@ -437,7 +437,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573364"></a>Definition and Usage</h4></div></div></div>
<a name="id2573226"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@ -515,7 +515,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2573470"></a>Comment Syntax</h3></div></div></div>
<a name="id2573333"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@ -525,7 +525,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573485"></a>Syntax</h4></div></div></div>
<a name="id2573348"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@ -540,7 +540,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2573515"></a>Definition and Usage</h4></div></div></div>
<a name="id2573378"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that white space may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@ -774,7 +774,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574151"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574013"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@ -857,7 +857,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574341"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574203"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@ -979,12 +979,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574770"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574632"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574785"></a><span><strong class="command">include</strong></span> Statement Definition and
<a name="id2574647"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@ -999,7 +999,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574808"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574670"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@ -1008,7 +1008,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574829"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2574692"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@ -1055,7 +1055,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2574920"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2574782"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
@ -1079,7 +1079,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2575046"></a><span><strong class="command">logging</strong></span> Statement Definition and
<a name="id2574908"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@ -1113,7 +1113,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2575098"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<a name="id2574961"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@ -1632,7 +1632,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576396"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576395"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -1647,7 +1647,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576470"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2576469"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@ -1698,14 +1698,14 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576534"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576533"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576578"></a><span><strong class="command">masters</strong></span> Statement Definition and
<a name="id2576577"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@ -1714,7 +1714,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2576593"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2576592"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@ -2771,7 +2771,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2580408"></a>Forwarding</h4></div></div></div>
<a name="id2580407"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@ -2815,7 +2815,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2580467"></a>Dual-stack Servers</h4></div></div></div>
<a name="id2580466"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@ -2881,30 +2881,25 @@ options {
</div>
</dd>
<dt><span class="term"><span><strong class="command">allow-query-cache</strong></span></span></dt>
<dd>
<p>
<dd><p>
Specifies which hosts are allowed to get answers
from the cache. The default is the builtin acls
<span><strong class="command">localnets</strong></span> and
<span><strong class="command">localhost</strong></span>.
</p>
<p>
The way to set query access to the cache is now
via <span><strong class="command">allow-query-cache</strong></span>.
This differs from earlier versions which used
<span><strong class="command">allow-query</strong></span>.
</p>
</dd>
from the cache. If <span><strong class="command">allow-query-cache</strong></span>
is not set then <span><strong class="command">allow-recursion</strong></span>
is used if set, otherwise <span><strong class="command">allow-query</strong></span>
is used if set, otherwise the default
(<span><strong class="command">localnets;</strong></span>
<span><strong class="command">localhost;</strong></span>) is used.
</p></dd>
<dt><span class="term"><span><strong class="command">allow-recursion</strong></span></span></dt>
<dd><p>
Specifies which hosts are allowed to make recursive
queries through this server. If not specified,
the default is to allow recursive queries from
the builtin acls <span><strong class="command">localnets</strong></span> and
<span><strong class="command">localhost</strong></span>.
Note that disallowing recursive queries for a
host does not prevent the host from retrieving
data that is already in the server's cache.
queries through this server. If
<span><strong class="command">allow-recursion</strong></span> is not set
then <span><strong class="command">allow-query-cache</strong></span> is
used if set, otherwise <span><strong class="command">allow-query</strong></span>
is used if set, otherwise the default
(<span><strong class="command">localnets;</strong></span>
<span><strong class="command">localhost;</strong></span>) is used.
</p></dd>
<dt><span class="term"><span><strong class="command">allow-update</strong></span></span></dt>
<dd><p>
@ -2975,7 +2970,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2580942"></a>Interfaces</h4></div></div></div>
<a name="id2580955"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@ -3055,7 +3050,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581099"></a>Query Address</h4></div></div></div>
<a name="id2581112"></a>Query Address</h4></div></div></div>
<p>
If the server doesn't know the answer to a question, it will
query other name servers. <span><strong class="command">query-source</strong></span> specifies
@ -3335,7 +3330,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581778"></a>Bad UDP Port Lists</h4></div></div></div>
<a name="id2581859"></a>Bad UDP Port Lists</h4></div></div></div>
<p><span><strong class="command">avoid-v4-udp-ports</strong></span>
and <span><strong class="command">avoid-v6-udp-ports</strong></span> specify a list
of IPv4 and IPv6 UDP ports that will not be used as system
@ -3349,7 +3344,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581793"></a>Operating System Resource Limits</h4></div></div></div>
<a name="id2581874"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@ -3408,7 +3403,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2581976"></a>Server Resource Limits</h4></div></div></div>
<a name="id2582057"></a>Server Resource Limits</h4></div></div></div>
<p>
The following options set limits on the server's
resource consumption that are enforced internally by the
@ -3486,7 +3481,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2582178"></a>Periodic Task Intervals</h4></div></div></div>
<a name="id2582190"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@ -4533,7 +4528,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585018"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<a name="id2585031"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">trusted-keys {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@ -4542,7 +4537,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585136"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
<a name="id2585080"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@ -4585,7 +4580,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2585216"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2585228"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@ -4836,10 +4831,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2586586"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<a name="id2586599"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2586594"></a>Zone Types</h4></div></div></div>
<a name="id2586606"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@ -5048,7 +5043,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587013"></a>Class</h4></div></div></div>
<a name="id2587026"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@ -5070,7 +5065,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2587046"></a>Zone Options</h4></div></div></div>
<a name="id2587059"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@ -5553,7 +5548,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2588846"></a>Zone File</h2></div></div></div>
<a name="id2588791"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@ -5566,7 +5561,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2588865"></a>Resource Records</h4></div></div></div>
<a name="id2588809"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@ -6217,7 +6212,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2590279"></a>Textual expression of RRs</h4></div></div></div>
<a name="id2590224"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@ -6420,7 +6415,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2590800"></a>Discussion of MX Records</h3></div></div></div>
<a name="id2590812"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@ -6678,7 +6673,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591419"></a>Inverse Mapping in IPv4</h3></div></div></div>
<a name="id2591432"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@ -6739,7 +6734,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591546"></a>Other Zone File Directives</h3></div></div></div>
<a name="id2591559"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@ -6754,7 +6749,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591569"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<a name="id2591581"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@ -6782,7 +6777,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591629"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<a name="id2591642"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@ -6818,7 +6813,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2591767"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<a name="id2591780"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@ -6837,7 +6832,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2591803"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<a name="id2591816"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>

14
contrib/bind9/doc/arm/Bv9ARM.ch07.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.54 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.54.10.1 2007/07/09 02:25:51 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592480"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592492"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592625">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592684">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592569">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592629">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@ -118,7 +118,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592480"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span>
<a name="id2592492"></a><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym> in a <span class="emphasis"><em>chrooted</em></span> environment
@ -142,7 +142,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592625"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<a name="id2592569"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@ -170,7 +170,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592684"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<a name="id2592629"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use

18
contrib/bind9/doc/arm/Bv9ARM.ch08.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.53 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.53.10.1 2007/07/09 02:25:52 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592764">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2592838">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592850">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592867">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592709">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2592714">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592726">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592743">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592764"></a>Common Problems</h2></div></div></div>
<a name="id2592709"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2592838"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<a name="id2592714"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592850"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<a name="id2592726"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers-they aren't date
related. A lot of people set them to a number that represents a
@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592867"></a>Where Can I Get Help?</h2></div></div></div>
<a name="id2592743"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range

182
contrib/bind9/doc/arm/Bv9ARM.ch09.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.56 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.56.10.1 2007/07/09 02:25:52 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2592997">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593078">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593159">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593172">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596326">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596339">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2592997"></a>Acknowledgments</h2></div></div></div>
<a name="id2593078"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@ -149,7 +149,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2593159"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<a name="id2593172"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@ -236,17 +236,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2593347"></a>Bibliography</h4></div></div></div>
<a name="id2593360"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
<a name="id2593357"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
<a name="id2593370"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
<a name="id2593381"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2593394"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2593404"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
<a name="id2593417"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@ -254,42 +254,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
<a name="id2593441"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
<a name="id2593453"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593467"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
<a name="id2593480"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2593493"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2593506"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2593517"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2593530"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2593541"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2593554"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593596"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
<a name="id2593609"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2593623"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2593636"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2593650"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2593662"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2593712"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2593724"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2593741"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2593754"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2593771"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2593784"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2593798"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2593811"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@ -298,19 +298,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
<a name="id2593880"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2593893"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2593907"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2593920"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2593943"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2593956"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2594008"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2594021"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
<a name="id2594073"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2594086"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@ -318,146 +318,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
<a name="id2594147"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
<a name="id2594160"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2594172"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2594185"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2594241"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2594253"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594276"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2594289"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
<a name="id2594322"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2594334"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
<a name="id2594448"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2594460"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2594485"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2594498"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2594520"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2594533"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594574"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2594587"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2594613"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2594626"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2594638"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2594651"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2594664"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2594677"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2594691"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2594704"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2594717"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2594730"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2594757"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2594770"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2594787"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2594800"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2594817"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2594829"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594859"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2594872"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2594892"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2594905"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2594919"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2594932"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2594942"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2594955"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595000"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2595013"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
<a name="id2595032"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2595045"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2595058"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2595070"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
<a name="id2595080"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2595093"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2595104"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2595116"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2595149"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2595162"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595173"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2595186"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
<a name="id2595230"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2595243"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
<a name="id2595254"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2595267"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2595281"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2595293"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2595307"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2595320"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
<a name="id2595344"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2595356"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
<a name="id2595389"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2595402"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2595421"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2595434"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595467"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2595480"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2595502"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2595515"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@ -473,50 +473,50 @@
</p>
</div>
<div class="biblioentry">
<a name="id2595547"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2595560"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
<a name="id2595570"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2595582"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2595595"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2595608"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
<a name="id2595621"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2595634"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2595644"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2595657"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2595690"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2595703"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
<a name="id2595714"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2595726"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2595740"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2595753"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2595766"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2595779"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2595802"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2595815"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
<a name="id2595833"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2595846"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
<a name="id2595891"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2595904"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2595917"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2595930"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@ -530,39 +530,39 @@
</p>
</div>
<div class="biblioentry">
<a name="id2595965"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2595978"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2596005"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2596018"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
<a name="id2596032"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2596044"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
<a name="id2596061"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2596074"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
<a name="id2596087"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2596100"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
<a name="id2596114"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2596126"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
<a name="id2596150"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2596163"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2596186"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2596199"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
<a name="id2596213"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2596226"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2596240"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2596252"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
<a name="id2596284"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2596297"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@ -583,14 +583,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2596326"></a>Other Documents About <acronym class="acronym">BIND</acronym>
<a name="id2596339"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2596336"></a>Bibliography</h4></div></div></div>
<a name="id2596348"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
<a name="id2596338"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
<a name="id2596350"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>

2
contrib/bind9/doc/arm/Bv9ARM.ch10.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.6 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.6.10.1 2007/07/09 02:25:52 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

140
contrib/bind9/doc/arm/Bv9ARM.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: Bv9ARM.html,v 1.85.18.57 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: Bv9ARM.html,v 1.85.18.57.10.1 2007/07/09 02:25:52 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -40,7 +40,7 @@
<div class="titlepage">
<div>
<div><h1 class="title">
<a name="id2563153"></a>BIND 9 Administrator Reference Manual</h1></div>
<a name="id2563411"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="copyright">Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
</div>
@ -53,37 +53,37 @@
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564115">Scope of Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564138">Organization of This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563473">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564746">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563472">Conventions Used in This Document</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564813">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564768">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564802">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564886">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567284">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567525">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567587">Name Servers in Multiple Roles</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564835">DNS Fundamentals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564869">Domains and Domain Names</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564953">Zones</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567283">Authoritative Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567524">Caching Name Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567586">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567621">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567648">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567660">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567687">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567698">Supported Operating Systems</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Hardware requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567646">CPU Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567659">Memory Requirements</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567686">Name Server Intensive Environment Issues</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567697">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568003">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568019">An Authoritative-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568002">A Caching-only Name Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568018">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568041">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568040">Load Balancing</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568464">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2569972">Signals</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568469">Tools for Use With the Name Server Daemon</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570039">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@ -92,33 +92,33 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570429">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570428">Split DNS</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570949">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571022">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571033">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571141">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571198">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571243">Errors</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570948">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571021">Copying the Shared Secret to Both Machines</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571032">Informing the Servers of the Key's Existence</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571140">Instructing the Server to Use the Key</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571197">TSIG Key Based Access Control</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571242">Errors</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571257">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571306">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571256">TKEY</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571305">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571579">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571649">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571728">Configuring Servers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571578">Generating Keys</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571648">Signing the Zone</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571726">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571802">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571801">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572001">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572022">Address to Name Lookups Using Nibble Format</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572000">Address Lookups Using AAAA Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572021">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572055">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572054">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@ -126,83 +126,83 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573470">Comment Syntax</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573333">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574151"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574013"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574341"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574203"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574770"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574785"><span><strong class="command">include</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574632"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574647"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574808"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574829"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574920"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575046"><span><strong class="command">logging</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574670"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574692"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574782"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574908"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576396"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576470"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576534"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576578"><span><strong class="command">masters</strong></span> Statement Definition and
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576395"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576469"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576533"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576577"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576593"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576592"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585018"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585136"><span><strong class="command">trusted-keys</strong></span> Statement Definition
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585031"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585080"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585216"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585228"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586586"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586599"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2588846">Zone File</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2588791">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590800">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590812">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591419">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591546">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591803"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591432">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591559">Other Zone File Directives</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591816"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592480"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592492"><span><strong class="command">chroot</strong></span> and <span><strong class="command">setuid</strong></span></a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592625">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592684">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592569">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592629">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592764">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2592838">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592850">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592867">Where Can I Get Help?</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592709">Common Problems</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2592714">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592726">Incrementing and Changing the Serial Number</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592743">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2592997">Acknowledgments</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593078">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593159">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593172">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596326">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596339">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>

2573
contrib/bind9/doc/arm/Bv9ARM.pdf
View File

File diff suppressed because one or more lines are too long

20
contrib/bind9/doc/arm/man.dig.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dig.html,v 1.2.2.37 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.dig.html,v 1.2.2.37.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2564009"></a><h2>DESCRIPTION</h2>
<a name="id2564026"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -98,7 +98,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2572153"></a><h2>SIMPLE USAGE</h2>
<a name="id2575037"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -144,7 +144,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2572264"></a><h2>OPTIONS</h2>
<a name="id2575148"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -244,7 +244,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2649124"></a><h2>QUERY OPTIONS</h2>
<a name="id2649141"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -563,7 +563,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650042"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2650059"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -609,7 +609,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650196"></a><h2>IDN SUPPORT</h2>
<a name="id2650213"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -623,14 +623,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650225"></a><h2>FILES</h2>
<a name="id2650242"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650246"></a><h2>SEE ALSO</h2>
<a name="id2650263"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -638,7 +638,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2650352"></a><h2>BUGS</h2>
<a name="id2650300"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

14
contrib/bind9/doc/arm/man.dnssec-keygen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-keygen.html,v 1.2.2.37 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.dnssec-keygen.html,v 1.2.2.37.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2597473"></a><h2>DESCRIPTION</h2>
<a name="id2597558"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC &lt;TBA\&gt;. It can also generate keys for use with
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597555"></a><h2>OPTIONS</h2>
<a name="id2597572"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -166,7 +166,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2597966"></a><h2>GENERATED KEYS</h2>
<a name="id2598052"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -212,7 +212,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2598074"></a><h2>EXAMPLE</h2>
<a name="id2598160"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -233,7 +233,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2598131"></a><h2>SEE ALSO</h2>
<a name="id2600196"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>,
@ -242,7 +242,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600824"></a><h2>AUTHOR</h2>
<a name="id2600227"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.dnssec-signzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.dnssec-signzone.html,v 1.2.2.35 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.dnssec-signzone.html,v 1.2.2.35.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2598526"></a><h2>DESCRIPTION</h2>
<a name="id2598407"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2598546"></a><h2>OPTIONS</h2>
<a name="id2598426"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -257,7 +257,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623261"></a><h2>EXAMPLE</h2>
<a name="id2622323"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
@ -283,14 +283,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2641212"></a><h2>SEE ALSO</h2>
<a name="id2641229"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2535</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652706"></a><h2>AUTHOR</h2>
<a name="id2652723"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
contrib/bind9/doc/arm/man.host.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.host.html,v 1.2.2.36 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.host.html,v 1.2.2.36.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2596643"></a><h2>DESCRIPTION</h2>
<a name="id2596661"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -202,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597157"></a><h2>IDN SUPPORT</h2>
<a name="id2597312"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -216,12 +216,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597186"></a><h2>FILES</h2>
<a name="id2597340"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2597200"></a><h2>SEE ALSO</h2>
<a name="id2599061"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

12
contrib/bind9/doc/arm/man.named-checkconf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkconf.html,v 1.2.2.38 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.named-checkconf.html,v 1.2.2.38.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,14 +50,14 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2600049"></a><h2>DESCRIPTION</h2>
<a name="id2599724"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a named
configuration file.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600062"></a><h2>OPTIONS</h2>
<a name="id2599738"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -88,20 +88,20 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2600164"></a><h2>RETURN VALUES</h2>
<a name="id2599840"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600178"></a><h2>SEE ALSO</h2>
<a name="id2599853"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2600199"></a><h2>AUTHOR</h2>
<a name="id2599875"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.named-checkzone.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named-checkzone.html,v 1.2.2.40 2007/01/30 00:23:46 marka Exp $ -->
<!-- $Id: man.named-checkzone.html,v 1.2.2.40.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2602354"></a><h2>DESCRIPTION</h2>
<a name="id2601347"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2602404"></a><h2>OPTIONS</h2>
<a name="id2601397"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -251,21 +251,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2654862"></a><h2>RETURN VALUES</h2>
<a name="id2654948"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2654876"></a><h2>SEE ALSO</h2>
<a name="id2654962"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2654901"></a><h2>AUTHOR</h2>
<a name="id2654986"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

16
contrib/bind9/doc/arm/man.named.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.named.html,v 1.2.2.43 2007/02/02 04:33:09 marka Exp $ -->
<!-- $Id: man.named.html,v 1.2.2.43.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2602900"></a><h2>DESCRIPTION</h2>
<a name="id2601554"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2602931"></a><h2>OPTIONS</h2>
<a name="id2601585"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -198,7 +198,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604871"></a><h2>SIGNALS</h2>
<a name="id2602364"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604921"></a><h2>CONFIGURATION</h2>
<a name="id2602414"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -228,7 +228,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604940"></a><h2>FILES</h2>
<a name="id2602434"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -241,7 +241,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604984"></a><h2>SEE ALSO</h2>
<a name="id2603911"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -252,7 +252,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605035"></a><h2>AUTHOR</h2>
<a name="id2603962"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.rndc-confgen.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc-confgen.html,v 1.2.2.44 2007/02/02 04:33:09 marka Exp $ -->
<!-- $Id: man.rndc-confgen.html,v 1.2.2.44.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2605267"></a><h2>DESCRIPTION</h2>
<a name="id2603716"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605469"></a><h2>OPTIONS</h2>
<a name="id2604055"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -171,7 +171,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2605856"></a><h2>EXAMPLES</h2>
<a name="id2606557"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -188,7 +188,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605912"></a><h2>SEE ALSO</h2>
<a name="id2606614"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -196,7 +196,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2608476"></a><h2>AUTHOR</h2>
<a name="id2606652"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.rndc.conf.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.conf.html,v 1.2.2.43 2007/02/02 04:33:09 marka Exp $ -->
<!-- $Id: man.rndc.conf.html,v 1.2.2.43.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2604307"></a><h2>DESCRIPTION</h2>
<a name="id2599206"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -135,7 +135,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604478"></a><h2>EXAMPLE</h2>
<a name="id2603201"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -209,7 +209,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605078"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2603459"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -219,7 +219,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605104"></a><h2>SEE ALSO</h2>
<a name="id2603484"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -227,7 +227,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2605142"></a><h2>AUTHOR</h2>
<a name="id2603523"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
contrib/bind9/doc/arm/man.rndc.html
View File

@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.2.2.42 2007/02/02 04:33:09 marka Exp $ -->
<!-- $Id: man.rndc.html,v 1.2.2.42.10.1 2007/07/09 02:25:53 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2603458"></a><h2>DESCRIPTION</h2>
<a name="id2602522"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -79,7 +79,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2603508"></a><h2>OPTIONS</h2>
<a name="id2602572"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604136"></a><h2>LIMITATIONS</h2>
<a name="id2602928"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@ -166,7 +166,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604167"></a><h2>SEE ALSO</h2>
<a name="id2602958"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>
@ -175,7 +175,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2604282"></a><h2>AUTHOR</h2>
<a name="id2603005"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

499
contrib/bind9/lib/dns/dispatch.c
View File

@ -15,21 +15,23 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dispatch.c,v 1.116.18.13 2007/02/07 23:57:58 marka Exp $ */
/* $Id: dispatch.c,v 1.116.18.13.10.4 2007/06/27 04:17:45 marka Exp $ */
/*! \file */
#include <config.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
#include <isc/entropy.h>
#include <isc/lfsr.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/print.h>
#include <isc/string.h>
#include <isc/task.h>
#include <isc/time.h>
#include <isc/util.h>
#include <dns/acl.h>
@ -43,13 +45,22 @@
typedef ISC_LIST(dns_dispentry_t) dns_displist_t;
typedef struct dns_nsid {
isc_uint16_t nsid_state;
isc_uint16_t *nsid_vtable;
isc_uint16_t *nsid_pool;
isc_uint16_t nsid_a1, nsid_a2, nsid_a3;
isc_uint16_t nsid_c1, nsid_c2, nsid_c3;
isc_uint16_t nsid_state2;
isc_boolean_t nsid_usepool;
} dns_nsid_t;
typedef struct dns_qid {
unsigned int magic;
unsigned int qid_nbuckets; /*%< hash table size */
unsigned int qid_increment; /*%< id increment on collision */
isc_mutex_t lock;
isc_lfsr_t qid_lfsr1; /*%< state generator info */
isc_lfsr_t qid_lfsr2; /*%< state generator info */
dns_nsid_t nsid;
dns_displist_t *qid_table; /*%< the table itself */
} dns_qid_t;
@ -158,7 +169,7 @@ static void destroy_disp(isc_task_t *task, isc_event_t *event);
static void udp_recv(isc_task_t *, isc_event_t *);
static void tcp_recv(isc_task_t *, isc_event_t *);
static void startrecv(dns_dispatch_t *);
static dns_messageid_t dns_randomid(dns_qid_t *);
static dns_messageid_t dns_randomid(dns_nsid_t *);
static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t);
static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len);
static void *allocate_udp_buffer(dns_dispatch_t *disp);
@ -179,8 +190,12 @@ static isc_result_t dispatch_createudp(dns_dispatchmgr_t *mgr,
static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr);
static void destroy_mgr(dns_dispatchmgr_t **mgrp);
static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
unsigned int increment, dns_qid_t **qidp);
unsigned int increment, isc_boolean_t usepool,
dns_qid_t **qidp);
static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
static isc_uint16_t nsid_next(dns_nsid_t *nsid);
static isc_result_t nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool);
static void nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid);
#define LVL(x) ISC_LOG_DEBUG(x)
@ -260,38 +275,16 @@ request_log(dns_dispatch_t *disp, dns_dispentry_t *resp,
}
}
static void
reseed_lfsr(isc_lfsr_t *lfsr, void *arg)
{
dns_dispatchmgr_t *mgr = arg;
isc_result_t result;
isc_uint32_t val;
REQUIRE(VALID_DISPATCHMGR(mgr));
if (mgr->entropy != NULL) {
result = isc_entropy_getdata(mgr->entropy, &val, sizeof(val),
NULL, 0);
INSIST(result == ISC_R_SUCCESS);
lfsr->count = (val & 0x1f) + 32;
lfsr->state = val;
return;
}
lfsr->count = (random() & 0x1f) + 32; /* From 32 to 63 states */
lfsr->state = random();
}
/*
* Return an unpredictable message ID.
*/
static dns_messageid_t
dns_randomid(dns_qid_t *qid) {
dns_randomid(dns_nsid_t *nsid) {
isc_uint32_t id;
id = isc_lfsr_generate32(&qid->qid_lfsr1, &qid->qid_lfsr2);
id = nsid_next(nsid);
return (dns_messageid_t)(id & 0xFFFF);
return ((dns_messageid_t)id);
}
/*
@ -631,6 +624,9 @@ udp_recv(isc_task_t *task, isc_event_t *ev_in) {
goto restart;
}
dns_dispatch_hash(&ev->timestamp, sizeof(&ev->timestamp));
dns_dispatch_hash(ev->region.base, ev->region.length);
/* response */
bucket = dns_hash(qid, &ev->address, id);
LOCK(&qid->lock);
@ -865,6 +861,8 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) {
goto restart;
}
dns_dispatch_hash(tcpmsg->buffer.base, tcpmsg->buffer.length);
/*
* Response.
*/
@ -1252,7 +1250,7 @@ dns_dispatchmgr_setudp(dns_dispatchmgr_t *mgr,
isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock);
result = qid_allocate(mgr, buckets, increment, &mgr->qid);
result = qid_allocate(mgr, buckets, increment, ISC_TRUE, &mgr->qid);
if (result != ISC_R_SUCCESS)
goto cleanup;
@ -1398,7 +1396,7 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local,
static isc_result_t
qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
unsigned int increment, dns_qid_t **qidp)
unsigned int increment, isc_boolean_t usepool, dns_qid_t **qidp)
{
dns_qid_t *qid;
unsigned int i;
@ -1420,8 +1418,17 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
return (ISC_R_NOMEMORY);
}
result = nsid_init(mgr->mctx, &qid->nsid, usepool);
if (result != ISC_R_SUCCESS) {
isc_mem_put(mgr->mctx, qid->qid_table,
buckets * sizeof(dns_displist_t));
isc_mem_put(mgr->mctx, qid, sizeof(*qid));
return (ISC_R_NOMEMORY);
}
result = isc_mutex_init(&qid->lock);
if (result != ISC_R_SUCCESS) {
nsid_destroy(mgr->mctx, &qid->nsid);
isc_mem_put(mgr->mctx, qid->qid_table,
buckets * sizeof(dns_displist_t));
isc_mem_put(mgr->mctx, qid, sizeof(*qid));
@ -1434,21 +1441,6 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
qid->qid_nbuckets = buckets;
qid->qid_increment = increment;
qid->magic = QID_MAGIC;
/*
* Initialize to a 32-bit LFSR. Both of these are from Applied
* Cryptography.
*
* lfsr1:
* x^32 + x^7 + x^5 + x^3 + x^2 + x + 1
*
* lfsr2:
* x^32 + x^7 + x^6 + x^2 + 1
*/
isc_lfsr_init(&qid->qid_lfsr1, 0, 32, 0x80000057U,
0, reseed_lfsr, mgr);
isc_lfsr_init(&qid->qid_lfsr2, 0, 32, 0x80000062U,
0, reseed_lfsr, mgr);
*qidp = qid;
return (ISC_R_SUCCESS);
}
@ -1464,6 +1456,7 @@ qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp) {
*qidp = NULL;
qid->magic = 0;
nsid_destroy(mctx, &qid->nsid);
isc_mem_put(mctx, qid->qid_table,
qid->qid_nbuckets * sizeof(dns_displist_t));
DESTROYLOCK(&qid->lock);
@ -1605,7 +1598,7 @@ dns_dispatch_createtcp(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
return (result);
}
result = qid_allocate(mgr, buckets, increment, &disp->qid);
result = qid_allocate(mgr, buckets, increment, ISC_FALSE, &disp->qid);
if (result != ISC_R_SUCCESS)
goto deallocate_dispatch;
@ -1926,7 +1919,7 @@ dns_dispatch_addresponse(dns_dispatch_t *disp, isc_sockaddr_t *dest,
*/
qid = DNS_QID(disp);
LOCK(&qid->lock);
id = dns_randomid(qid);
id = dns_randomid(&qid->nsid);
bucket = dns_hash(qid, dest, id);
ok = ISC_FALSE;
for (i = 0; i < 64; i++) {
@ -2269,3 +2262,409 @@ dns_dispatchmgr_dump(dns_dispatchmgr_t *mgr) {
}
}
#endif
/*
* Allow the user to pick one of two ID randomization algorithms.
*
* The first algorithm is an adaptation of the sequence shuffling
* algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math.
* Software 2 (1976), 59-64], as documented as Algorithm B in Chapter
* 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming". We use
* a randomly selected linear congruential random number generator with a
* modulus of 2^16, whose increment is a randomly picked odd number, and
* whose multiplier is picked from a set which meets the following
* criteria:
* Is of the form 8*n+5, which ensures "high potency" according to
* principle iii in the summary chapter 3.6. This form also has a
* gcd(a-1,m) of 4 which is good according to principle iv.
*
* Is between 0.01 and 0.99 times the modulus as specified by
* principle iv.
*
* Passes the spectral test "with flying colors" (ut >= 1) in
* dimensions 2 through 6 as calculated by Algorithm S in Chapter
* 3.3.4 and the ratings calculated by formula 35 in section E.
*
* Of the multipliers that pass this test, pick the set that is
* best according to the theoretical bounds of the serial
* correlation test. This was calculated using a simplified
* version of Knuth's Theorem K in Chapter 3.3.3.
*
* These criteria may not be important for this use, but we might as well
* pick from the best generators since there are so many possible ones and
* we don't have that many random bits to do the picking.
*
* We use a modulus of 2^16 instead of something bigger so that we will
* tend to cycle through all the possible IDs before repeating any,
* however the shuffling will perturb this somewhat. Theoretically there
* is no minimimum interval between two uses of the same ID, but in
* practice it seems to be >64000.
*
* Our adaptatation of Algorithm B mixes the hash state which has
* captured various random events into the shuffler to perturb the
* sequence.
*
* One disadvantage of this algorithm is that if the generator parameters
* were to be guessed, it would be possible to mount a limited brute force
* attack on the ID space since the IDs are only shuffled within a limited
* range.
*
* The second algorithm uses the same random number generator to populate
* a pool of 65536 IDs. The hash state is used to pick an ID from a window
* of 4096 IDs in this pool, then the chosen ID is swapped with the ID
* at the beginning of the window and the window position is advanced.
* This means that the interval between uses of the ID will be no less
* than 65536-4096. The ID sequence in the pool will become more random
* over time.
*
* For both algorithms, two more linear congruential random number generators
* are selected. The ID from the first part of algorithm is used to seed
* the first of these generators, and its output is used to seed the second.
* The strategy is use these generators as 1 to 1 hashes to obfuscate the
* properties of the generator used in the first part of either algorithm.
*
* The first algorithm may be suitable for use in a client resolver since
* its memory requirements are fairly low and it's pretty random out of
* the box. It is somewhat succeptible to a limited brute force attack,
* so the second algorithm is probably preferable for a longer running
* program that issues a large number of queries and has time to randomize
* the pool.
*/
#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */
/*
* Pick one of the next 4096 IDs in the pool.
* There is a tradeoff here between randomness and how often and ID is reused.
*/
#define NSID_LOOKAHEAD 4096 /* Must be a power of 2 */
#define NSID_SHUFFLE_ONLY 1 /* algorithm 1 */
#define NSID_USE_POOL 2 /* algorithm 2 */
#define NSID_HASHSHIFT 3
#define NSID_HASHROTATE(v) \
(((v) << NSID_HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - NSID_HASHSHIFT)))
static isc_uint32_t nsid_hash_state;
/*
* Keep a running hash of various bits of data that we'll use to
* stir the ID pool or perturb the ID generator
*/
static void
nsid_hash(void *data, size_t len) {
unsigned char *p = data;
/*
* Hash function similar to the one we use for hashing names.
* We don't fold case or toss the upper bit here, though.
* This hash doesn't do much interesting when fed binary zeros,
* so there may be a better hash function.
* This function doesn't need to be very strong since we're
* only using it to stir the pool, but it should be reasonably
* fast.
*/
/*
* We don't care about locking access to nsid_hash_state.
* In fact races make the result even more non deteministic.
*/
while (len-- > 0U) {
nsid_hash_state = NSID_HASHROTATE(nsid_hash_state);
nsid_hash_state += *p++;
}
}
/*
* Table of good linear congruential multipliers for modulus 2^16
* in order of increasing serial correlation bounds (so trim from
* the end).
*/
static const isc_uint16_t nsid_multiplier_table[] = {
17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421,
26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437,
39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805,
11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989,
19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461,
29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061,
47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341,
51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653,
23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789,
36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837,
41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085,
56933, 8877, 8973, 9885, 11365, 11813, 13581, 13589,
13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205,
17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869,
25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901,
34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285,
40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469,
46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397,
55669, 56453, 56965, 58021, 7757, 7781, 8333, 9661,
12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701,
24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757,
34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157,
41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389,
56845, 7045, 7749, 7965, 8469, 9133, 9549, 9789,
10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477,
15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013,
19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309,
27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301,
37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437,
44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117,
5293, 55069, 55989, 58125, 59205, 6869, 14685, 15453,
16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445,
25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725,
37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813,
45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325,
56365, 56381, 56877, 57013, 5741, 58101, 58669, 8613,
10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877,
17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765,
29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453,
41653, 42165, 42365, 47421, 48029, 48085, 52773, 5573,
57037, 57637, 58341, 58357, 58901, 6357, 7789, 9093,
10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773,
15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685,
23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181,
37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381,
47589, 48557, 4941, 51069, 5165, 52797, 53149, 5341,
56301, 56765, 58581, 59493, 59677, 6085, 6349, 8293,
8501, 8517, 11597, 11709, 12589, 12693, 13517, 14909,
17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189,
30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309,
40037, 4189, 42909, 44309, 44357, 44389, 4541, 45461,
46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901,
5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341,
21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485,
30605, 30613, 30789, 35437, 36285, 37189, 3941, 41797,
4269, 42901, 43293, 44645, 45221, 46893, 4893, 50301,
50325, 5189, 52109, 53517, 54053, 54485, 5525, 55949,
56973, 59069, 59421, 60733, 61253, 6421, 6701, 6709,
7101, 8669, 15797, 19221, 19837, 20133, 20957, 21293,
21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565,
38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341,
50597, 51757, 5541, 57629, 58405, 59621, 59693, 59701,
61837, 7061, 10421, 11949, 15405, 20861, 25397, 25509,
25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637,
36365, 37285, 3773, 39117, 4021, 41061, 42653, 44509,
4461, 44829, 4725, 5125, 52269, 56469, 59085, 5917,
60973, 8349, 17725, 18637, 19773, 20293, 21453, 22533,
24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477,
41333, 44125, 46285, 46997, 47637, 48173, 4925, 50253,
50381, 50917, 51205, 51325, 52165, 52229, 5253, 5269,
53509, 56253, 56341, 5821, 58373, 60301, 61653, 61973,
62373, 8397, 11981, 14341, 14509, 15077, 22261, 22429,
24261, 28165, 28685, 30661, 34021, 34445, 39149, 3917,
43013, 43317, 44053, 44101, 4533, 49541, 49981, 5277,
54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197,
62189, 7725, 8477, 9565, 10229, 11437, 14613, 14709,
16813, 20029, 20677, 31445, 3165, 31957, 3229, 33541,
36645, 3805, 38973, 3965, 4029, 44293, 44557, 46245,
48917, 4909, 51749, 53709, 55733, 56445, 5925, 6093,
61053, 62637, 8661, 9109, 10821, 11389, 13813, 14325,
15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709,
33973, 34173, 3677, 3877, 3981, 39885, 42117, 4421,
44221, 44245, 44693, 46157, 47309, 5005, 51461, 52037,
55333, 55693, 56277, 58949, 6205, 62141, 62469, 6293,
10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109,
2773, 2877, 29405, 31493, 31645, 4077, 42005, 42077,
42469, 42501, 44013, 48653, 49349, 4997, 50101, 55405,
56957, 58037, 59429, 60749, 61797, 62381, 62837, 6605,
10541, 23981, 24533, 2701, 27333, 27341, 31197, 33805,
3621, 37381, 3749, 3829, 38533, 42613, 44381, 45901,
48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013,
15461, 16069, 16157, 18573, 2309, 23501, 28645, 3077,
31541, 36357, 36877, 3789, 39429, 39805, 47685, 47949,
49413, 5485, 56757, 57549, 57805, 58317, 59549, 62213,
62613, 62853, 62933, 8909, 12941, 16677, 20333, 21541,
24429, 26077, 26421, 2885, 31269, 33381, 3661, 40925,
42925, 45173, 4525, 4709, 53133, 55941, 57413, 57797,
62125, 62237, 62733, 6773, 12317, 13197, 16533, 16933,
18245, 2213, 2477, 29757, 33293, 35517, 40133, 40749,
4661, 49941, 62757, 7853, 8149, 8573, 11029, 13421,
21549, 22709, 22725, 24629, 2469, 26125, 2669, 34253,
36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
60997, 61189, 61981, 62605, 62821, 7077, 7525, 8781,
10861, 15277, 2205, 22077, 28517, 28949, 32109, 33493,
4661, 49941, 62757, 7853, 8149, 8573, 11029, 13421,
21549, 22709, 22725, 24629, 2469, 26125, 2669, 34253,
36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
60997, 61189, 61981, 62605, 62821, 7077, 7525, 8781,
10861, 15277, 2205, 22077, 28517, 28949, 32109, 33493,
3685, 39197, 39869, 42621, 44997, 48565, 5221, 57381,
61749, 62317, 63245, 63381, 23149, 2549, 28661, 31653,
33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349,
60053, 62509, 63069, 6525, 1893, 20181, 2365, 24893,
27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469,
43917, 50997, 53869, 5653, 13221, 16741, 17893, 2157,
28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517,
17453, 18421, 3149, 3205, 40341, 4109, 43941, 46869,
48837, 50621, 57405, 60509, 62877, 8157, 12933, 12957,
16501, 19533, 3461, 36829, 52357, 58189, 58293, 63053,
17109, 1933, 32157, 37701, 59005, 61621, 13029, 15085,
16493, 32317, 35093, 5061, 51557, 62221, 20765, 24613,
2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045,
56229, 61157, 63797, 7917, 17965, 1917, 1973, 20301,
2253, 33157, 58629, 59861, 61085, 63909, 8141, 9221,
14757, 1581, 21637, 26557, 33869, 34285, 35733, 40933,
42517, 43501, 53653, 61885, 63805, 7141, 21653, 54973,
31189, 60061, 60341, 63357, 16045, 2053, 26069, 33997,
43901, 54565, 63837, 8949, 17909, 18693, 32349, 33125,
37293, 48821, 49053, 51309, 64037, 7117, 1445, 20405,
23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461,
37581, 43525, 4357, 43877, 5069, 55197, 63965, 9845,
12093, 2197, 2229, 32165, 33469, 40981, 42397, 8749,
10853, 1453, 18069, 21693, 30573, 36261, 37421, 42533
};
#define NSID_MULT_TABLE_SIZE \
((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0]))
#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1)
#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */
#define NSID_SHUFFLE_ONLY 1
#define NSID_USE_POOL 2
static isc_uint16_t
nsid_next(dns_nsid_t *nsid) {
isc_uint16_t id, compressed_hash;
isc_uint16_t j;
compressed_hash = ((nsid_hash_state >> 16) ^
(nsid_hash_state)) & 0xFFFF;
if (nsid->nsid_usepool) {
isc_uint16_t pick;
pick = compressed_hash & NSID_RANGE_MASK;
pick = (nsid->nsid_state + pick) & NSID_POOL_MASK;
id = nsid->nsid_pool[pick];
if (pick != 0) {
/* Swap two IDs to stir the pool */
nsid->nsid_pool[pick] =
nsid->nsid_pool[nsid->nsid_state];
nsid->nsid_pool[nsid->nsid_state] = id;
}
/* increment the base pointer into the pool */
if (nsid->nsid_state == 65535)
nsid->nsid_state = 0;
else
nsid->nsid_state++;
} else {
/*
* This is the original Algorithm B
* j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) >> 16;
*
* We'll perturb it with some random stuff ...
*/
j = ((isc_uint32_t) NSID_SHUFFLE_TABLE_SIZE *
(nsid->nsid_state2 ^ compressed_hash)) >> 16;
nsid->nsid_state2 = id = nsid->nsid_vtable[j];
nsid->nsid_state = (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
nsid->nsid_c1) & 0xFFFF;
nsid->nsid_vtable[j] = nsid->nsid_state;
}
/* Now lets obfuscate ... */
id = (((isc_uint32_t) nsid->nsid_a2 * id) + nsid->nsid_c2) & 0xFFFF;
id = (((isc_uint32_t) nsid->nsid_a3 * id) + nsid->nsid_c3) & 0xFFFF;
return (id);
}
static isc_result_t
nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool) {
isc_time_t now;
pid_t mypid;
isc_uint16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx;
int i;
isc_time_now(&now);
mypid = getpid();
/* Initialize the state */
memset(nsid, 0, sizeof(*nsid));
nsid_hash(&now, sizeof now);
nsid_hash(&mypid, sizeof mypid);
/*
* Select our random number generators and initial seed.
* We could really use more random bits at this point,
* but we'll try to make a silk purse out of a sows ear ...
*/
/* generator 1 */
a1ndx = ((isc_uint32_t) NSID_MULT_TABLE_SIZE *
(nsid_hash_state & 0xFFFF)) >> 16;
nsid->nsid_a1 = nsid_multiplier_table[a1ndx];
c1ndx = (nsid_hash_state >> 9) & 0x7FFF;
nsid->nsid_c1 = 2 * c1ndx + 1;
/* generator 2, distinct from 1 */
a2ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 1) *
((nsid_hash_state >> 10) & 0xFFFF)) >> 16;
if (a2ndx >= a1ndx)
a2ndx++;
nsid->nsid_a2 = nsid_multiplier_table[a2ndx];
c2ndx = nsid_hash_state % 32767;
if (c2ndx >= c1ndx)
c2ndx++;
nsid->nsid_c2 = 2*c2ndx + 1;
/* generator 3, distinct from 1 and 2 */
a3ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 2) *
((nsid_hash_state >> 20) & 0xFFFF)) >> 16;
if (a3ndx >= a1ndx || a3ndx >= a2ndx)
a3ndx++;
if (a3ndx >= a1ndx && a3ndx >= a2ndx)
a3ndx++;
nsid->nsid_a3 = nsid_multiplier_table[a3ndx];
c3ndx = nsid_hash_state % 32766;
if (c3ndx >= c1ndx || c3ndx >= c2ndx)
c3ndx++;
if (c3ndx >= c1ndx && c3ndx >= c2ndx)
c3ndx++;
nsid->nsid_c3 = 2*c3ndx + 1;
nsid->nsid_state =
((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF;
nsid->nsid_usepool = usepool;
if (nsid->nsid_usepool) {
nsid->nsid_pool = isc_mem_get(mctx, 0x10000 * sizeof(isc_uint16_t));
if (nsid->nsid_pool == NULL)
return (ISC_R_NOMEMORY);
for (i = 0; ; i++) {
nsid->nsid_pool[i] = nsid->nsid_state;
nsid->nsid_state =
(((u_long) nsid->nsid_a1 * nsid->nsid_state) +
nsid->nsid_c1) & 0xFFFF;
if (i == 0xFFFF)
break;
}
} else {
nsid->nsid_vtable = isc_mem_get(mctx, NSID_SHUFFLE_TABLE_SIZE *
(sizeof(isc_uint16_t)) );
if (nsid->nsid_vtable == NULL)
return (ISC_R_NOMEMORY);
for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) {
nsid->nsid_vtable[i] = nsid->nsid_state;
nsid->nsid_state =
(((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
nsid->nsid_c1) & 0xFFFF;
}
nsid->nsid_state2 = nsid->nsid_state;
}
return (ISC_R_SUCCESS);
}
static void
nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid) {
if (nsid->nsid_usepool)
isc_mem_put(mctx, nsid->nsid_pool,
0x10000 * sizeof(isc_uint16_t));
else
isc_mem_put(mctx, nsid->nsid_vtable,
NSID_SHUFFLE_TABLE_SIZE * (sizeof(isc_uint16_t)) );
memset(nsid, 0, sizeof(*nsid));
}
void
dns_dispatch_hash(void *data, size_t len) {
nsid_hash(data, len);
}

9
contrib/bind9/lib/dns/include/dns/dispatch.h
View File

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dispatch.h,v 1.48.18.2 2005/04/29 00:16:12 marka Exp $ */
/* $Id: dispatch.h,v 1.48.18.2.22.1 2007/06/26 02:58:54 marka Exp $ */
#ifndef DNS_DISPATCH_H
#define DNS_DISPATCH_H 1
@ -441,6 +441,13 @@ dns_dispatch_importrecv(dns_dispatch_t *disp, isc_event_t *event);
* event != NULL
*/
void
dns_dispatch_hash(void *data, size_t len);
/*%<
* Feed 'data' to the dispatch query id generator where 'len' is the size
* of 'data'.
*/
ISC_LANG_ENDDECLS
#endif /* DNS_DISPATCH_H */

6
contrib/bind9/version
View File

@ -1,4 +1,4 @@
# $Id: version,v 1.29.134.13.8.1 2007/04/30 01:11:30 marka Exp $
# $Id: version,v 1.29.134.13.8.2 2007/06/27 02:10:22 marka Exp $
#
# This file must follow /bin/sh rules. It is imported directly via
# configure.
@ -6,5 +6,5 @@
MAJORVER=9
MINORVER=4
PATCHVER=1
RELEASETYPE=
RELEASEVER=
RELEASETYPE=-P
RELEASEVER=1