From 30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 22 Oct 2015 16:09:46 +1100 Subject: [PATCH] cleanup trailing white space in SGML like files --- FAQ.xml | 106 ++++++++++----------- bin/check/named-checkconf.docbook | 8 +- bin/check/named-checkzone.docbook | 12 +-- bin/confgen/ddns-confgen.docbook | 8 +- bin/confgen/rndc-confgen.docbook | 8 +- bin/delv/delv.docbook | 14 +-- bin/dig/dig.docbook | 22 ++--- bin/dig/host.docbook | 8 +- bin/dig/nslookup.docbook | 10 +- bin/dnssec/dnssec-dsfromkey.docbook | 14 +-- bin/dnssec/dnssec-importkey.docbook | 14 +-- bin/dnssec/dnssec-keyfromlabel.docbook | 14 +-- bin/dnssec/dnssec-keygen.docbook | 16 ++-- bin/dnssec/dnssec-revoke.docbook | 8 +- bin/dnssec/dnssec-settime.docbook | 20 ++-- bin/dnssec/dnssec-signzone.docbook | 14 +-- bin/dnssec/dnssec-verify.docbook | 6 +- bin/named/bind9.xsl | 6 +- bin/named/lwresd.docbook | 12 +-- bin/named/named.conf.docbook | 30 +++--- bin/named/named.docbook | 12 +-- bin/nsupdate/nsupdate.docbook | 14 +-- bin/pkcs11/pkcs11-destroy.docbook | 6 +- bin/pkcs11/pkcs11-keygen.docbook | 6 +- bin/pkcs11/pkcs11-list.docbook | 6 +- bin/pkcs11/pkcs11-tokens.docbook | 6 +- bin/python/dnssec-checkds.docbook | 8 +- bin/python/dnssec-coverage.docbook | 8 +- bin/rndc/rndc.conf.docbook | 8 +- bin/rndc/rndc.docbook | 14 +-- bin/tools/arpaname.docbook | 4 +- bin/tools/dnstap-read.docbook | 6 +- bin/tools/genrandom.docbook | 6 +- bin/tools/isc-hmac-fixup.docbook | 6 +- bin/tools/mdig.docbook | 10 +- bin/tools/named-journalprint.docbook | 8 +- bin/tools/named-rrchecker.docbook | 4 +- bin/tools/nsec3hash.docbook | 6 +- doc/arm/Bv9ARM-book.xml | 10 +- doc/arm/dlz.xml | 6 +- doc/arm/dnssec.xml | 88 ++++++++--------- doc/arm/dyndb.xml | 6 +- doc/arm/libdns.xml | 30 +++--- doc/arm/managed-keys.xml | 26 ++--- doc/arm/notes-wrapper.xml | 2 +- doc/arm/notes.xml | 20 ++-- doc/arm/pkcs11.xml | 58 +++++------ doc/xsl/copyright.xsl | 2 +- doc/xsl/isc-docbook-chunk.xsl.in | 4 +- doc/xsl/isc-docbook-html.xsl.in | 4 +- doc/xsl/isc-docbook-text.xsl | 4 +- doc/xsl/isc-manpage.xsl.in | 6 +- doc/xsl/isc-notes-html.xsl.in | 4 +- doc/xsl/notes-param.xsl | 2 +- doc/xsl/pre-latex.xsl | 2 +- isc-config.sh.docbook | 6 +- lib/lwres/man/lwres.docbook | 10 +- lib/lwres/man/lwres_buffer.docbook | 2 +- lib/lwres/man/lwres_config.docbook | 8 +- lib/lwres/man/lwres_context.docbook | 6 +- lib/lwres/man/lwres_gabn.docbook | 6 +- lib/lwres/man/lwres_gai_strerror.docbook | 4 +- lib/lwres/man/lwres_getaddrinfo.docbook | 6 +- lib/lwres/man/lwres_gethostent.docbook | 8 +- lib/lwres/man/lwres_getipnode.docbook | 6 +- lib/lwres/man/lwres_getnameinfo.docbook | 8 +- lib/lwres/man/lwres_getrrsetbyname.docbook | 6 +- lib/lwres/man/lwres_gnba.docbook | 6 +- lib/lwres/man/lwres_hstrerror.docbook | 6 +- lib/lwres/man/lwres_inetntop.docbook | 6 +- lib/lwres/man/lwres_noop.docbook | 6 +- lib/lwres/man/lwres_packet.docbook | 4 +- lib/lwres/man/lwres_resutil.docbook | 6 +- util/update_copyrights | 8 ++ 74 files changed, 444 insertions(+), 436 deletions(-) diff --git a/FAQ.xml b/FAQ.xml index bd0d4cb92e..cd216e6ec5 100644 --- a/FAQ.xml +++ b/FAQ.xml @@ -17,7 +17,7 @@
- + 2004 @@ -40,9 +40,9 @@ - - Compilation and Installation Questions - + + Compilation and Installation Questions + @@ -58,7 +58,7 @@ - + @@ -67,7 +67,7 @@ - Short Answer: No. + Short Answer: No. Long Answer: There really isn't a default configuration which fits @@ -90,9 +90,9 @@ - + - + Configuration and Setup Questions @@ -122,7 +122,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 ) - + @@ -248,7 +248,7 @@ view "chaos" chaos { - + @@ -263,7 +263,7 @@ view "chaos" chaos { - + @@ -356,7 +356,7 @@ Slave 10.0.1.2: - + @@ -389,7 +389,7 @@ named-checkzone example.com tmp - + @@ -413,7 +413,7 @@ named-checkzone example.com tmp - + @@ -508,7 +508,7 @@ Master 10.0.1.1: - + @@ -548,7 +548,7 @@ Master 10.0.1.1: - + @@ -600,7 +600,7 @@ zone "example.net" { - + @@ -691,9 +691,9 @@ server ::/0 { bogus yes; }; - + - + Operations Questions @@ -765,7 +765,7 @@ server ::/0 { bogus yes; }; General Questions - + @@ -810,7 +810,7 @@ server ::/0 { bogus yes; }; - + @@ -845,7 +845,7 @@ server ::/0 { bogus yes; }; - + @@ -863,7 +863,7 @@ server ::/0 { bogus yes; }; - + @@ -879,7 +879,7 @@ server ::/0 { bogus yes; }; - + @@ -906,7 +906,7 @@ serial-query-rate 5; // default 20 - + I don't get RRSIG's returned when I use "dig +dnssec". @@ -918,7 +918,7 @@ serial-query-rate 5; // default 20 - + @@ -1002,7 +1002,7 @@ empty: - + @@ -1079,7 +1079,7 @@ empty: - + Operating-System Specific Questions HPUX @@ -1109,9 +1109,9 @@ configure: error: need either working unistd.h or sys/select.h Linux - + - + Why do I get the following errors: general: errno2result.c:109: unexpected error: @@ -1174,7 +1174,7 @@ echo "1" > proc/sys/net/core/xfrm_larval_drop - + @@ -1193,7 +1193,7 @@ echo "1" > proc/sys/net/core/xfrm_larval_drop - + @@ -1214,7 +1214,7 @@ modprobe capability - + @@ -1274,7 +1274,7 @@ $ROOTDIR/var/tmp able to write or create files except in the directories above, with SELinux in Enforcing mode. - + So, to allow named to update slave or DDNS zone files, it is best to locate them in $ROOTDIR/var/named/slaves, @@ -1285,7 +1285,7 @@ zone "slave.zone." IN { type slave; file "slaves/slave.zone.db"; ... -}; +}; zone "ddns.zone." IN { type master; allow-updates {...}; @@ -1318,13 +1318,13 @@ options { system-config-securitylevel GUI, using the 'setsebool' command, or in /etc/selinux/targeted/booleans. - + You can disable SELinux protection for named entirely by setting the 'named_disable_trans=1' SELinux tunable boolean parameter. - + The SELinux named policy defines these SELinux contexts for named: @@ -1335,7 +1335,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d - + If you want to retain use of the SELinux policy for named, and put named files in different locations, you can do @@ -1353,7 +1353,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d - + To create a custom modifiable named data location, e.g. '/var/log/named' for a log file, do: @@ -1363,7 +1363,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d - + To create a custom zone file location, e.g. /root/zones/, do: @@ -1372,7 +1372,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d - + See these man-pages for more information : selinux(8), named_selinux(8), chcon(1), setsebool(8) @@ -1433,11 +1433,11 @@ proc /var/named/proc proc defaults 0 0 - + - + Windows - + @@ -1458,7 +1458,7 @@ proc /var/named/proc proc defaults 0 0 - + @@ -1484,11 +1484,11 @@ options { - + - + FreeBSD - + @@ -1513,11 +1513,11 @@ rand_irqs="3 14 15" - + - + Solaris - + @@ -1535,7 +1535,7 @@ rand_irqs="3 14 15" - + Apple Mac OS X @@ -1601,7 +1601,7 @@ key "rndc-key" { - + diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index 8970a8dae2..7ba40a51ca 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -71,7 +71,7 @@ DESCRIPTION - + named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -92,7 +92,7 @@ OPTIONS - + @@ -184,7 +184,7 @@ RETURN VALUES - + named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise. @@ -192,7 +192,7 @@ SEE ALSO - + named8 , diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index 3f8acbc219..c05b78eb1a 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -122,7 +122,7 @@ DESCRIPTION - + named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -143,7 +143,7 @@ OPTIONS - + @@ -387,7 +387,7 @@ Check for records that are treated as different by DNSSEC but - are semantically equal in plain DNS. + are semantically equal in plain DNS. Possible modes are "fail", "warn" (default) and "ignore". @@ -511,7 +511,7 @@ RETURN VALUES - + named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise. @@ -519,12 +519,12 @@ SEE ALSO - + named8 , - named-checkconf8 + named-checkconf8 , RFC 1035, BIND 9 Administrator Reference Manual. diff --git a/bin/confgen/ddns-confgen.docbook b/bin/confgen/ddns-confgen.docbook index 62dadb6f0c..0c38f9b0f8 100644 --- a/bin/confgen/ddns-confgen.docbook +++ b/bin/confgen/ddns-confgen.docbook @@ -67,7 +67,7 @@ DESCRIPTION - + tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use @@ -99,7 +99,7 @@ local DDNS key for use with nsupdate -l: it does this when a zone is configured with update-policy local;. - ddns-confgen is only needed when a + ddns-confgen is only needed when a more elaborate configuration is required: for instance, if nsupdate is to be used from a remote system. @@ -107,7 +107,7 @@ OPTIONS - + @@ -215,7 +215,7 @@ SEE ALSO - + nsupdate1 , diff --git a/bin/confgen/rndc-confgen.docbook b/bin/confgen/rndc-confgen.docbook index 23c54d13b4..82e810c30d 100644 --- a/bin/confgen/rndc-confgen.docbook +++ b/bin/confgen/rndc-confgen.docbook @@ -72,7 +72,7 @@ DESCRIPTION - + rndc-confgen generates configuration files for rndc. It can be used as a @@ -90,7 +90,7 @@ OPTIONS - + @@ -259,7 +259,7 @@ EXAMPLES - + To allow rndc to be used with no manual configuration, run @@ -277,7 +277,7 @@ SEE ALSO - + rndc8 , diff --git a/bin/delv/delv.docbook b/bin/delv/delv.docbook index 53f1bee0fe..2471355dbc 100644 --- a/bin/delv/delv.docbook +++ b/bin/delv/delv.docbook @@ -85,7 +85,7 @@ DESCRIPTION - + delv (Domain Entity Lookup & Validation) is a tool for sending DNS queries and validating the results, using the same internal @@ -129,7 +129,7 @@ SIMPLE USAGE - + A typical invocation of delv looks like: @@ -196,7 +196,7 @@ OPTIONS - + @@ -398,7 +398,7 @@ QUERY OPTIONS - + delv provides a number of query options which affect the way results are @@ -585,7 +585,7 @@ Set or clear the display options - , + , , and as a group. @@ -668,13 +668,13 @@ FILES - + /etc/bind.keys /etc/resolv.conf SEE ALSO - + dig1 , diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index b6220d7a0a..a892597749 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -98,7 +98,7 @@ DESCRIPTION - + dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -144,7 +144,7 @@ The IN and CH class names overlap with the IN and CH top level domain names. Either use the and - options to specify the type and class, + options to specify the type and class, use the the specify the domain name, or use "IN." and "CH." when looking up these top level domains. @@ -152,7 +152,7 @@ SIMPLE USAGE - + A typical invocation of dig looks like: @@ -218,7 +218,7 @@ OPTIONS - + @@ -421,7 +421,7 @@ QUERY OPTIONS - + dig provides a number of query options which affect @@ -1160,7 +1160,7 @@ MULTIPLE QUERIES - + The BIND 9 implementation of dig @@ -1209,7 +1209,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr IDN SUPPORT - + If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -1218,13 +1218,13 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr reply from the server. If you'd like to turn off the IDN support for some reason, defines the IDN_DISABLE environment variable. - The IDN support is disabled if the variable is set when + The IDN support is disabled if the variable is set when dig runs. FILES - + /etc/resolv.conf ${HOME}/.digrc @@ -1232,7 +1232,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr SEE ALSO - + host1 , @@ -1247,7 +1247,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr BUGS - + There are probably too many query options. diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index 09807908db..8d0e63ce3d 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -77,7 +77,7 @@ DESCRIPTION - + host is a simple utility for performing DNS lookups. @@ -240,7 +240,7 @@ - The option tells host + The option tells host not to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior. @@ -260,10 +260,10 @@ IDN SUPPORT - + If host has been built with IDN (internationalized - domain name) support, it can accept and display non-ASCII domain names. + domain name) support, it can accept and display non-ASCII domain names. host appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index f185476665..c0ef025d7d 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -87,7 +87,7 @@ DESCRIPTION - + Nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows @@ -100,7 +100,7 @@ ARGUMENTS - + Interactive mode is entered in the following cases: @@ -144,7 +144,7 @@ nslookup -query=hinfo -timeout=10 INTERACTIVE COMMANDS - + host server @@ -480,13 +480,13 @@ nslookup -query=hinfo -timeout=10 FILES - + /etc/resolv.conf SEE ALSO - + dig1 , diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook index 5911d49458..1237c362d0 100644 --- a/bin/dnssec/dnssec-dsfromkey.docbook +++ b/bin/dnssec/dnssec-dsfromkey.docbook @@ -84,7 +84,7 @@ DESCRIPTION - + dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). @@ -92,7 +92,7 @@ OPTIONS - + @@ -183,7 +183,7 @@ Include ZSKs when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS - records and printed. Useful only in zone file mode. + records and printed. Useful only in zone file mode. @@ -252,7 +252,7 @@ EXAMPLE - + To build the SHA-256 DS RR from the Kexample.com.+003+26160 @@ -268,7 +268,7 @@ FILES - + The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -283,14 +283,14 @@ CAVEAT - + A keyfile error can give a "file not found" even if the file exists. SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-importkey.docbook b/bin/dnssec/dnssec-importkey.docbook index 0f83d207cf..f4c3f172b3 100644 --- a/bin/dnssec/dnssec-importkey.docbook +++ b/bin/dnssec/dnssec-importkey.docbook @@ -71,7 +71,7 @@ DESCRIPTION - + dnssec-importkey reads a public DNSKEY record and generates a pair of .key/.private files. The DNSKEY record may be read from an @@ -92,7 +92,7 @@ OPTIONS - + @@ -110,7 +110,7 @@ - + -K directory @@ -142,7 +142,7 @@ - + -v level @@ -165,7 +165,7 @@ TIMING OPTIONS - + Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -205,7 +205,7 @@ FILES - + A keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -215,7 +215,7 @@ SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook index 6c16b707d3..b05b322330 100644 --- a/bin/dnssec/dnssec-keyfromlabel.docbook +++ b/bin/dnssec/dnssec-keyfromlabel.docbook @@ -79,7 +79,7 @@ DESCRIPTION - + dnssec-keyfromlabel generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key @@ -96,7 +96,7 @@ OPTIONS - + @@ -364,7 +364,7 @@ TIMING OPTIONS - + Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. @@ -450,7 +450,7 @@ If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero. @@ -467,7 +467,7 @@ GENERATED KEY FILES - + When dnssec-keyfromlabel completes successfully, @@ -491,7 +491,7 @@ - dnssec-keyfromlabel + dnssec-keyfromlabel creates two files, with names based on the printed string. Knnnn.+aaa+iiiii.key contains the public key, and @@ -513,7 +513,7 @@ SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index 3a20294c95..e5c3e540ac 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -96,7 +96,7 @@ DESCRIPTION - + dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -111,7 +111,7 @@ OPTIONS - + @@ -441,7 +441,7 @@ TIMING OPTIONS - + Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. @@ -529,7 +529,7 @@ If the key is being created as an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero. @@ -547,7 +547,7 @@ GENERATED KEYS - + When dnssec-keygen completes successfully, @@ -572,7 +572,7 @@ - dnssec-keygen + dnssec-keygen creates two files, with names based on the printed string. Knnnn.+aaa+iiiii.key contains the public key, and @@ -600,7 +600,7 @@ EXAMPLE - + To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -622,7 +622,7 @@ SEE ALSO - + dnssec-signzone8 , diff --git a/bin/dnssec/dnssec-revoke.docbook b/bin/dnssec/dnssec-revoke.docbook index 4e7ca7d401..156b509a9a 100644 --- a/bin/dnssec/dnssec-revoke.docbook +++ b/bin/dnssec/dnssec-revoke.docbook @@ -60,7 +60,7 @@ DESCRIPTION - + dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -69,7 +69,7 @@ OPTIONS - + @@ -80,7 +80,7 @@ - + -K directory @@ -159,7 +159,7 @@ SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index 66c1663eb4..ceb2fe02aa 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -66,7 +66,7 @@ DESCRIPTION - + dnssec-settime reads a DNSSEC private key file and sets the key timing metadata as specified by the , , @@ -93,7 +93,7 @@ OPTIONS - + @@ -105,13 +105,13 @@ fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be - set to the present time. If no other values are specified, - then the key's publication and activation dates will also + set to the present time. If no other values are specified, + then the key's publication and activation dates will also be set to the present time. - + -K directory @@ -145,7 +145,7 @@ - + -V @@ -184,7 +184,7 @@ TIMING OPTIONS - + Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -281,7 +281,7 @@ If the key is being set to be an explicit successor to another - key, then the default prepublication interval is 30 days; + key, then the default prepublication interval is 30 days; otherwise it is zero. @@ -297,7 +297,7 @@ PRINTING OPTIONS - + dnssec-settime can also be used to print the timing metadata associated with a key. @@ -335,7 +335,7 @@ SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 5d0046a3e9..3b7fa73d66 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -107,7 +107,7 @@ DESCRIPTION - + dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -119,7 +119,7 @@ OPTIONS - + @@ -174,7 +174,7 @@ () is used, DNSKEY records are also included. The resulting file can be included in the original zone file with $INCLUDE. This option - cannot be combined with , + cannot be combined with , , or serial number updating. @@ -551,7 +551,7 @@ Normally, when a previously-signed zone is passed as input to the signer, and a DNSKEY record has been removed and - replaced with a new one, signatures from the old key + replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The @@ -632,7 +632,7 @@ If the key's activation date is set and in the past, the key is published (regardless of publication date) and - used to sign the zone. + used to sign the zone. @@ -800,7 +800,7 @@ EXAMPLE - + The following command signs the example.com zone with the DSA key generated by dnssec-keygen @@ -831,7 +831,7 @@ db.example.com.signed SEE ALSO - + dnssec-keygen8 , diff --git a/bin/dnssec/dnssec-verify.docbook b/bin/dnssec/dnssec-verify.docbook index fa69521e00..6a9d385205 100644 --- a/bin/dnssec/dnssec-verify.docbook +++ b/bin/dnssec/dnssec-verify.docbook @@ -60,7 +60,7 @@ DESCRIPTION - + dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -69,7 +69,7 @@ OPTIONS - + @@ -192,7 +192,7 @@ SEE ALSO - + dnssec-signzone8 diff --git a/bin/named/bind9.xsl b/bin/named/bind9.xsl index f9f01643bd..5b1ffe8655 100644 --- a/bin/named/bind9.xsl +++ b/bin/named/bind9.xsl @@ -49,7 +49,7 @@ function loadGraphs(){ var g; - + while(g = graphs.shift()){ // alert("going for: " + g.target); if(g.data.length > 1){ @@ -59,7 +59,7 @@ } - // Server Incoming Query Types + // Server Incoming Query Types graphs.push({ 'title' : "Server Incoming Query Types", 'target': 'chart_incoming_qtypes', @@ -67,7 +67,7 @@ 'data': [['Type','Counter'],['',],] }); - + // Server Incoming Requests by opcode graphs.push({ diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 037868dab0..6e3399ecb1 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -77,7 +77,7 @@ DESCRIPTION - + lwresd is the daemon providing name lookup @@ -87,7 +87,7 @@ resolver protocol rather than the DNS protocol. - lwresd + lwresd listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that lwresd can only be used by @@ -115,7 +115,7 @@ OPTIONS - + @@ -217,7 +217,7 @@ trace, record, size, and - mctx. + mctx. These correspond to the ISC_MEM_DEBUGXXXX flags described in <isc/mem.h>. @@ -324,7 +324,7 @@ FILES - + @@ -351,7 +351,7 @@ SEE ALSO - + named8 , diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 9051da0d23..a47e2c8f46 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -60,7 +60,7 @@ DESCRIPTION - + named.conf is the configuration file for named. Statements are enclosed @@ -80,7 +80,7 @@ ACL - + acl string { address_match_element; ... }; @@ -88,7 +88,7 @@ acl string { address_match_element KEY - + key domain_name { algorithm string; @@ -98,7 +98,7 @@ key domain_name { MASTERS - + masters string port integer { ( masters | ipv4_address port integer | @@ -108,7 +108,7 @@ masters string port integer SERVER - + server ( ipv4_address/prefixlen | ipv6_address/prefixlen ) { bogus boolean; @@ -132,7 +132,7 @@ server ( ipv4_address/prefixlen TRUSTED-KEYS - + trusted-keys { domain_name flags protocol algorithm key; ... @@ -141,7 +141,7 @@ trusted-keys { MANAGED-KEYS - + managed-keys { domain_name initial-key flags protocol algorithm key; ... @@ -150,7 +150,7 @@ managed-keys { CONTROLS - + controls { inet ( ipv4_address | ipv6_address | * ) @@ -163,7 +163,7 @@ controls { LOGGING - + logging { channel string { @@ -182,7 +182,7 @@ logging { LWRES - + lwres { listen-on port integer { @@ -198,7 +198,7 @@ lwres { OPTIONS - + options { avoid-v4-udp-ports { port; ... }; @@ -413,7 +413,7 @@ options { VIEW - + view string optional_class { match-clients { address_match_element; ... }; @@ -583,7 +583,7 @@ view string optional_class ZONE - + zone string optional_class { type ( master | slave | stub | hint | redirect | @@ -681,13 +681,13 @@ zone string optional_class FILES - + /etc/named.conf SEE ALSO - + named8 , diff --git a/bin/named/named.docbook b/bin/named/named.docbook index c5741442fb..69fb710395 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -87,7 +87,7 @@ DESCRIPTION - + named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -103,7 +103,7 @@ OPTIONS - + @@ -436,7 +436,7 @@ SIGNALS - + In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -472,7 +472,7 @@ CONFIGURATION - + The named configuration file is too complex to describe in detail here. A complete description is provided @@ -492,7 +492,7 @@ FILES - + @@ -519,7 +519,7 @@ SEE ALSO - + RFC 1033, RFC 1034, RFC 1035, diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index 584f16340a..674b120a89 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -85,7 +85,7 @@ DESCRIPTION - + nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -144,7 +144,7 @@ OPTIONS - + @@ -353,7 +353,7 @@ INPUT FORMAT - + nsupdate reads input from filename @@ -785,7 +785,7 @@ EXAMPLES - + The examples below show how nsupdate @@ -836,7 +836,7 @@ FILES - + @@ -885,7 +885,7 @@ SEE ALSO - + RFC 2136, RFC 3007, @@ -907,7 +907,7 @@ BUGS - + The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/pkcs11/pkcs11-destroy.docbook b/bin/pkcs11/pkcs11-destroy.docbook index 8eca1ccf22..f71d88ccf0 100644 --- a/bin/pkcs11/pkcs11-destroy.docbook +++ b/bin/pkcs11/pkcs11-destroy.docbook @@ -59,7 +59,7 @@ DESCRIPTION - + pkcs11-destroy destroys keys stored in a PKCS#11 device, identified by their or @@ -73,7 +73,7 @@ ARGUMENTS - + -m module @@ -138,7 +138,7 @@ SEE ALSO - + pkcs11-keygen8 diff --git a/bin/pkcs11/pkcs11-keygen.docbook b/bin/pkcs11/pkcs11-keygen.docbook index 872f6d8716..23129535ee 100644 --- a/bin/pkcs11/pkcs11-keygen.docbook +++ b/bin/pkcs11/pkcs11-keygen.docbook @@ -62,7 +62,7 @@ DESCRIPTION - + pkcs11-keygen causes a PKCS#11 device to generate a new key pair with the given (which must be @@ -71,7 +71,7 @@ ARGUMENTS - + -a algorithm @@ -185,7 +185,7 @@ SEE ALSO - + pkcs11-destroy8 diff --git a/bin/pkcs11/pkcs11-list.docbook b/bin/pkcs11/pkcs11-list.docbook index ef0b56c22a..77c1ca1c19 100644 --- a/bin/pkcs11/pkcs11-list.docbook +++ b/bin/pkcs11/pkcs11-list.docbook @@ -57,7 +57,7 @@ DESCRIPTION - + pkcs11-list lists the PKCS#11 objects with or @@ -66,7 +66,7 @@ ARGUMENTS - + -P @@ -130,7 +130,7 @@ SEE ALSO - + pkcs11-destroy8 diff --git a/bin/pkcs11/pkcs11-tokens.docbook b/bin/pkcs11/pkcs11-tokens.docbook index 084e3817d5..06c8e62615 100644 --- a/bin/pkcs11/pkcs11-tokens.docbook +++ b/bin/pkcs11/pkcs11-tokens.docbook @@ -51,7 +51,7 @@ DESCRIPTION - + pkcs11-tokens lists the PKCS#11 available tokens with defaults from the slot/token @@ -60,7 +60,7 @@ ARGUMENTS - + -m module @@ -76,7 +76,7 @@ SEE ALSO - + pkcs11-destroy8 diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook index 731cfb36b3..dcf172f0ec 100644 --- a/bin/python/dnssec-checkds.docbook +++ b/bin/python/dnssec-checkds.docbook @@ -65,7 +65,7 @@ DESCRIPTION - + dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified @@ -74,7 +74,7 @@ OPTIONS - + @@ -92,7 +92,7 @@ -l domain - Check for a DLV record in the specified lookaside domain, + Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone's parent. For example, to check for DLV records for "example.com" in ISC's DLV zone, use: @@ -124,7 +124,7 @@ SEE ALSO - + dnssec-dsfromkey8 , diff --git a/bin/python/dnssec-coverage.docbook b/bin/python/dnssec-coverage.docbook index 27e924ed59..45d5fa86d1 100644 --- a/bin/python/dnssec-coverage.docbook +++ b/bin/python/dnssec-coverage.docbook @@ -61,7 +61,7 @@ DESCRIPTION - + dnssec-coverage verifies that the DNSSEC keys for a given zone or a set of zones have timing metadata set properly to ensure no future lapses in DNSSEC @@ -90,7 +90,7 @@ OPTIONS - + @@ -122,7 +122,7 @@ The length of time to check for DNSSEC coverage. Key events scheduled further into the future than - will be ignored, and assumed to be correct. + will be ignored, and assumed to be correct. The value of can be set in seconds, @@ -243,7 +243,7 @@ SEE ALSO - + dnssec-checkds8 diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook index a338d3656e..57565324f7 100644 --- a/bin/rndc/rndc.conf.docbook +++ b/bin/rndc/rndc.conf.docbook @@ -60,7 +60,7 @@ DESCRIPTION - + rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -147,7 +147,7 @@ EXAMPLE - + options { @@ -219,7 +219,7 @@ NAME SERVER CONFIGURATION - + The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -230,7 +230,7 @@ SEE ALSO - + rndc8 , diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index 74dab39395..39ed7d06f4 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -70,7 +70,7 @@ DESCRIPTION - + rndc controls the operation of a name server. It supersedes the ndc utility @@ -102,7 +102,7 @@ OPTIONS - + @@ -226,7 +226,7 @@ COMMANDS - + A list of commands supported by rndc can be seen by running rndc without arguments. @@ -745,7 +745,7 @@ operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type - sig-signing-type. + sig-signing-type. rndc signing -list converts these records into a human-readable form, indicating which keys are currently signing @@ -771,7 +771,7 @@ flags, iterations, and salt, in that order. - Currently, the only defined value for hash algorithm + Currently, the only defined value for hash algorithm is 1, representing SHA-1. The may be set to 0 or 1, @@ -964,7 +964,7 @@ LIMITATIONS - + There is currently no way to provide the shared secret for a without using the configuration file. @@ -975,7 +975,7 @@ SEE ALSO - + rndc.conf5 , diff --git a/bin/tools/arpaname.docbook b/bin/tools/arpaname.docbook index 883199fc0a..a0651f3e42 100644 --- a/bin/tools/arpaname.docbook +++ b/bin/tools/arpaname.docbook @@ -51,7 +51,7 @@ DESCRIPTION - + arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names. @@ -59,7 +59,7 @@ SEE ALSO - + BIND 9 Administrator Reference Manual. diff --git a/bin/tools/dnstap-read.docbook b/bin/tools/dnstap-read.docbook index 93b4b601f0..df09a3517d 100644 --- a/bin/tools/dnstap-read.docbook +++ b/bin/tools/dnstap-read.docbook @@ -53,7 +53,7 @@ DESCRIPTION - + dnstap-read reads dnstap data from a specified file @@ -65,7 +65,7 @@ OPTIONS - + @@ -102,7 +102,7 @@ SEE ALSO - + named8 diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook index 7562ff3ea4..a79926c827 100644 --- a/bin/tools/genrandom.docbook +++ b/bin/tools/genrandom.docbook @@ -56,7 +56,7 @@ DESCRIPTION - + genrandom generates a file or a set of files containing a specified quantity @@ -66,7 +66,7 @@ ARGUMENTS - + -n number @@ -99,7 +99,7 @@ SEE ALSO - + rand3 diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook index d713f3de99..931086348a 100644 --- a/bin/tools/isc-hmac-fixup.docbook +++ b/bin/tools/isc-hmac-fixup.docbook @@ -54,7 +54,7 @@ DESCRIPTION - + Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -81,7 +81,7 @@ SECURITY CONSIDERATIONS - + Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -93,7 +93,7 @@ SEE ALSO - + BIND 9 Administrator Reference Manual, RFC 2104. diff --git a/bin/tools/mdig.docbook b/bin/tools/mdig.docbook index bf220df5a5..8da50e4937 100644 --- a/bin/tools/mdig.docbook +++ b/bin/tools/mdig.docbook @@ -77,7 +77,7 @@ DESCRIPTION - + mdig is a multiple/pipelined query version of dig: instead of waiting for a response after sending each query, @@ -126,7 +126,7 @@ ANYWHERE OPTIONS - + The option makes mdig @@ -149,7 +149,7 @@ GLOBAL OPTIONS - + The option forces mdig to @@ -390,7 +390,7 @@ LOCAL OPTIONS - + The option sets the query class to @@ -653,7 +653,7 @@ SEE ALSO - + dig1 , diff --git a/bin/tools/named-journalprint.docbook b/bin/tools/named-journalprint.docbook index e0f86b786e..4fd019f28b 100644 --- a/bin/tools/named-journalprint.docbook +++ b/bin/tools/named-journalprint.docbook @@ -52,14 +52,14 @@ DESCRIPTION - + named-journalprint prints the contents of a zone journal file in a human-readable - form. + form. - Journal files are automatically created by named + Journal files are automatically created by named when changes are made to dynamic zones (e.g., by nsupdate). They record each addition or deletion of a resource record, in binary format, allowing the @@ -79,7 +79,7 @@ SEE ALSO - + named8 diff --git a/bin/tools/named-rrchecker.docbook b/bin/tools/named-rrchecker.docbook index e66a3f3293..d98c713d6b 100644 --- a/bin/tools/named-rrchecker.docbook +++ b/bin/tools/named-rrchecker.docbook @@ -56,7 +56,7 @@ DESCRIPTION - + named-rrchecker read a individual DNS resource record from standard input and checks if it is syntactically correct. @@ -85,7 +85,7 @@ SEE ALSO - + RFC 1034, RFC 1035, diff --git a/bin/tools/nsec3hash.docbook b/bin/tools/nsec3hash.docbook index 73695b91f8..2750d2218d 100644 --- a/bin/tools/nsec3hash.docbook +++ b/bin/tools/nsec3hash.docbook @@ -55,7 +55,7 @@ DESCRIPTION - + nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -64,7 +64,7 @@ ARGUMENTS - + salt @@ -108,7 +108,7 @@ SEE ALSO - + BIND 9 Administrator Reference Manual, RFC 5155. diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index cda9e28226..5ebc967c01 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -1819,7 +1819,7 @@ nameserver 172.16.72.4 TSIG keys can be generated using the tsig-keygen command; the output of the command is a key directive - suitable for inclusion in named.conf. The + suitable for inclusion in named.conf. The key name, algorithm and size can be specified by command line parameters; the defaults are "tsig-key", HMAC-SHA256, and 256 bits, respectively. @@ -1899,7 +1899,7 @@ key "host1-host2." { signed using the specified key. Keys may also be specified in the also-notify statement of a master or slave zone, causing NOTIFY messages to be signed using - the specified key. + the specified key. Keys can also be specified in a server @@ -2004,7 +2004,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;}; The TKEY process is initiated by a client or server by sending a query of type TKEY to a TKEY-aware server. The query must include - an appropriate KEY record in the additional section, and + an appropriate KEY record in the additional section, and must be signed using either TSIG or SIG(0) with a previously established key. The server's response, if successful, will contain a TKEY record in its answer section. After this transaction, @@ -4809,11 +4809,11 @@ badresp:1,adberr:0,findfail:0,valfail:0] event payloads which are encoded using Protocol Buffers (libprotobuf-c, a mechanism for serializing structured data developed - by Google, Inc.; see + by Google, Inc.; see https://developers.google.com/protocol-buffers). - To enable dnstap at compile time, + To enable dnstap at compile time, the fstrm and protobuf-c libraries must be available, and BIND must be configured with . diff --git a/doc/arm/dlz.xml b/doc/arm/dlz.xml index 4d4aabd25a..e4ba56f437 100644 --- a/doc/arm/dlz.xml +++ b/doc/arm/dlz.xml @@ -16,7 +16,7 @@
DLZ (Dynamically Loadable Zones) - + DLZ (Dynamically Loadable Zones) is an extension to BIND 9 that allows zone data to be retrieved directly from an external database. There is @@ -55,7 +55,7 @@
Configuring DLZ - + A DLZ database is configured with a dlz statement in named.conf: @@ -103,7 +103,7 @@
Sample DLZ Driver - + For guidance in implementation of DLZ modules, the directory contrib/dlz/example contains a basic diff --git a/doc/arm/dnssec.xml b/doc/arm/dnssec.xml index 33b0cdc7f8..210c184708 100644 --- a/doc/arm/dnssec.xml +++ b/doc/arm/dnssec.xml @@ -16,23 +16,23 @@
DNSSEC, Dynamic Zones, and Automatic Signing - + As of BIND 9.7.0 it is possible to change a dynamic zone from insecure to signed and back again. A secure zone can use either NSEC or NSEC3 chains.
Converting from insecure to secure - +
Changing a zone from insecure to secure can be done in two - ways: using a dynamic DNS update, or the + ways: using a dynamic DNS update, or the auto-dnssec zone option. - For either method, you need to configure - named so that it can see the + For either method, you need to configure + named so that it can see the K* files which contain the public and private parts of the keys that will be used to sign the zone. These files - will have been generated by + will have been generated by dnssec-keygen. You can do this by placing them - in the key-directory, as specified in + in the key-directory, as specified in named.conf: zone example.net { @@ -48,7 +48,7 @@ well. An NSEC chain will be generated as part of the initial signing process.
Dynamic DNS update method - +
To insert the keys via dynamic update: @@ -59,7 +59,7 @@ > send While the update request will complete almost immediately, - the zone will not be completely signed until + the zone will not be completely signed until named has had time to walk the zone and generate the NSEC and RRSIG records. The NSEC record at the apex will be added last, to signal that there is a complete NSEC @@ -77,7 +77,7 @@ > send Again, this update request will complete almost - immediately; however, the record won't show up until + immediately; however, the record won't show up until named has had a chance to build/remove the relevant chain. A private type record will be created to record the state of the operation (see below for more details), and will @@ -85,19 +85,19 @@ While the initial signing and NSEC/NSEC3 chain generation is happening, other updates are possible as well.
Fully automatic zone signing - +
- To enable automatic signing, add the - auto-dnssec option to the zone statement in - named.conf. - auto-dnssec has two possible arguments: - allow or + To enable automatic signing, add the + auto-dnssec option to the zone statement in + named.conf. + auto-dnssec has two possible arguments: + allow or maintain. - With - auto-dnssec allow, + With + auto-dnssec allow, named can search the key directory for keys matching the zone, insert them into the zone, and use them to - sign the zone. It will do so only when it receives an + sign the zone. It will do so only when it receives an rndc sign <zonename>. @@ -105,7 +105,7 @@ functionality, but will also automatically adjust the zone's DNSKEY records on schedule according to the keys' timing metadata. (See and - for more information.) + for more information.) named will periodically search the key directory @@ -119,7 +119,7 @@ If keys are present in the key directory the first time the zone - is loaded, the zone will be signed immediately, without waiting for an + is loaded, the zone will be signed immediately, without waiting for an rndc sign or rndc loadkeys command. (Those commands can still be used when there are unscheduled key changes, however.) @@ -141,15 +141,15 @@ the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM record will appear in the zone. - Using the + Using the auto-dnssec option requires the zone to be - configured to allow dynamic updates, by adding an - allow-update or + configured to allow dynamic updates, by adding an + allow-update or update-policy statement to the zone configuration. If this has not been done, the configuration will fail.
Private-type records - +
The state of the signing process is signaled by private-type records (with a default type value of 65534). When @@ -187,18 +187,18 @@
DNSKEY rollovers - +
As with insecure-to-secure conversions, rolling DNSSEC - keys can be done in two ways: using a dynamic DNS update, or the + keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.
Dynamic DNS update method - +
To perform key rollovers via dynamic update, you need to add - the K* files for the new keys so that + the K* files for the new keys so that named can find them. You can then add the new - DNSKEY RRs via dynamic update. + DNSKEY RRs via dynamic update. named will then cause the zone to be signed with the new keys. When the signing is complete the private type records will be updated so that the last octet is non @@ -212,15 +212,15 @@ be able to verify at least one signature when you remove the old DNSKEY. The old DNSKEY can be removed via UPDATE. Take care to - specify the correct key. + specify the correct key. named will clean out any signatures generated by the old key after the update completes.
Automatic key rollovers - +
When a new key reaches its activation date (as set by dnssec-keygen or dnssec-settime), - if the auto-dnssec zone option is set to + if the auto-dnssec zone option is set to maintain, named will automatically carry out the key rollover. If the key's algorithm has not previously been used to sign the zone, then the zone will @@ -232,7 +232,7 @@ completes in 30 days, after which it will be safe to remove the old key from the DNSKEY RRset.
NSEC3PARAM rollovers via UPDATE - +
Add the new NSEC3PARAM record via dynamic update. When the new NSEC3 chain has been generated, the NSEC3PARAM flag field @@ -240,7 +240,7 @@ record. The old chain will be removed after the update request completes.
Converting from NSEC to NSEC3 - +
To do this, you just need to add an NSEC3PARAM record. When the conversion is complete, the NSEC chain will have been removed @@ -248,30 +248,30 @@ chain will be generated before the NSEC chain is destroyed.
Converting from NSEC3 to NSEC - +
To do this, use nsupdate to remove all NSEC3PARAM records with a zero flag field. The NSEC chain will be generated before the NSEC3 chain is removed.
Converting from secure to insecure - +
To convert a signed zone to unsigned using dynamic DNS, delete all the DNSKEY records from the zone apex using nsupdate. All signatures, NSEC or NSEC3 chains, and associated NSEC3PARAM records will be removed automatically. This will take place after the update request completes. - This requires the - dnssec-secure-to-insecure option to be set to - yes in + This requires the + dnssec-secure-to-insecure option to be set to + yes in named.conf. In addition, if the auto-dnssec maintain zone statement is used, it should be removed or changed to allow instead (or it will re-sign).
Periodic re-signing - +
In any secure zone which supports dynamic updates, named will periodically re-sign RRsets which have not been re-signed as @@ -279,14 +279,14 @@ adjusted so as to spread the re-sign load over time rather than all at once.
NSEC3 and OPTOUT - +
named only supports creating new NSEC3 chains where all the NSEC3 records in the zone have the same OPTOUT - state. + state. named supports UPDATES to zones where the NSEC3 - records in the chain have mixed OPTOUT state. + records in the chain have mixed OPTOUT state. named does not support changing the OPTOUT state of an individual NSEC3 record, the entire chain needs to be changed if the OPTOUT state of an individual NSEC3 needs to be diff --git a/doc/arm/dyndb.xml b/doc/arm/dyndb.xml index 6f6ae7201b..8e8459dcb2 100644 --- a/doc/arm/dyndb.xml +++ b/doc/arm/dyndb.xml @@ -16,7 +16,7 @@
DynDB (Dynamic Database) - + DynDB is an extension to BIND 9 which, like DLZ (see ), allows zone data to be @@ -41,7 +41,7 @@
Configuring DynDB - + A DynDB database is configured with a dyndb statement in named.conf: @@ -68,7 +68,7 @@
Sample DynDB Module - + For guidance in implementation of DynDB modules, the directory bin/tests/system/dyndb/driver. diff --git a/doc/arm/libdns.xml b/doc/arm/libdns.xml index 9f35d02e64..dc86557631 100644 --- a/doc/arm/libdns.xml +++ b/doc/arm/libdns.xml @@ -16,7 +16,7 @@
BIND 9 DNS Library Support - + This version of BIND 9 "exports" its internal libraries so that they can be used by third-party applications more easily (we call them "export" libraries in this document). In addition to @@ -53,7 +53,7 @@
Prerequisite - + GNU make is required to build the export libraries (other part of BIND 9 can still be built with other types of make). In the reminder of this document, "make" means GNU make. Note that @@ -61,7 +61,7 @@ than "make" (e.g. "gmake") to indicate it's GNU make.
Compilation - + $ ./configure --enable-exportlib [other flags] $ make @@ -75,7 +75,7 @@ $ make lib/export/samples directory (see below).
Installation - + $ cd lib/export $ make install @@ -96,7 +96,7 @@ $ make install lib/export/samples/Makefile-postinstall.in.
Known Defects/Restrictions - + @@ -142,7 +142,7 @@ $ make
The dns.conf File - + The IRS library supports an "advanced" configuration file related to the DNS library for configuration parameters that would be beyond the capability of the @@ -159,13 +159,13 @@ $ make for details.)
Sample Applications - + Some sample application programs using this API are provided for reference. The following is a brief description of these applications.
sample: a simple stub resolver utility - + It sends a query of a given name (of a given optional RR type) to a specified recursive server, and prints the result as a list of @@ -232,7 +232,7 @@ $ make
sample-async: a simple stub resolver, working asynchronously - + Similar to "sample", but accepts a list of (query) domain names as a separate file and resolves the names @@ -278,7 +278,7 @@ $ make
sample-request: a simple DNS transaction client - + It sends a query to a specified server, and prints the response with minimal processing. It doesn't act as a @@ -330,7 +330,7 @@ $ make
sample-gai: getaddrinfo() and getnameinfo() test code - + This is a test program to check getaddrinfo() and getnameinfo() behavior. It takes a @@ -346,7 +346,7 @@ $ make
sample-update: a simple dynamic update client program - + It accepts a single update command as a command-line argument, sends an update request message to the @@ -448,14 +448,14 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy removes all A RRs for foo.dynamic.example.com using the given key. - + $ sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com" removes all RRs for foo.dynamic.example.com using the given key.
nsprobe: domain/name server checker in terms of RFC 4074 - + It checks a set of domains to see the name servers of the domains behave @@ -520,7 +520,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
Library References - + As of this writing, there is no formal "manual" of the libraries, except this document, header files (some of them provide pretty detailed explanations), and sample application diff --git a/doc/arm/managed-keys.xml b/doc/arm/managed-keys.xml index c75d772e28..f83f19228c 100644 --- a/doc/arm/managed-keys.xml +++ b/doc/arm/managed-keys.xml @@ -16,25 +16,25 @@
Dynamic Trust Anchor Management - + BIND 9.7.0 introduces support for RFC 5011, dynamic trust - anchor management. Using this feature allows + anchor management. Using this feature allows named to keep track of changes to critical DNSSEC keys without any need for the operator to make changes to configuration files.
Validating Resolver - + To configure a validating resolver to use RFC 5011 to - maintain a trust anchor, configure the trust anchor using a + maintain a trust anchor, configure the trust anchor using a managed-keys statement. Information about - this can be found in + this can be found in .
Authoritative Server - + To set up an authoritative zone for RFC 5011 trust anchor maintenance, generate two (or more) key signing keys (KSKs) for the zone. Sign the zone with one of them; this is the "active" @@ -50,21 +50,21 @@ also in DNSSEC section above here in ARM --> timer has completed, the active KSK can be revoked, and the zone can be "rolled over" to the newly accepted key. The easiest way to place a stand-by key in a zone is to - use the "smart signing" features of - dnssec-keygen and + use the "smart signing" features of + dnssec-keygen and dnssec-signzone. If a key with a publication date in the past, but an activation date which is unset or in - the future, " + the future, " dnssec-signzone -S" will include the DNSKEY record in the zone, but will not sign with it: $ dnssec-keygen -K keys -f KSK -P now -A now+2y example.net $ dnssec-signzone -S -K keys example.net - To revoke a key, the new command + To revoke a key, the new command dnssec-revoke has been added. This adds the - REVOKED bit to the key flags and re-generates the - K*.key and + REVOKED bit to the key flags and re-generates the + K*.key and K*.private files. After revoking the active key, the zone must be signed with both the revoked KSK and the new active KSK. (Smart @@ -82,7 +82,7 @@ $ dnssec-signzone -S -K keys example.net "Kexample.com.+005+10128". If two keys have IDs exactly 128 apart, and one is revoked, then the two key IDs will collide, causing several - problems. To prevent this, + problems. To prevent this, dnssec-keygen will not generate a new key if another key is present which may collide. This checking will only occur if the new keys are written to the same directory diff --git a/doc/arm/notes-wrapper.xml b/doc/arm/notes-wrapper.xml index be87117842..db5f01c19e 100644 --- a/doc/arm/notes-wrapper.xml +++ b/doc/arm/notes-wrapper.xml @@ -18,6 +18,6 @@
</info> - + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/> </article> diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 76e94f215f..dc0e4d9c5c 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -23,14 +23,14 @@ <section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/> <section xml:id="relnotes_intro"><info><title>Introduction - + This document summarizes changes since the last production release of BIND on the corresponding major release branch.
Download - + The latest versions of BIND 9 software can always be found at http://www.isc.org/downloads/. @@ -40,7 +40,7 @@
Security Fixes - + @@ -140,7 +140,7 @@
New Features - + @@ -209,7 +209,7 @@ whose assistance is gratefully acknowledged. - To enable dnstap at compile time, + To enable dnstap at compile time, the fstrm and protobuf-c libraries must be available, and BIND must be configured with . @@ -507,7 +507,7 @@
Feature Changes - + @@ -675,7 +675,7 @@
Porting Changes - + @@ -692,7 +692,7 @@
Bug Fixes - + @@ -869,7 +869,7 @@
End of Life - + The end of life for BIND 9.11 is yet to be determined but will not be before BIND 9.13.0 has been released for 6 months. @@ -877,7 +877,7 @@
Thank You - + Thank you to everyone who assisted us in making this release possible. If you would like to contribute to ISC to assist us in continuing to diff --git a/doc/arm/pkcs11.xml b/doc/arm/pkcs11.xml index 9c2557157a..da03c41470 100644 --- a/doc/arm/pkcs11.xml +++ b/doc/arm/pkcs11.xml @@ -18,7 +18,7 @@
PKCS#11 (Cryptoki) support - + PKCS#11 (Public Key Cryptography Standard #11) defines a platform-independent API for the control of hardware security @@ -50,7 +50,7 @@ the PKCS#11 API to drive the HSM directly.
Prerequisites - + See the documentation provided by your HSM vendor for information about installing, initializing, testing and @@ -58,7 +58,7 @@
Native PKCS#11 - + Native PKCS#11 mode will only work with an HSM capable of carrying out every cryptographic operation BIND 9 may @@ -90,7 +90,7 @@ $ ./configure --enable-native-pkcs11 \ the pkcs11-* tools.)
Building SoftHSMv2 - + SoftHSMv2, the latest development version of SoftHSM, is available from @@ -127,7 +127,7 @@ $ /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
OpenSSL-based PKCS#11 - + OpenSSL-based PKCS#11 mode uses a modified version of the OpenSSL library; stock OpenSSL does not fully support PKCS#11. @@ -187,7 +187,7 @@ $ /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s it with the path to your HSM's PKCS#11 provider library.
Patching OpenSSL - + $ wget http://www.openssl.org/source/openssl-0.9.8zc.tar.gz @@ -219,7 +219,7 @@ $ patch -p1 -d openssl-0.9.8zc \
Building OpenSSL for the AEP Keyper on Linux - + The AEP Keyper is a highly secure key storage device, but does not provide hardware cryptographic acceleration. It @@ -261,7 +261,7 @@ $ ./Configure linux-generic32 -m32 -pthread \
Building OpenSSL for the SCA 6000 on Solaris - + The SCA-6000 PKCS#11 provider is installed as a system library, libpkcs11. It is a true crypto accelerator, up to 4 @@ -283,14 +283,14 @@ $ ./Configure solaris64-x86_64-cc \ (For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.) - After configuring, run - make and + After configuring, run + make and make test.
Building OpenSSL for SoftHSM - + SoftHSM (version 1) is a software library developed by the OpenDNSSEC project @@ -365,7 +365,7 @@ $ ./Configure linux-x86_64 -pthread \
Configuring BIND 9 for Linux with the AEP Keyper - + To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -385,7 +385,7 @@ $ ./configure CC="gcc -m32" --enable-threads \
Configuring BIND 9 for Solaris with the SCA 6000 - + To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -407,7 +407,7 @@ $ ./configure CC="cc -xarch=amd64" --enable-threads \
Configuring BIND 9 for SoftHSM - + $ cd ../bind9 $ ./configure --enable-threads \ @@ -427,12 +427,12 @@ $ ./configure --enable-threads \
PKCS#11 Tools - + BIND 9 includes a minimal set of tools to operate the - HSM, including + HSM, including pkcs11-keygen to generate a new key pair - within the HSM, + within the HSM, pkcs11-list to list objects currently available, pkcs11-destroy to remove objects, and @@ -449,7 +449,7 @@ $ ./configure --enable-threads \
Using the HSM - + For OpenSSL-based PKCS#11, we must first set up the runtime environment so the OpenSSL and PKCS#11 libraries can be loaded: @@ -468,7 +468,7 @@ $ export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${LD_LIBRARY_PATH}/opt/Keyper/PKCS11Provider/machine, use: @@ -477,12 +477,12 @@ $ export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider Such environment variables must be set whenever running - any tool that uses the HSM, including - pkcs11-keygen, - pkcs11-list, - pkcs11-destroy, - dnssec-keyfromlabel, - dnssec-signzone, + any tool that uses the HSM, including + pkcs11-keygen, + pkcs11-list, + pkcs11-destroy, + dnssec-keyfromlabel, + dnssec-signzone, dnssec-keygen, and named. @@ -569,7 +569,7 @@ example.net.signed
Specifying the engine on the command line - + When using OpenSSL-based PKCS#11, the "engine" to be used by OpenSSL can be specified in named and all of @@ -589,7 +589,7 @@ example.net.signed $ dnssec-signzone -E '' -S example.net - This causes + This causes dnssec-signzone to run as if it were compiled without the --with-pkcs11 option. @@ -600,13 +600,13 @@ $ dnssec-signzone -E '' -S example.net
Running named with automatic zone re-signing - + If you want named to dynamically re-sign zones using HSM keys, and/or to to sign new records inserted via nsupdate, then named must have access to the HSM PIN. In OpenSSL-based PKCS#11, this is accomplished by placing the PIN into the openssl.cnf file - (in the above examples, + (in the above examples, /opt/pkcs11/usr/ssl/openssl.cnf). diff --git a/doc/xsl/copyright.xsl b/doc/xsl/copyright.xsl index a4604adb02..4abda87a64 100644 --- a/doc/xsl/copyright.xsl +++ b/doc/xsl/copyright.xsl @@ -71,7 +71,7 @@ - - + - - + - - + @@ -43,7 +43,7 @@ - @@ -88,7 +88,7 @@ - @@ -139,7 +139,7 @@ - - + - + --> DESCRIPTION - + isc-config.sh prints information related to the installed version of ISC BIND, such as the compiler and linker flags required to compile @@ -80,7 +80,7 @@ OPTIONS - + @@ -142,7 +142,7 @@ RETURN VALUES - + isc-config.sh returns an exit status of 1 if invoked with invalid arguments or no arguments at all. diff --git a/lib/lwres/man/lwres.docbook b/lib/lwres/man/lwres.docbook index 11c0b28630..5e84ee970d 100644 --- a/lib/lwres/man/lwres.docbook +++ b/lib/lwres/man/lwres.docbook @@ -58,7 +58,7 @@ DESCRIPTION - + The BIND 9 lightweight resolver library is a simple, name service independent stub resolver library. It provides hostname-to-address @@ -74,7 +74,7 @@ OVERVIEW - + The lwresd library implements multiple name service APIs. The standard @@ -128,7 +128,7 @@ CLIENT-SIDE LOW-LEVEL API CALL FLOW - + When a client program wishes to make an lwres request using the native low-level API, it typically performs the following @@ -176,7 +176,7 @@ SERVER-SIDE LOW-LEVEL API CALL FLOW - + When implementing the server side of the lightweight resolver protocol using the lwres library, a sequence of actions like the @@ -218,7 +218,7 @@ SEE ALSO - + lwres_gethostent3 , diff --git a/lib/lwres/man/lwres_buffer.docbook b/lib/lwres/man/lwres_buffer.docbook index 55f7d52e4c..532a09c239 100644 --- a/lib/lwres/man/lwres_buffer.docbook +++ b/lib/lwres/man/lwres_buffer.docbook @@ -204,7 +204,7 @@ void DESCRIPTION - + These functions provide bounds checked access to a region of memory where data is being read or written. diff --git a/lib/lwres/man/lwres_config.docbook b/lib/lwres/man/lwres_config.docbook index eed60cd3bc..0a40ee5f44 100644 --- a/lib/lwres/man/lwres_config.docbook +++ b/lib/lwres/man/lwres_config.docbook @@ -95,7 +95,7 @@ lwres_conf_t * DESCRIPTION - + lwres_conf_init() creates an empty @@ -133,7 +133,7 @@ lwres_conf_t * RETURN VALUES - + lwres_conf_parse() returns LWRES_R_SUCCESS @@ -154,7 +154,7 @@ lwres_conf_t * SEE ALSO - + stdio3 , @@ -164,7 +164,7 @@ lwres_conf_t * FILES - + /etc/resolv.conf diff --git a/lib/lwres/man/lwres_context.docbook b/lib/lwres/man/lwres_context.docbook index 23b7e14a23..edfdde68e6 100644 --- a/lib/lwres/man/lwres_context.docbook +++ b/lib/lwres/man/lwres_context.docbook @@ -120,7 +120,7 @@ void * DESCRIPTION - + lwres_context_create() creates a lwres_context_t structure for use in @@ -219,7 +219,7 @@ void * RETURN VALUES - + lwres_context_create() returns LWRES_R_NOMEMORY if memory for @@ -245,7 +245,7 @@ void * SEE ALSO - + lwres_conf_init3 , diff --git a/lib/lwres/man/lwres_gabn.docbook b/lib/lwres/man/lwres_gabn.docbook index aced17ae85..8c6382375f 100644 --- a/lib/lwres/man/lwres_gabn.docbook +++ b/lib/lwres/man/lwres_gabn.docbook @@ -114,7 +114,7 @@ void DESCRIPTION - + These are low-level routines for creating and parsing lightweight resolver name-to-address lookup request and @@ -213,7 +213,7 @@ typedef struct { RETURN VALUES - + The getaddrbyname opcode functions lwres_gabnrequest_render(), @@ -251,7 +251,7 @@ typedef struct { SEE ALSO - + lwres_packet3 diff --git a/lib/lwres/man/lwres_gai_strerror.docbook b/lib/lwres/man/lwres_gai_strerror.docbook index ea0206f3d9..f6e04e7ecc 100644 --- a/lib/lwres/man/lwres_gai_strerror.docbook +++ b/lib/lwres/man/lwres_gai_strerror.docbook @@ -65,7 +65,7 @@ char * DESCRIPTION - + lwres_gai_strerror() returns an error message corresponding to an error code returned by @@ -177,7 +177,7 @@ char * SEE ALSO - + strerror3 , diff --git a/lib/lwres/man/lwres_getaddrinfo.docbook b/lib/lwres/man/lwres_getaddrinfo.docbook index 60c0a6f864..2517b15970 100644 --- a/lib/lwres/man/lwres_getaddrinfo.docbook +++ b/lib/lwres/man/lwres_getaddrinfo.docbook @@ -97,7 +97,7 @@ struct addrinfo { DESCRIPTION - + lwres_getaddrinfo() is used to get a list of IP addresses and port numbers for host @@ -323,7 +323,7 @@ struct addrinfo { RETURN VALUES - + lwres_getaddrinfo() returns zero on success or one of the error codes listed in @@ -337,7 +337,7 @@ struct addrinfo { SEE ALSO - + lwres3 , diff --git a/lib/lwres/man/lwres_gethostent.docbook b/lib/lwres/man/lwres_gethostent.docbook index e0b82da341..cf68feb213 100644 --- a/lib/lwres/man/lwres_gethostent.docbook +++ b/lib/lwres/man/lwres_gethostent.docbook @@ -151,7 +151,7 @@ void DESCRIPTION - + These functions provide hostname-to-address and address-to-hostname lookups by means of the lightweight resolver. @@ -313,7 +313,7 @@ struct hostent { RETURN VALUES - + The functions lwres_gethostbyname(), @@ -397,7 +397,7 @@ struct hostent { SEE ALSO - + gethostent3 , @@ -413,7 +413,7 @@ struct hostent { BUGS - + lwres_gethostbyname(), lwres_gethostbyname2(), lwres_gethostbyaddr() diff --git a/lib/lwres/man/lwres_getipnode.docbook b/lib/lwres/man/lwres_getipnode.docbook index d0b568fc08..14e14aaa3d 100644 --- a/lib/lwres/man/lwres_getipnode.docbook +++ b/lib/lwres/man/lwres_getipnode.docbook @@ -85,7 +85,7 @@ void DESCRIPTION - + These functions perform thread safe, protocol independent @@ -240,7 +240,7 @@ struct hostent { RETURN VALUES - + If an error occurs, lwres_getipnodebyname() @@ -300,7 +300,7 @@ struct hostent { SEE ALSO - + RFC2553 , diff --git a/lib/lwres/man/lwres_getnameinfo.docbook b/lib/lwres/man/lwres_getnameinfo.docbook index 761ddeb2ec..371b6f882d 100644 --- a/lib/lwres/man/lwres_getnameinfo.docbook +++ b/lib/lwres/man/lwres_getnameinfo.docbook @@ -72,7 +72,7 @@ int DESCRIPTION - + This function is equivalent to the @@ -163,13 +163,13 @@ int RETURN VALUES - + lwres_getnameinfo() returns 0 on success or a non-zero error code if an error occurs. SEE ALSO - + RFC2133 , @@ -191,7 +191,7 @@ int BUGS - + RFC2133 fails to define what the nonzero return values of diff --git a/lib/lwres/man/lwres_getrrsetbyname.docbook b/lib/lwres/man/lwres_getrrsetbyname.docbook index 65b6392f28..c8de98e911 100644 --- a/lib/lwres/man/lwres_getrrsetbyname.docbook +++ b/lib/lwres/man/lwres_getrrsetbyname.docbook @@ -100,7 +100,7 @@ struct rrsetinfo { DESCRIPTION - + lwres_getrrsetbyname() gets a set of resource records associated with a hostname, class, @@ -148,7 +148,7 @@ struct rrsetinfo { RETURN VALUES - + lwres_getrrsetbyname() returns zero on success, and one of the following error codes if an error occurred: @@ -211,7 +211,7 @@ struct rrsetinfo { SEE ALSO - + lwres3 . diff --git a/lib/lwres/man/lwres_gnba.docbook b/lib/lwres/man/lwres_gnba.docbook index 249a49492e..da6d3a8e54 100644 --- a/lib/lwres/man/lwres_gnba.docbook +++ b/lib/lwres/man/lwres_gnba.docbook @@ -126,7 +126,7 @@ void DESCRIPTION - + These are low-level routines for creating and parsing lightweight resolver address-to-name lookup request and @@ -214,7 +214,7 @@ typedef struct { RETURN VALUES - + The getnamebyaddr opcode functions lwres_gnbarequest_render(), @@ -252,7 +252,7 @@ typedef struct { SEE ALSO - + lwres_packet3 . diff --git a/lib/lwres/man/lwres_hstrerror.docbook b/lib/lwres/man/lwres_hstrerror.docbook index ecee8effb0..59a2f268c1 100644 --- a/lib/lwres/man/lwres_hstrerror.docbook +++ b/lib/lwres/man/lwres_hstrerror.docbook @@ -71,7 +71,7 @@ const char * DESCRIPTION - + lwres_herror() prints the string s on @@ -126,7 +126,7 @@ const char * RETURN VALUES - + The string Unknown resolver error is returned by lwres_hstrerror() @@ -136,7 +136,7 @@ const char * SEE ALSO - + herror3 , diff --git a/lib/lwres/man/lwres_inetntop.docbook b/lib/lwres/man/lwres_inetntop.docbook index 645aa49726..cf32a54b4a 100644 --- a/lib/lwres/man/lwres_inetntop.docbook +++ b/lib/lwres/man/lwres_inetntop.docbook @@ -69,7 +69,7 @@ const char * DESCRIPTION - + lwres_net_ntop() converts an IP address of protocol family @@ -90,7 +90,7 @@ const char * RETURN VALUES - + If successful, the function returns dst: @@ -105,7 +105,7 @@ const char * SEE ALSO - + RFC1884 , diff --git a/lib/lwres/man/lwres_noop.docbook b/lib/lwres/man/lwres_noop.docbook index f15313d766..b482c1a364 100644 --- a/lib/lwres/man/lwres_noop.docbook +++ b/lib/lwres/man/lwres_noop.docbook @@ -115,7 +115,7 @@ void DESCRIPTION - + These are low-level routines for creating and parsing lightweight resolver no-op request and response messages. @@ -207,7 +207,7 @@ typedef struct { RETURN VALUES - + The no-op opcode functions lwres_nooprequest_render(), @@ -246,7 +246,7 @@ typedef struct { SEE ALSO - + lwres_packet3 diff --git a/lib/lwres/man/lwres_packet.docbook b/lib/lwres/man/lwres_packet.docbook index 03330fe685..321248b2ca 100644 --- a/lib/lwres/man/lwres_packet.docbook +++ b/lib/lwres/man/lwres_packet.docbook @@ -72,7 +72,7 @@ lwres_result_t DESCRIPTION - + These functions rely on a struct lwres_lwpacket @@ -273,7 +273,7 @@ struct lwres_lwpacket { RETURN VALUES - + Successful calls to lwres_lwpacket_renderheader() and diff --git a/lib/lwres/man/lwres_resutil.docbook b/lib/lwres/man/lwres_resutil.docbook index b27c55304d..802483d075 100644 --- a/lib/lwres/man/lwres_resutil.docbook +++ b/lib/lwres/man/lwres_resutil.docbook @@ -95,7 +95,7 @@ lwres_result_t DESCRIPTION - + lwres_string_parse() retrieves a DNS-encoded string starting the current pointer of @@ -181,7 +181,7 @@ typedef struct { RETURN VALUES - + Successful calls to lwres_string_parse() @@ -222,7 +222,7 @@ typedef struct { SEE ALSO - + lwres_buffer3 , diff --git a/util/update_copyrights b/util/update_copyrights index 8f8e96c048..d8aad3c1a7 100644 --- a/util/update_copyrights +++ b/util/update_copyrights @@ -559,6 +559,14 @@ foreach $file (keys %file_types) { $body = "$body$_"; } $_ = $body; + } elsif ($type eq "SGML" && $sysyears =~ /$this_year/) { + my $body = ""; + while () { + # Remove trailing white space. + s/[ \t]*$//; + $body = "$body$_"; + } + $_ = $body; } else { undef $/; $_ = ;