ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

regen v9_9

Browse Source
This commit is contained in:
Tinderbox User
2015-11-18 01:09:42 +00:00
parent 8735803562
commit 603bef1c44
7 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
FAQ
View File

@@ -92,7 +92,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
rejecting the TSIG. Why?
A: This may be a clock skew problem. Check that the the clocks on the
client and server are properly synchronised (e.g., using ntp).
client and server are properly synchronized (e.g., using ntp).
Q: I see a log message like the following. Why?

2
FAQ.xml
View File

@@ -220,7 +220,7 @@ view "chaos" chaos {
<answer>
<para>
This may be a clock skew problem. Check that the the clocks
on the client and server are properly synchronised (e.g.,
on the client and server are properly synchronized (e.g.,
using ntp).
</para>
</answer>

8
doc/arm/Bv9ARM.ch04.html
View File

@@ -123,12 +123,14 @@
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
it loads. Specifying <span class="command"><strong>notify master-only;</strong></span> will
cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
zones that it loads.
</div>
</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
@@ -1050,9 +1052,11 @@ options {
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
None of the keys listed in this example are valid. In particular,
the root key is not valid.
</div>
</p>
</div>
<p>
When DNSSEC validation is enabled and properly configured,
the resolver will reject any answers from signed, secure zones

11
doc/arm/Bv9ARM.ch06.html
View File

@@ -3410,7 +3410,6 @@ options {
queries.
Caching may still occur as an effect the server's internal
operation, such as NOTIFY address lookups.
See also <span class="command"><strong>fetch-glue</strong></span> above.
</p></dd>
<dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
<dd><p>
@@ -4691,13 +4690,15 @@ avoid-v6-udp-ports {};
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
If you do not wish the alternate transfer source
to be used, you should set
<span class="command"><strong>use-alt-transfer-source</strong></span>
appropriately and you should not depend upon
getting an answer back to the first refresh
query.
</div>
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
<dd><p>
@@ -5955,11 +5956,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
The real parent servers for these zones should disable all
empty zone under the parent zone they serve. For the real
root servers, this is all built-in empty zones. This will
enable them to return referrals to deeper in the tree.
</div>
</p>
</div>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
<dd><p>
@@ -8475,7 +8478,7 @@ example.com. NS ns2.example.net.
The <em class="replaceable"><code>name</code></em> field
is subject to DNS wildcard expansion, and
this rule matches when the name being updated
name is a valid expansion of the wildcard.
is a valid expansion of the wildcard.
</p>
</td>
</tr>

6
doc/arm/Bv9ARM.ch07.html
View File

@@ -181,10 +181,12 @@ zone "example.com" {
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
Note that if the <span class="command"><strong>named</strong></span> daemon is running as an
<p>
If the <span class="command"><strong>named</strong></span> daemon is running as an
unprivileged user, it will not be able to bind to new restricted
ports if the server is reloaded.
</div>
</p>
</div>
</div>
</div>
<div class="section">

5
doc/arm/Bv9ARM.ch09.html
View File

@@ -88,7 +88,7 @@
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #4098]
in CVE-2015-8000. [RT #40987]
</p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -190,6 +190,9 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Updated the complied in addresses for H.ROOT-SERVERS.NET.
</p></li>
<li class="listitem"><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number

5
doc/arm/notes.html
View File

@@ -49,7 +49,7 @@
records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records
were subsequently cached. This flaw is disclosed
in CVE-2015-8000. [RT #4098]
in CVE-2015-8000. [RT #40987]
</p></li>
<li class="listitem"><p>
An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -151,6 +151,9 @@
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Updated the complied in addresses for H.ROOT-SERVERS.NET.
</p></li>
<li class="listitem"><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number