dnssec-* tools. Major changes:
- all dnssec-* tools now take a -K option to
specify a directory in which key files will be
stored
- DNSSEC can now store metadata indicating when
they are scheduled to be published, acttivated,
revoked or removed; these values can be set by
dnssec-keygen or overwritten by the new
dnssec-settime command
- dnssec-signzone -S (for "smart") option reads key
metadata and uses it to determine automatically
which keys to publish to the zone, use for
signing, revoke, or remove from the zone
[RT #19816]
optional second argument.
I had noticed a few days ago that the ARM grammar for sig-validity-interval
was missing the optional second number. I saw an email again about
this today. This is for part of my RT #19931.
Not adding a CHANGES entry for this (because feature itself was
already documented.)
Evi asked me:
> what is the default value of the zone-statistics
> option? its not listed in the ARM anywhere that i can find.
Not adding a CHANGES entry number for this minor one sentence
addition.
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284]
section 6.2.10.3 The query-errors Category on PDF page 44.
For example output added newlines and replaced <computeroutput>
with <programlisting>.
For query-errors table, used hardcoded column widths as used
elsewhere in the ARM.
This is a continuation of CHANGE 2600 [RT #19574].
page widths. [RT #19574]
Split comments to multiple lines or move comments to own lines for
example.
Some fixed width examples are too wide for my printed page, so fixed
Splits many programlisting's to multiple lines.
Some move comments to above and some merge some comments.
Note that this patch covers configuration examples and also the "Grammar".
Also while here fix docbook formatting for a Not Implemented
check-names (but still that is too wide so I need to change). And
also the patch changes a couple tabs to spaces. And changed case of
example comments to be consistent with previous lines.
There shouldn't be any content changes here.
This doesn't complete this PR.
Even this patch, the official ARM PDF has other text that disappears
into the right margin. So still working on this.
"dnssec-lookaside auto;" This is the equivalent
of "dnssec-lookaside . trust-anchor dlv.isc.org;"
plus setting a trusted-key for dlv.isc.org.
Note: The trusted key is hard-coded into named,
but is also stored in (and can be overridden
by) $sysconfdir/bind.keys. As the ISC DLV key
rolls over it can be kept up to date by replacing
the bind.keys file with a key downloaded from
https://www.isc.org/solutions/dlv. [RT #18685]
(No structure change here.)
(Note that the "Organization of This Document" is somewhat wrong,
but I am not fixing this yet as I have to consider my restructuring
ideas for ARM first.)
Add formatting tags around syntax that was missing. Be consistent.
Remove a few paragraph breaks before "For example:".
Fix typo "will will".
Change description of pid-file to not mislead (since other programs
don't parse named.conf to figure out the PID file :)
Remove some unneeded commas.
Minor grammar fixes.
Clarify edns-udp-size to say "... to control the size of packets received."
Reformatted that paragragh too (in docbook, not rendered version.
(TODO: cross-reference these descriptions.)
Hyphenate "built-in" to be consistent.
Remove space in "100000" (for style). (Some use space, period, comma
for thousands.)
Capitalize TTL in one place.
Say that the -t option is "for named". (Reformat that paragraph in
docbook while here.)
named is in /usr/local/sbin not /usr/local/bin for example.
BIND 8 is deprecated. Don't publicly say we do security-related patches
for BIND 4 or BIND 8.
(Note I have many, many more improvements to do. Trying to catch up on
all my uncommitted fixes some dating back to 2007. Note I can't easily
-- due to time -- commit all separately and then check to see if the
apply to older ARMs and backport. If you think differently on how this
should be approached or if you have time to backport some of these
or want me to pick at least some to backport, please let me know.)
So be consistent.
Add formatting for a configuration option.
Add formatting for a filename.
Uppercase "DNSSEC" in a couple places.
syslog "logs" (not "prints").
Also add formatting for some command line options. (NOTE: this is not
consistent yet, as some use <command> and some use <option> -- need
to define this in a style guide.)
definition sections. This is just to be in alphabetical order
(was: ..., masters, options, statistics-channels, server,
trusted-keys, ...). No content changes.
Note that the indention doesn't match up, but that was wrong before
my commit here.
While here also add missing period at end of sentence and describe
dot to fix problem as noted by SUN Guonian off-list (because Chinese
end of sentence dot is different than dot).
In particular explain the exclamation mark (!) is NXRRSET.
This is from patch from jinmei in support ticket #2038.
I didn't add to changes as this is very minor, but if you want in
CHANGES let me know.
