Skip to content
Browse files

delete some temp files

  • Loading branch information...
1 parent e5b8938 commit 6ad00c87e0ea82c7944a3fcc73c4a96545103740 @gnocuil committed Oct 12, 2012
Showing with 0 additions and 29,484 deletions.
  1. +0 −5 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/Atffile
  2. +0 −10,116 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/CHANGES
  3. +0 −518 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/COPYRIGHT
  4. +0 −893 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/FAQ
  5. +0 −1,612 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/FAQ.xml
  6. +0 −313 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/HISTORY
  7. +0 −421 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/Makefile
  8. +0 −76 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/Makefile.in
  9. +0 −359 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/README
  10. +0 −368 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/RELEASE-NOTES-BIND-9.8.1.html
  11. BIN dhcp-4.2.3-P2/bind/bind-9.8.1-P1/RELEASE-NOTES-BIND-9.8.1.pdf
  12. +0 −268 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/RELEASE-NOTES-BIND-9.8.1.txt
  13. +0 −145 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/acconfig.h
  14. +0 −2 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/aclocal.m4
  15. +0 −371 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/Makefile
  16. +0 −26 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/Makefile.in
  17. +0 −492 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/Makefile
  18. +0 −100 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/Makefile.in
  19. +0 −690 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/check-tool.c
  20. +0 −60 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/check-tool.h
  21. +0 −119 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkconf.8
  22. +0 −543 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkconf.c
  23. +0 −195 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkconf.docbook
  24. +0 −113 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkconf.html
  25. +0 −287 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkzone.8
  26. +0 −487 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkzone.c
  27. +0 −472 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkzone.docbook
  28. +0 −270 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/named-checkzone.html
  29. +0 −113 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/checktool.dsp
  30. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/checktool.dsw
  31. +0 −107 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckconf.dsp
  32. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckconf.dsw
  33. +0 −404 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckconf.mak
  34. +0 −108 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckzone.dsp
  35. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckzone.dsw
  36. +0 −404 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/check/win32/namedcheckzone.mak
  37. +0 −493 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/Makefile
  38. +0 −101 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/Makefile.in
  39. +0 −143 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/ddns-confgen.8
  40. +0 −258 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/ddns-confgen.c
  41. +0 −218 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/ddns-confgen.docbook
  42. +0 −141 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/ddns-confgen.html
  43. +0 −39 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/include/confgen/os.h
  44. +0 −218 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/keygen.c
  45. +0 −41 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/keygen.h
  46. +0 −211 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/rndc-confgen.8
  47. +0 −271 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/rndc-confgen.c
  48. +0 −287 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/rndc-confgen.docbook
  49. +0 −188 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/rndc-confgen.html
  50. +0 −427 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/unix/Makefile
  51. +0 −35 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/unix/Makefile.in
  52. +0 −43 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/unix/os.c
  53. +0 −56 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/util.c
  54. +0 −52 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/util.h
  55. +0 −135 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/confgentool.dsp
  56. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/confgentool.dsw
  57. +0 −103 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/ddnsconfgen.dsp
  58. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/ddnsconfgen.dsw
  59. +0 −337 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/ddnsconfgen.mak
  60. +0 −34 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/os.c
  61. +0 −103 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/rndcconfgen.dsp
  62. +0 −29 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/rndcconfgen.dsw
  63. +0 −336 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/confgen/win32/rndcconfgen.mak
  64. +0 −497 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/Makefile
  65. +0 −105 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/Makefile.in
  66. +0 −573 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/dig.1
  67. +0 −1,796 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/dig.c
  68. +0 −967 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/dig.docbook
  69. +0 −645 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/bin/dig/dig.html
Sorry, we could not display the entire diff because too many files (3,770) changed.
View
5 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/Atffile
@@ -1,5 +0,0 @@
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = bind9
-
-tp: lib
View
10,116 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/CHANGES
0 additions, 10,116 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
518 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/COPYRIGHT
@@ -1,518 +0,0 @@
-Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
-Copyright (C) 1996-2003 Internet Software Consortium.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-$Id: COPYRIGHT,v 1.17.14.1 2011-02-22 06:34:47 marka Exp $
-
- Portions of this code release fall under one or more of the
- following Copyright notices. Please see individual source
- files for details.
-
- For binary releases also see: OpenSSL-LICENSE.
-
-Copyright (C) 1996-2001 Nominum, Inc.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995-2000 by Network Associates, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
-FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
-The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
-conceived and contributed by Rob Butler.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1987, 1990, 1993, 1994
- The Regents of the University of California. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- This product includes software developed by the University of
- California, Berkeley and its contributors.
-4. Neither the name of the University nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) The Internet Society 2005. This version of
-this module is part of RFC 4178; see the RFC itself for
-full legal notices.
-
-(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2004 Masarykova universita
-(Masaryk University, Brno, Czech Republic)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors may
- be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
-(Royal Institute of Technology, Stockholm, Sweden).
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the Institute nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright ((c)) 2002, Rice University
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following
- disclaimer in the documentation and/or other materials provided
- with the distribution.
-
- * Neither the name of Rice University (RICE) nor the names of its
- contributors may be used to endorse or promote products derived
- from this software without specific prior written permission.
-
-
-This software is provided by RICE and the contributors on an "as is"
-basis, without any representations or warranties of any kind, express
-or implied including, but not limited to, representations or
-warranties of non-infringement, merchantability or fitness for a
-particular purpose. In no event shall RICE or contributors be liable
-for any direct, indirect, incidental, special, exemplary, or
-consequential damages (including, but not limited to, procurement of
-substitute goods or services; loss of use, data, or profits; or
-business interruption) however caused and on any theory of liability,
-whether in contract, strict liability, or tort (including negligence
-or otherwise) arising in any way out of the use of this software, even
-if advised of the possibility of such damage.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1993 by Digital Equipment Corporation.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies, and that
-the name of Digital Equipment Corporation not be used in advertising or
-publicity pertaining to distribution of the document or software without
-specific, written prior permission.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright 2000 Aaron D. Gifford. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. Neither the name of the copyright holder nor the names of contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson.
-Copyright (c) 2001 Jake Burkholder.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-3. Neither the name of the project nor the names of its contributors
- may be used to endorse or promote products derived from this software
- without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1999-2000 by Nortel Networks Corporation
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
-BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
-OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
-WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
-ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved.
-
-By using this file, you agree to the terms and conditions set forth bellow.
-
- LICENSE TERMS AND CONDITIONS
-
-The following License Terms and Conditions apply, unless a different
-license is obtained from Japan Network Information Center ("JPNIC"),
-a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
-Chiyoda-ku, Tokyo 101-0047, Japan.
-
-1. Use, Modification and Redistribution (including distribution of any
- modified or derived work) in source and/or binary forms is permitted
- under this License Terms and Conditions.
-
-2. Redistribution of source code must retain the copyright notices as they
- appear in each source code file, this License Terms and Conditions.
-
-3. Redistribution in binary form must reproduce the Copyright Notice,
- this License Terms and Conditions, in the documentation and/or other
- materials provided with the distribution. For the purposes of binary
- distribution the "Copyright Notice" refers to the following language:
- "Copyright (c) 2000-2002 Japan Network Information Center. All rights
- reserved."
-
-4. The name of JPNIC may not be used to endorse or promote products
- derived from this Software without specific prior written approval of
- JPNIC.
-
-5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2004 Nominet, Ltd.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Portions Copyright RSA Security Inc.
-
-License to copy and use this software is granted provided that it is
-identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" in all material mentioning or referencing this software.
-
-License is also granted to make and use derivative works provided that
-such works are identified as "derived from the RSA Security Inc. PKCS #11
-Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.
-
-RSA Security Inc. makes no representations concerning either the
-merchantability of this software or the suitability of this software for
-any particular purpose. It is provided "as is" without express or implied
-warranty of any kind.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1996, David Mazieres <dm@uun.org>
-Copyright (c) 2008, Damien Miller <djm@openbsd.org>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
- distribution.
-
-3. All advertising materials mentioning features or use of this
- software must display the following acknowledgment:
- "This product includes software developed by the OpenSSL Project
- for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-
-4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- endorse or promote products derived from this software without
- prior written permission. For written permission, please contact
- licensing@OpenSSL.org.
-
-5. Products derived from this software may not be called "OpenSSL"
- nor may "OpenSSL" appear in their names without prior written
- permission of the OpenSSL Project.
-
-6. Redistributions of any form whatsoever must retain the following
- acknowledgment:
- "This product includes software developed by the OpenSSL Project
- for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-
-THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-OF THE POSSIBILITY OF SUCH DAMAGE.
-
View
893 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/FAQ
@@ -1,893 +0,0 @@
-Frequently Asked Questions about BIND 9
-
-Copyright � 2004-2010 Internet Systems Consortium, Inc. ("ISC")
-
-Copyright � 2000-2003 Internet Software Consortium.
-
------------------------------------------------------------------------
-
-1. Compilation and Installation Questions
-
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not
- being found. Why?
-
-A: Using a parallel or distributed "make" to build BIND 9 is not
- supported, and doesn't work. If you are using one of these, use normal
- make or gmake instead.
-
-Q: Isn't "make install" supposed to generate a default named.conf?
-
-A: Short Answer: No.
-
- Long Answer: There really isn't a default configuration which fits any
- site perfectly. There are lots of decisions that need to be made and
- there is no consensus on what the defaults should be. For example
- FreeBSD uses /etc/namedb as the location where the configuration files
- for named are stored. Others use /var/named.
-
- What addresses to listen on? For a laptop on the move a lot you may
- only want to listen on the loop back interfaces.
-
- Who do you offer recursive service to? Is there are firewall to
- consider? If so is it stateless or stateful. Are you directly on the
- Internet? Are you on a private network? Are you on a NAT'd network? The
- answers to all these questions change how you configure even a caching
- name server.
-
-2. Configuration and Setup Questions
-
-Q: Why does named log the warning message "no TTL specified - using SOA
- MINTTL instead"?
-
-A: Your zone file is illegal according to RFC1035. It must either have a
- line like:
-
- $TTL 86400
-
- at the beginning, or the first record in it must have a TTL field, like
- the "84600" in this example:
-
- example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
-
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master
- file bar: ran out of space"?
-
-A: This is often caused by TXT records with missing close quotes. Check
- that all TXT records containing quoted strings have both open and close
- quotes.
-
-Q: How do I restrict people from looking up the server version?
-
-A: Put a "version" option containing something other than the real version
- in the "options" section of named.conf. Note doing this will not
- prevent attacks and may impede people trying to diagnose problems with
- your server. Also it is possible to "fingerprint" nameservers to
- determine their version.
-
-Q: How do I restrict only remote users from looking up the server version?
-
-A: The following view statement will intercept lookups as the internal
- view that holds the version information will be matched last. The
- caveats of the previous answer still apply, of course.
-
- view "chaos" chaos {
- match-clients { <those to be refused>; };
- allow-query { none; };
- zone "." {
- type hint;
- file "/dev/null"; // or any empty file
- };
- };
-
-Q: What do "no source of entropy found" or "could not open entropy source
- foo" mean?
-
-A: The server requires a source of entropy to perform certain operations,
- mostly DNSSEC related. These messages indicate that you have no source
- of entropy. On systems with /dev/random or an equivalent, it is used by
- default. A source of entropy can also be defined using the
- random-device option in named.conf.
-
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone
- transfers. I'm sure I have the keys set up correctly, but the server is
- rejecting the TSIG. Why?
-
-A: This may be a clock skew problem. Check that the the clocks on the
- client and server are properly synchronised (e.g., using ntp).
-
-Q: I see a log message like the following. Why?
-
- couldn't open pid file '/var/run/named.pid': Permission denied
-
-A: You are most likely running named as a non-root user, and that user
- does not have permission to write in /var/run. The common ways of
- fixing this are to create a /var/run/named directory owned by the named
- user and set pid-file to "/var/run/named/named.pid", or set pid-file to
- "named.pid", which will put the file in the directory specified by the
- directory option (which, in this case, must be writable by the named
- user).
-
-Q: I can query the nameserver from the nameserver but not from other
- machines. Why?
-
-A: This is usually the result of the firewall configuration stopping the
- queries and / or the replies.
-
-Q: How can I make a server a slave for both an internal and an external
- view at the same time? When I tried, both views on the slave were
- transferred from the same view on the master.
-
-A: You will need to give the master and slave multiple IP addresses and
- use those to make sure you reach the correct view on the other machine.
-
- Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.1;
- transfer-source 10.0.1.1;
- query-source address 10.0.1.1;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.2;
- transfer-source 10.0.1.2;
- query-source address 10.0.1.2;
-
- Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.3;
- transfer-source 10.0.1.3;
- query-source address 10.0.1.3;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.4;
- transfer-source 10.0.1.4;
- query-source address 10.0.1.4;
-
- You put the external address on the alias so that all the other dns
- clients on these boxes see the internal view by default.
-
-A: BIND 9.3 and later: Use TSIG to select the appropriate view.
-
- Master 10.0.1.1:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; // reject message ment for the
- // external view.
- 10.0.1/24; }; // accept from these addresses.
- ...
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.1.2 { keys external; }; // tag messages from the
- // external view to the
- // other servers for the
- // view.
- recursion no;
- ...
- };
-
- Slave 10.0.1.2:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- ...
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.1.1 { keys external; };
- recursion no;
- ...
- };
-
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME
- and other data" when transferring a zone. What does this mean?
-
-A: These indicate a malformed master zone. You can identify the exact
- records involved by transferring the zone using dig then running
- named-checkzone on it.
-
- dig axfr example.com @master-server > tmp
- named-checkzone example.com tmp
-
- A CNAME record cannot exist with the same name as another record except
- for the DNSSEC records which prove its existence (NSEC).
-
- RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other
- data should be present; this ensures that the data for a canonical name
- and its aliases cannot be different. This rule also insures that a
- cached CNAME can be used without checking with an authoritative server
- for other RR types."
-
-Q: I get error messages like "named.conf:99: unexpected end of input"
- where 99 is the last line of named.conf.
-
-A: There are unbalanced quotes in named.conf.
-
-A: Some text editors (notepad and wordpad) fail to put a line title
- indication (e.g. CR/LF) on the last line of a text file. This can be
- fixed by "adding" a blank line to the end of the file. Named expects to
- see EOF immediately after EOL and treats text files where this is not
- met as truncated.
-
-Q: How do I share a dynamic zone between multiple views?
-
-A: You choose one view to be master and the second a slave and transfer
- the zone between views.
-
- Master 10.0.1.1:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
-
- key "mykey" {
- algorithm hmac-sha256;
- secret "yyyyyyyyyyyyyyyyyyyyyyyy";
- };
-
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- server 10.0.1.1 {
- /* Deliver notify messages to external view. */
- keys { external; };
- };
- zone "example.com" {
- type master;
- file "internal/example.db";
- allow-update { key mykey; };
- also-notify { 10.0.1.1; };
- };
- };
-
- view "external" {
- match-clients { key external; any; };
- zone "example.com" {
- type slave;
- file "external/example.db";
- masters { 10.0.1.1; };
- transfer-source 10.0.1.1;
- // allow-update-forwarding { any; };
- // allow-notify { ... };
- };
- };
-
-Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading
- master file primaries/wireless.ietf56.ietf.org: no owner".
-
-A: This error is produced when a line in the master file contains leading
- white space (tab/space) but the is no current record owner name to
- inherit the name from. Usually this is the result of putting white
- space before a comment, forgetting the "@" for the SOA record, or
- indenting the master file.
-
-Q: Why are my logs in GMT (UTC).
-
-A: You are running chrooted (-t) and have not supplied local timezone
- information in the chroot area.
-
- FreeBSD: /etc/localtime
- Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
- OSF: /etc/zoneinfo/localtime
-
- See also tzset(3) and zic(8).
-
-Q: I get "rndc: connect failed: connection refused" when I try to run
- rndc.
-
-A: This is usually a configuration error.
-
- First ensure that named is running and no errors are being reported at
- startup (/var/log/messages or equivalent). Running "named -g <usual
- arguments>" from a title can help at this point.
-
- Secondly ensure that named is configured to use rndc either by
- "rndc-confgen -a", rndc-confgen or manually. The Administrators
- Reference manual has details on how to do this.
-
- Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /
- etc/rndc.conf for the default server. Update /etc/rndc.conf if
- necessary so that the default server listed in /etc/rndc.conf matches
- the addresses used in named.conf. "localhost" has two address
- (127.0.0.1 and ::1).
-
- If you use "rndc-confgen -a" and named is running with -t or -u ensure
- that /etc/rndc.conf has the correct ownership and that a copy is in the
- chroot area. You can do this by re-running "rndc-confgen -a" with
- appropriate -t and -u arguments.
-
-Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
- receiving responses: permission denied" error messages.
-
-A: These indicate a filesystem permission error preventing named creating
- / renaming the temporary file. These will usually also have other
- associated error messages like
-
- "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
-
- Named needs write permission on the directory containing the file.
- Named writes the new cache file to a temporary file then renames it to
- the name specified in named.conf to ensure that the contents are always
- complete. This is to prevent named loading a partial zone in the event
- of power failure or similar interrupting the write of the master file.
-
- Note file names are relative to the directory specified in options and
- any chroot directory ([<chroot dir>/][<options dir>]).
-
- If named is invoked as "named -t /chroot/DNS" with the following
- named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the
- user named is running as.
-
- options {
- directory "/var/named";
- };
-
- zone "example.net" {
- type slave;
- file "sl/example.net";
- masters { 192.168.4.12; };
- };
-
-Q: I want to forward all DNS queries from my caching nameserver to another
- server. But there are some domains which have to be served locally, via
- rbldnsd.
-
- How do I achieve this ?
-
-A: options {
- forward only;
- forwarders { <ip.of.primary.nameserver>; };
- };
-
- zone "sbl-xbl.spamhaus.org" {
- type forward; forward only;
- forwarders { <ip.of.rbldns.server> port 530; };
- };
-
- zone "list.dsbl.org" {
- type forward; forward only;
- forwarders { <ip.of.rbldns.server> port 530; };
- };
-
-
-Q: Can you help me understand how BIND 9 uses memory to store DNS zones?
-
- Some times it seems to take several times the amount of memory it needs
- to store the zone.
-
-A: When reloading a zone named my have multiple copies of the zone in
- memory at one time. The zone it is serving and the one it is loading.
- If reloads are ultra fast it can have more still.
-
- e.g. Ones that are transferring out, the one that it is serving and the
- one that is loading.
-
- BIND 8 destroyed the zone before loading and also killed off outgoing
- transfers of the zone.
-
- The new strategy allows slaves to get copies of the new zone regardless
- of how often the master is loaded compared to the transfer time. The
- slave might skip some intermediate versions but the transfers will
- complete and it will keep reasonably in sync with the master.
-
- The new strategy also allows the master to recover from syntax and
- other errors in the master file as it still has an in-core copy of the
- old contents.
-
-Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
- External lookups are slow.
-
-A: You can use server clauses to stop named making external lookups over
- IPv6.
-
- server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
- server ::/0 { bogus yes; };
-
-3. Operations Questions
-
-Q: How to change the nameservers for a zone?
-
-A: Step 1: Ensure all nameservers, new and old, are serving the same zone
- content.
-
- Step 2: Work out the maximum TTL of the NS RRset in the parent and
- child zones. This is the time it will take caches to be clear of a
- particular version of the NS RRset. If you are just removing
- nameservers you can skip to Step 6.
-
- Step 3: Add new nameservers to the NS RRset for the zone and wait until
- all the servers for the zone are answering with this new NS RRset.
-
- Step 4: Inform the parent zone of the new NS RRset then wait for all
- the parent servers to be answering with the new NS RRset.
-
- Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
- how long. If you are just adding nameservers you are done.
-
- Step 6: Remove any old nameservers from the zones NS RRset and wait for
- all the servers for the zone to be serving the new NS RRset.
-
- Step 7: Inform the parent zone of the new NS RRset then wait for all
- the parent servers to be answering with the new NS RRset.
-
- Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
- how long.
-
- Step 9: Turn off the old nameservers or remove the zone entry from the
- configuration of the old nameservers.
-
- Step 10: Increment the serial number and wait for the change to be
- visible in all nameservers for the zone. This ensures that zone
- transfers are still working after the old servers are decommissioned.
-
- Note: the above procedure is designed to be transparent to dns clients.
- Decommissioning the old servers too early will result in some clients
- not being able to look up answers in the zone.
-
- Note: while it is possible to run the addition and removal stages
- together it is not recommended.
-
-4. General Questions
-
-Q: I keep getting log messages like the following. Why?
-
- Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
- update failed: 'RRset exists (value dependent)' prerequisite not
- satisfied (NXRRSET)
-
-A: DNS updates allow the update request to test to see if certain
- conditions are met prior to proceeding with the update. The message
- above is saying that conditions were not met and the update is not
- proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
-
-Q: I keep getting log messages like the following. Why?
-
- Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
-
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic
- Update protocol. Windows 2000 machines have a habit of sending dynamic
- update requests to DNS servers without being specifically configured to
- do so. If the update requests are coming from a Windows 2000 machine,
- see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
- for information about how to turn them off.
-
-Q: When I do a "dig . ns", many of the A records for the root servers are
- missing. Why?
-
-A: This is normal and harmless. It is a somewhat confusing side effect of
- the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
- makes to avoid promoting glue into answers.
-
- When BIND 9 first starts up and primes its cache, it receives the root
- server addresses as additional data in an authoritative response from a
- root server, and these records are eligible for inclusion as additional
- data in responses. Subsequently it receives a subset of the root server
- addresses as additional data in a non-authoritative (referral) response
- from a root server. This causes the addresses to now be considered
- non-authoritative (glue) data, which is not eligible for inclusion in
- responses.
-
- The server does have a complete set of root server addresses cached at
- all times, it just may not include all of them as additional data,
- depending on whether they were last received as answers or as glue. You
- can always look up the addresses with explicit queries like "dig
- a.root-servers.net A".
-
-Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
-
-A: A zone can be updated either by editing zone files and reloading the
- server or by dynamic update, but not both. If you have enabled dynamic
- update for a zone using the "allow-update" option, you are not supposed
- to edit the zone file by hand, and the server will not attempt to
- reload it.
-
-Q: Why is named listening on UDP port other than 53?
-
-A: Named uses a system selected port to make queries of other nameservers.
- This behaviour can be overridden by using query-source to lock down the
- port and/or address. See also notify-source and transfer-source.
-
-Q: I get warning messages like "zone example.com/IN: refresh: failure
- trying master 1.2.3.4#53: timed out".
-
-A: Check that you can make UDP queries from the slave to the master
-
- dig +norec example.com soa @1.2.3.4
-
- You could be generating queries faster than the slave can cope with.
- Lower the serial query rate.
-
- serial-query-rate 5; // default 20
-
-Q: I don't get RRSIG's returned when I use "dig +dnssec".
-
-A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
-
-Q: Can a NS record refer to a CNAME.
-
-A: No. The rules for glue (copies of the *address* records in the parent
- zones) and additional section processing do not allow it to work.
-
- You would have to add both the CNAME and address records (A/AAAA) as
- glue to the parent zone and have CNAMEs be followed when doing
- additional section processing to make it work. No nameserver
- implementation supports either of these requirements.
-
-Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA"
- mean?
-
-A: If the IN-ADDR.ARPA name covered refers to a internal address space you
- are using then you have failed to follow RFC 1918 usage rules and are
- leaking queries to the Internet. You should establish your own zones
- for these addresses to prevent you querying the Internet's name servers
- for these addresses. Please see <http://as112.net/> for details of the
- problems you are causing and the counter measures that have had to be
- deployed.
-
- If you are not using these private addresses then a client has queried
- for them. You can just ignore the messages, get the offending client to
- stop sending you these messages as they are most probably leaking them
- or setup your own zones empty zones to serve answers to these queries.
-
- zone "10.IN-ADDR.ARPA" {
- type master;
- file "empty";
- };
-
- zone "16.172.IN-ADDR.ARPA" {
- type master;
- file "empty";
- };
-
- ...
-
- zone "31.172.IN-ADDR.ARPA" {
- type master;
- file "empty";
- };
-
- zone "168.192.IN-ADDR.ARPA" {
- type master;
- file "empty";
- };
-
- empty:
- @ 10800 IN SOA <name-of-server>. <contact-email>. (
- 1 3600 1200 604800 10800 )
- @ 10800 IN NS <name-of-server>.
-
- Note
-
- Future versions of named are likely to do this automatically.
-
-Q: Will named be affected by the 2007 changes to daylight savings rules in
- the US.
-
-A: No, so long as the machines internal clock (as reported by "date -u")
- remains at UTC. The only visible change if you fail to upgrade your OS,
- if you are in a affected area, will be that log messages will be a hour
- out during the period where the old rules do not match the new rules.
-
- For most OS's this change just means that you need to update the
- conversion rules from UTC to local time. Normally this involves
- updating a file in /etc (which sets the default timezone for the
- machine) and possibly a directory which has all the conversion rules
- for the world (e.g. /usr/share/zoneinfo). When updating the OS do not
- forget to update any chroot areas as well. See your OS's documentation
- for more details.
-
- The local timezone conversion rules can also be done on a individual
- basis by setting the TZ environment variable appropriately. See your
- OS's documentation for more details.
-
-Q: Is there a bugzilla (or other tool) database that mere mortals can have
- (read-only) access to for bind?
-
-A: No. The BIND 9 bug database is kept closed for a number of reasons.
- These include, but are not limited to, that the database contains
- proprietory information from people reporting bugs. The database has in
- the past and may in future contain unfixed bugs which are capable of
- bringing down most of the Internet's DNS infrastructure.
-
- The release pages for each version contain up to date lists of bugs
- that have been fixed post release. That is as close as we can get to
- providing a bug database.
-
-Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
-
-A: NSEC3 records are strictly meta data and can only be returned in the
- authority section. This is done so that signing the zone using NSEC3
- records does not bring names into existence that do not exist in the
- unsigned version of the zone.
-
-5. Operating-System Specific Questions
-
-5.1. HPUX
-
-Q: I get the following error trying to configure BIND:
-
- checking if unistd.h or sys/types.h defines fd_set... no
- configure: error: need either working unistd.h or sys/select.h
-
-A: You have attempted to configure BIND with the bundled C compiler. This
- compiler does not meet the minimum compiler requirements to for
- building BIND. You need to install a ANSI C compiler and / or teach
- configure how to find the ANSI C compiler. The later can be done by
- adjusting the PATH environment variable and / or specifying the
- compiler via CC.
-
- ./configure CC=<compiler> ...
-
-5.2. Linux
-
-Q: Why do I get the following errors:
-
- general: errno2result.c:109: unexpected error:
- general: unable to convert errno to isc_result: 14: Bad address
- client: UDP client handler shutting down due to fatal receive error: unexpected error
-
-A: This is the result of a Linux kernel bug.
-
- See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
- 2>
-
-Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
-
-A: This is due to a kernel bug where the fact that a socket is marked
- non-blocking is ignored. It is reported that setting xfrm_larval_drop
- to 1 helps but this may have negative side effects. See: <https://
- bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
- 2007/12/4/260>.
-
- xfrm_larval_drop can be set to 1 by the following procedure:
-
- echo "1" > proc/sys/net/core/xfrm_larval_drop
-
-Q: Why do I see 5 (or more) copies of named on Linux?
-
-A: Linux threads each show up as a process under ps. The approximate
- number of threads running is n+4, where n is the number of CPUs. Note
- that the amount of memory used is not cumulative; if each process is
- using 10M of memory, only a total of 10M is used.
-
- Newer versions of Linux's ps command hide the individual threads and
- require -L to display them.
-
-Q: Why does BIND 9 log "permission denied" errors accessing its
- configuration files or zones on my Linux system even though it is
- running as root?
-
-A: On Linux, BIND 9 drops most of its root privileges on startup. This
- including the privilege to open files owned by other users. Therefore,
- if the server is running as root, the configuration files and zone
- files should also be owned by root.
-
-Q: I get the error message "named: capset failed: Operation not permitted"
- when starting named.
-
-A: The capability module, part of "Linux Security Modules/LSM", has not
- been loaded into the kernel. See insmod(8), modprobe(8).
-
- The relevant modules can be loaded by running:
-
- modprobe commoncap
- modprobe capability
-
-Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
-
- Why can't named update slave zone database files?
-
- Why can't named create DDNS journal files or update the master zones
- from journals?
-
- Why can't named create custom log files?
-
-A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
-
- Red Hat have adopted the National Security Agency's SELinux security
- policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
- security , which are more secure than running named in a chroot and
- make use of the bind-chroot environment unnecessary .
-
- By default, named is not allowed by the SELinux policy to write, create
- or delete any files EXCEPT in these directories:
-
- $ROOTDIR/var/named/slaves
- $ROOTDIR/var/named/data
- $ROOTDIR/var/tmp
-
-
- where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is
- installed.
-
- The SELinux policy particularly does NOT allow named to modify the
- $ROOTDIR/var/named directory, the default location for master zone
- database files.
-
- SELinux policy overrules file access permissions - so even if all the
- files under /var/named have ownership named:named and mode rw-rw-r--,
- named will still not be able to write or create files except in the
- directories above, with SELinux in Enforcing mode.
-
- So, to allow named to update slave or DDNS zone files, it is best to
- locate them in $ROOTDIR/var/named/slaves, with named.conf zone
- statements such as:
-
- zone "slave.zone." IN {
- type slave;
- file "slaves/slave.zone.db";
- ...
- };
- zone "ddns.zone." IN {
- type master;
- allow-updates {...};
- file "slaves/ddns.zone.db";
- };
-
-
- To allow named to create its cache dump and statistics files, for
- example, you could use named.conf options statements such as:
-
- options {
- ...
- dump-file "/var/named/data/cache_dump.db";
- statistics-file "/var/named/data/named_stats.txt";
- ...
- };
-
-
- You can also tell SELinux to allow named to update any zone database
- files, by setting the SELinux tunable boolean parameter
- 'named_write_master_zones=1', using the system-config-securitylevel
- GUI, using the 'setsebool' command, or in /etc/selinux/targeted/
- booleans.
-
- You can disable SELinux protection for named entirely by setting the
- 'named_disable_trans=1' SELinux tunable boolean parameter.
-
- The SELinux named policy defines these SELinux contexts for named:
-
- named_zone_t : for zone database files - $ROOTDIR/var/named/*
- named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
- named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
-
-
- If you want to retain use of the SELinux policy for named, and put
- named files in different locations, you can do so by changing the
- context of the custom file locations .
-
- To create a custom configuration file location, e.g. '/root/
- named.conf', to use with the 'named -c' option, do:
-
- # chcon system_u:object_r:named_conf_t /root/named.conf
-
-
- To create a custom modifiable named data location, e.g. '/var/log/
- named' for a log file, do:
-
- # chcon system_u:object_r:named_cache_t /var/log/named
-
-
- To create a custom zone file location, e.g. /root/zones/, do:
-
- # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
-
-
- See these man-pages for more information : selinux(8), named_selinux
- (8), chcon(1), setsebool(8)
-
-Q: I'm running BIND on Ubuntu -
-
- Why can't named update slave zone database files?
-
- Why can't named create DDNS journal files or update the master zones
- from journals?
-
- Why can't named create custom log files?
-
-A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
- addition to normal file system permissions to protect the system.
-
- Adjust the paths to use those specified in /etc/apparmor.d/
- usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
- to write at the location specified in named.conf.
-
-Q: Listening on individual IPv6 interfaces does not work.
-
-A: This is usually due to "/proc/net/if_inet6" not being available in the
- chroot file system. Mount another instance of "proc" in the chroot file
- system.
-
- This can be be made permanent by adding a second instance to /etc/
- fstab.
-
- proc /proc proc defaults 0 0
- proc /var/named/proc proc defaults 0 0
-
-5.3. Windows
-
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
- Why?
-
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS
- messages larger than 16K are not handled properly. This can be worked
- around by setting the option "transfer-format one-answer;". Also check
- whether your zone contains domain names with embedded spaces or other
- special characters, like "John\032Doe\213s\032Computer", since such
- names have been known to cause Windows 2000 slaves to incorrectly
- reject the zone.
-
-Q: I get "Error 1067" when starting named under Windows.
-
-A: This is the service manager saying that named exited. You need to
- examine the Application log in the EventViewer to find out why.
-
- Common causes are that you failed to create "named.conf" (usually "C:\
- windows\dns\etc\named.conf") or failed to specify the directory in
- named.conf.
-
- options {
- Directory "C:\windows\dns\etc";
- };
-
-5.4. FreeBSD
-
-Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
- use certain interrupts as a source of random events. You can make this
- permanent by setting rand_irqs in /etc/rc.conf.
-
- rand_irqs="3 14 15"
-
- See also <http://people.freebsd.org/~dougb/randomness.html>.
-
-5.5. Solaris
-
-Q: How do I integrate BIND 9 and Solaris SMF
-
-A: Sun has a blog entry describing how to do this.
-
- <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
-
-5.6. Apple Mac OS X
-
-Q: How do I run BIND 9 on Apple Mac OS X?
-
-A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
-
- % sudo rndc-confgen > /etc/rndc.conf
-
- Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
-
- key "rndc-key" {
- algorithm hmac-md5;
- secret "uvceheVuqf17ZwIcTydddw==";
- };
-
- Then start the relevant service:
-
- % sudo service org.isc.named start
-
- This is persistent upon a reboot, so you will have to do it only once.
-
-A: Alternatively you can just generate /etc/rndc.key by running:
-
- % sudo rndc-confgen -a
-
- Then start the relevant service:
-
- % sudo service org.isc.named start
-
- Named will look for /etc/rndc.key when it starts if it doesn't have a
- controls section or the existing controls are missing keys sub-clauses.
- This is persistent upon a reboot, so you will have to do it only once.
-
View
1,612 dhcp-4.2.3-P2/bind/bind-9.8.1-P1/FAQ.xml
@@ -1,1612 +0,0 @@
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
-<!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: FAQ.xml,v 1.54 2010-01-19 23:48:55 tbox Exp $ -->
-
-<article class="faq">
- <title>Frequently Asked Questions about BIND 9</title>
- <articleinfo>
- <copyright>
- <year>2004</year>
- <year>2005</year>
- <year>2006</year>
- <year>2007</year>
- <year>2008</year>
- <year>2009</year>
- <year>2010</year>
- <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
- </copyright>
- <copyright>
- <year>2000</year>
- <year>2001</year>
- <year>2002</year>
- <year>2003</year>
- <holder>Internet Software Consortium.</holder>
- </copyright>
- </articleinfo>
- <qandaset defaultlabel='qanda'>
-
- <qandadiv><title>Compilation and Installation Questions</title>
-
- <qandaentry>
- <question>
- <para>
- I'm trying to compile BIND 9, and "make" is failing due to
- files not being found. Why?
- </para>
- </question>
- <answer>
- <para>
- Using a parallel or distributed "make" to build BIND 9 is
- not supported, and doesn't work. If you are using one of
- these, use normal make or gmake instead.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Isn't "make install" supposed to generate a default named.conf?
- </para>
- </question>
- <answer>
- <para>
- Short Answer: No.
- </para>
- <para>
- Long Answer: There really isn't a default configuration which fits
- any site perfectly. There are lots of decisions that need to
- be made and there is no consensus on what the defaults should be.
- For example FreeBSD uses /etc/namedb as the location where the
- configuration files for named are stored. Others use /var/named.
- </para>
- <para>
- What addresses to listen on? For a laptop on the move a lot
- you may only want to listen on the loop back interfaces.
- </para>
- <para>
- Who do you offer recursive service to? Is there are firewall
- to consider? If so is it stateless or stateful. Are you
- directly on the Internet? Are you on a private network? Are
- you on a NAT'd network? The answers
- to all these questions change how you configure even a
- caching name server.
- </para>
- </answer>
- </qandaentry>
-
- </qandadiv> <!-- Compilation and Installation Questions -->
-
- <qandadiv><title>Configuration and Setup Questions</title>
-
- <qandaentry>
- <!-- configuration, log -->
- <question>
- <para>
- Why does named log the warning message <quote>no TTL specified -
- using SOA MINTTL instead</quote>?
- </para>
- </question>
- <answer>
- <para>
- Your zone file is illegal according to RFC1035. It must either
- have a line like:
- </para>
- <informalexample>
- <programlisting>
-$TTL 86400</programlisting>
- </informalexample>
- <para>
- at the beginning, or the first record in it must have a TTL field,
- like the "84600" in this example:
- </para>
- <informalexample>
- <programlisting>
-example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <!-- configuration -->
- <question>
- <para>
- Why do I get errors like <quote>dns_zone_load: zone foo/IN: loading
- master file bar: ran out of space</quote>?
- </para>
- </question>
- <answer>
- <para>
- This is often caused by TXT records with missing close
- quotes. Check that all TXT records containing quoted strings
- have both open and close quotes.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <!-- security -->
- <question>
- <para>
- How do I restrict people from looking up the server version?
- </para>
- </question>
- <answer>
- <para>
- Put a "version" option containing something other than the
- real version in the "options" section of named.conf. Note
- doing this will not prevent attacks and may impede people
- trying to diagnose problems with your server. Also it is
- possible to "fingerprint" nameservers to determine their
- version.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <!-- security -->
- <question>
- <para>
- How do I restrict only remote users from looking up the
- server version?
- </para>
- </question>
- <answer>
- <para>
- The following view statement will intercept lookups as the
- internal view that holds the version information will be
- matched last. The caveats of the previous answer still
- apply, of course.
- </para>
- <informalexample>
- <programlisting>
-view "chaos" chaos {
- match-clients { &lt;those to be refused&gt;; };
- allow-query { none; };
- zone "." {
- type hint;
- file "/dev/null"; // or any empty file
- };
-};</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <!-- configuration -->
- <question>
- <para>
- What do <quote>no source of entropy found</quote> or <quote>could not
- open entropy source foo</quote> mean?
- </para>
- </question>
- <answer>
- <para>
- The server requires a source of entropy to perform certain
- operations, mostly DNSSEC related. These messages indicate
- that you have no source of entropy. On systems with
- /dev/random or an equivalent, it is used by default. A
- source of entropy can also be defined using the random-device
- option in named.conf.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <!-- configuration -->
- <question>
- <para>
- I'm trying to use TSIG to authenticate dynamic updates or
- zone transfers. I'm sure I have the keys set up correctly,
- but the server is rejecting the TSIG. Why?
- </para>
- </question>
- <answer>
- <para>
- This may be a clock skew problem. Check that the the clocks
- on the client and server are properly synchronised (e.g.,
- using ntp).
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I see a log message like the following. Why?
- </para>
- <para>
- couldn't open pid file '/var/run/named.pid': Permission denied
- </para>
- </question>
- <answer>
- <para>
- You are most likely running named as a non-root user, and
- that user does not have permission to write in /var/run.
- The common ways of fixing this are to create a /var/run/named
- directory owned by the named user and set pid-file to
- "/var/run/named/named.pid", or set pid-file to "named.pid",
- which will put the file in the directory specified by the
- directory option (which, in this case, must be writable by
- the named user).
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I can query the nameserver from the nameserver but not from other
- machines. Why?
- </para>
- </question>
- <answer>
- <para>
- This is usually the result of the firewall configuration stopping
- the queries and / or the replies.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- How can I make a server a slave for both an internal and
- an external view at the same time? When I tried, both views
- on the slave were transferred from the same view on the master.
- </para>
- </question>
- <answer>
- <para>
- You will need to give the master and slave multiple IP
- addresses and use those to make sure you reach the correct
- view on the other machine.
- </para>
- <informalexample>
- <programlisting>
-Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.1;
- transfer-source 10.0.1.1;
- query-source address 10.0.1.1;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.2;
- transfer-source 10.0.1.2;
- query-source address 10.0.1.2;
-
-Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
- internal:
- match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
- notify-source 10.0.1.3;
- transfer-source 10.0.1.3;
- query-source address 10.0.1.3;
- external:
- match-clients { any; };
- recursion no; // don't offer recursion to the world
- notify-source 10.0.1.4;
- transfer-source 10.0.1.4;
- query-source address 10.0.1.4;</programlisting>
- </informalexample>
- <para>
- You put the external address on the alias so that all the other
- dns clients on these boxes see the internal view by default.
- </para>
- </answer>
- <answer>
- <para>
- BIND 9.3 and later: Use TSIG to select the appropriate view.
- </para>
- <informalexample>
- <programlisting>
-Master 10.0.1.1:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; // reject message ment for the
- // external view.
- 10.0.1/24; }; // accept from these addresses.
- ...
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.1.2 { keys external; }; // tag messages from the
- // external view to the
- // other servers for the
- // view.
- recursion no;
- ...
- };
-
-Slave 10.0.1.2:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- ...
- };
- view "external" {
- match-clients { key external; any; };
- server 10.0.1.1 { keys external; };
- recursion no;
- ...
- };</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get error messages like <quote>multiple RRs of singleton type</quote>
- and <quote>CNAME and other data</quote> when transferring a zone. What
- does this mean?
- </para>
- </question>
- <answer>
- <para>
- These indicate a malformed master zone. You can identify
- the exact records involved by transferring the zone using
- dig then running named-checkzone on it.
- </para>
- <informalexample>
- <programlisting>
-dig axfr example.com @master-server &gt; tmp
-named-checkzone example.com tmp</programlisting>
- </informalexample>
- <para>
- A CNAME record cannot exist with the same name as another record
- except for the DNSSEC records which prove its existence (NSEC).
- </para>
- <para>
- RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
- no other data should be present; this ensures that the data for a
- canonical name and its aliases cannot be different. This rule also
- insures that a cached CNAME can be used without checking with an
- authoritative server for other RR types.</quote>
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get error messages like <quote>named.conf:99: unexpected end
- of input</quote> where 99 is the last line of named.conf.
- </para>
- </question>
- <answer>
- <para>
- There are unbalanced quotes in named.conf.
- </para>
- </answer>
- <answer>
- <para>
- Some text editors (notepad and wordpad) fail to put a line
- title indication (e.g. CR/LF) on the last line of a
- text file. This can be fixed by "adding" a blank line to
- the end of the file. Named expects to see EOF immediately
- after EOL and treats text files where this is not met as
- truncated.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- How do I share a dynamic zone between multiple views?
- </para>
- </question>
- <answer>
- <para>
- You choose one view to be master and the second a slave and
- transfer the zone between views.
- </para>
- <informalexample>
- <programlisting>
-Master 10.0.1.1:
- key "external" {
- algorithm hmac-sha256;
- secret "xxxxxxxxxxxxxxxxxxxxxxxx";
- };
-
- key "mykey" {
- algorithm hmac-sha256;
- secret "yyyyyyyyyyyyyyyyyyyyyyyy";
- };
-
- view "internal" {
- match-clients { !key external; 10.0.1/24; };
- server 10.0.1.1 {
- /* Deliver notify messages to external view. */
- keys { external; };
- };
- zone "example.com" {
- type master;
- file "internal/example.db";
- allow-update { key mykey; };
- also-notify { 10.0.1.1; };
- };
- };
-
- view "external" {
- match-clients { key external; any; };
- zone "example.com" {
- type slave;
- file "external/example.db";
- masters { 10.0.1.1; };
- transfer-source 10.0.1.1;
- // allow-update-forwarding { any; };
- // allow-notify { ... };
- };
- };</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get a error message like <quote>zone wireless.ietf56.ietf.org/IN:
- loading master file primaries/wireless.ietf56.ietf.org: no
- owner</quote>.
- </para>
- </question>
- <answer>
- <para>
- This error is produced when a line in the master file
- contains leading white space (tab/space) but the is no
- current record owner name to inherit the name from. Usually
- this is the result of putting white space before a comment,
- forgetting the "@" for the SOA record, or indenting the master
- file.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why are my logs in GMT (UTC).
- </para>
- </question>
- <answer>
- <para>
- You are running chrooted (-t) and have not supplied local timezone
- information in the chroot area.
- </para>
- <simplelist>
- <member>FreeBSD: /etc/localtime</member>
- <member>Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo</member>
- <member>OSF: /etc/zoneinfo/localtime</member>
- </simplelist>
- <para>
- See also tzset(3) and zic(8).
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get <quote>rndc: connect failed: connection refused</quote> when
- I try to run rndc.
- </para>
- </question>
- <answer>
- <para>
- This is usually a configuration error.
- </para>
- <para>
- First ensure that named is running and no errors are being
- reported at startup (/var/log/messages or equivalent).
- Running "named -g &lt;usual arguments&gt;" from a title
- can help at this point.
- </para>
- <para>
- Secondly ensure that named is configured to use rndc either
- by "rndc-confgen -a", rndc-confgen or manually. The
- Administrators Reference manual has details on how to do
- this.
- </para>
- <para>
- Old versions of rndc-confgen used localhost rather than
- 127.0.0.1 in /etc/rndc.conf for the default server. Update
- /etc/rndc.conf if necessary so that the default server
- listed in /etc/rndc.conf matches the addresses used in
- named.conf. "localhost" has two address (127.0.0.1 and
- ::1).
- </para>
- <para>
- If you use "rndc-confgen -a" and named is running with -t or -u
- ensure that /etc/rndc.conf has the correct ownership and that
- a copy is in the chroot area. You can do this by re-running
- "rndc-confgen -a" with appropriate -t and -u arguments.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get <quote>transfer of 'example.net/IN' from 192.168.4.12#53:
- failed while receiving responses: permission denied</quote> error
- messages.
- </para>
- </question>
- <answer>
- <para>
- These indicate a filesystem permission error preventing
- named creating / renaming the temporary file. These will
- usually also have other associated error messages like
- </para>
- <informalexample>
- <programlisting>
-"dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"</programlisting>
- </informalexample>
- <para>
- Named needs write permission on the directory containing
- the file. Named writes the new cache file to a temporary
- file then renames it to the name specified in named.conf
- to ensure that the contents are always complete. This is
- to prevent named loading a partial zone in the event of
- power failure or similar interrupting the write of the
- master file.
- </para>
- <para>
- Note file names are relative to the directory specified in
- options and any chroot directory ([&lt;chroot
- dir&gt;/][&lt;options dir&gt;]).
- </para>
- <informalexample>
- <para>
- If named is invoked as "named -t /chroot/DNS" with
- the following named.conf then "/chroot/DNS/var/named/sl"
- needs to be writable by the user named is running as.
- </para>
- <programlisting>
-options {
- directory "/var/named";
-};
-
-zone "example.net" {
- type slave;
- file "sl/example.net";
- masters { 192.168.4.12; };
-};</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I want to forward all DNS queries from my caching nameserver to
- another server. But there are some domains which have to be
- served locally, via rbldnsd.
- </para>
- <para>
- How do I achieve this ?
- </para>
- </question>
- <answer>
- <programlisting>
-options {
- forward only;
- forwarders { &lt;ip.of.primary.nameserver&gt;; };
-};
-
-zone "sbl-xbl.spamhaus.org" {
- type forward; forward only;
- forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
-
-zone "list.dsbl.org" {
- type forward; forward only;
- forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
- </programlisting>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Can you help me understand how BIND 9 uses memory to store
- DNS zones?
- </para>
- <para>
- Some times it seems to take several times the amount of
- memory it needs to store the zone.
- </para>
- </question>
- <answer>
- <para>
- When reloading a zone named my have multiple copies of
- the zone in memory at one time. The zone it is serving
- and the one it is loading. If reloads are ultra fast it
- can have more still.
- </para>
- <para>
- e.g. Ones that are transferring out, the one that it is
- serving and the one that is loading.
- </para>
- <para>
- BIND 8 destroyed the zone before loading and also killed
- off outgoing transfers of the zone.
- </para>
- <para>
- The new strategy allows slaves to get copies of the new
- zone regardless of how often the master is loaded compared
- to the transfer time. The slave might skip some intermediate
- versions but the transfers will complete and it will keep
- reasonably in sync with the master.
- </para>
- <para>
- The new strategy also allows the master to recover from
- syntax and other errors in the master file as it still
- has an in-core copy of the old contents.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I want to use IPv6 locally but I don't have a external IPv6
- connection. External lookups are slow.
- </para>
- </question>
- <answer>
- <para>
- You can use server clauses to stop named making external lookups
- over IPv6.
- </para>
- <programlisting>
-server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
-server ::/0 { bogus yes; };
-</programlisting>
- </answer>
- </qandaentry>
-
- </qandadiv> <!-- Configuration and Setup Questions -->
-
- <qandadiv><title>Operations Questions</title>
-
- <qandaentry>
- <question>
- <para>
- How to change the nameservers for a zone?
- </para>
- </question>
- <answer>
- <para>
- Step 1: Ensure all nameservers, new and old, are serving the
- same zone content.
- </para>
- <para>
- Step 2: Work out the maximum TTL of the NS RRset in the parent and child
- zones. This is the time it will take caches to be clear of a
- particular version of the NS RRset.
- If you are just removing nameservers you can skip to Step 6.
- </para>
- <para>
- Step 3: Add new nameservers to the NS RRset for the zone and
- wait until all the servers for the zone are answering with this
- new NS RRset.
- </para>
- <para>
- Step 4: Inform the parent zone of the new NS RRset then wait for all the
- parent servers to be answering with the new NS RRset.
- </para>
- <para>
- Step 5: Wait for cache to be clear of the old NS RRset.
- See Step 2 for how long.
- If you are just adding nameservers you are done.
- </para>
- <para>
- Step 6: Remove any old nameservers from the zones NS RRset and
- wait for all the servers for the zone to be serving the new NS RRset.
- </para>
- <para>
- Step 7: Inform the parent zone of the new NS RRset then wait for all the
- parent servers to be answering with the new NS RRset.
- </para>
- <para>
- Step 8: Wait for cache to be clear of the old NS RRset.
- See Step 2 for how long.
- </para>
- <para>
- Step 9: Turn off the old nameservers or remove the zone entry from
- the configuration of the old nameservers.
- </para>
- <para>
- Step 10: Increment the serial number and wait for the change to
- be visible in all nameservers for the zone. This ensures that
- zone transfers are still working after the old servers are
- decommissioned.
- </para>
- <para>
- Note: the above procedure is designed to be transparent
- to dns clients. Decommissioning the old servers too early
- will result in some clients not being able to look up
- answers in the zone.
- </para>
- <para>
- Note: while it is possible to run the addition and removal
- stages together it is not recommended.
- </para>
- </answer>
- </qandaentry>
-
- </qandadiv> <!-- Operations Questions -->
-
- <qandadiv><title>General Questions</title>
-
- <qandaentry>
- <question>
- <para>
- I keep getting log messages like the following. Why?
- </para>
- <para>
- Dec 4 23:47:59 client 10.0.0.1#1355: updating zone
- 'example.com/IN': update failed: 'RRset exists (value
- dependent)' prerequisite not satisfied (NXRRSET)
- </para>
- </question>
- <answer>
- <para>
- DNS updates allow the update request to test to see if
- certain conditions are met prior to proceeding with the
- update. The message above is saying that conditions were
- not met and the update is not proceeding. See doc/rfc/rfc2136.txt
- for more details on prerequisites.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I keep getting log messages like the following. Why?
- </para>
- <para>
- Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
- </para>
- </question>
- <answer>
- <para>
- Someone is trying to update your DNS data using the RFC2136
- Dynamic Update protocol. Windows 2000 machines have a habit
- of sending dynamic update requests to DNS servers without
- being specifically configured to do so. If the update
- requests are coming from a Windows 2000 machine, see
- <ulink
- url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
- &lt;http://support.microsoft.com/support/kb/articles/q246/8/04.asp&gt;</ulink>
- for information about how to turn them off.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- When I do a "dig . ns", many of the A records for the root
- servers are missing. Why?
- </para>
- </question>
- <answer>
- <para>
- This is normal and harmless. It is a somewhat confusing
- side effect of the way BIND 9 does RFC2181 trust ranking
- and of the efforts BIND 9 makes to avoid promoting glue
- into answers.
- </para>
- <para>
- When BIND 9 first starts up and primes its cache, it receives
- the root server addresses as additional data in an authoritative
- response from a root server, and these records are eligible
- for inclusion as additional data in responses. Subsequently
- it receives a subset of the root server addresses as
- additional data in a non-authoritative (referral) response
- from a root server. This causes the addresses to now be
- considered non-authoritative (glue) data, which is not
- eligible for inclusion in responses.
- </para>
- <para>
- The server does have a complete set of root server addresses
- cached at all times, it just may not include all of them
- as additional data, depending on whether they were last
- received as answers or as glue. You can always look up the
- addresses with explicit queries like "dig a.root-servers.net A".
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why don't my zones reload when I do an "rndc reload" or SIGHUP?
- </para>
- </question>
- <answer>
- <para>
- A zone can be updated either by editing zone files and
- reloading the server or by dynamic update, but not both.
- If you have enabled dynamic update for a zone using the
- "allow-update" option, you are not supposed to edit the
- zone file by hand, and the server will not attempt to reload
- it.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why is named listening on UDP port other than 53?
- </para>
- </question>
- <answer>
- <para>
- Named uses a system selected port to make queries of other
- nameservers. This behaviour can be overridden by using
- query-source to lock down the port and/or address. See
- also notify-source and transfer-source.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I get warning messages like <quote>zone example.com/IN: refresh:
- failure trying master 1.2.3.4#53: timed out</quote>.
- </para>
- </question>
- <answer>
- <para>
- Check that you can make UDP queries from the slave to the master
- </para>
- <informalexample>
- <programlisting>
-dig +norec example.com soa @1.2.3.4</programlisting>
- </informalexample>
- <para>
- You could be generating queries faster than the slave can
- cope with. Lower the serial query rate.
- </para>
- <informalexample>
- <programlisting>
-serial-query-rate 5; // default 20</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- I don't get RRSIG's returned when I use "dig +dnssec".
- </para>
- </question>
- <answer>
- <para>
- You need to ensure DNSSEC is enabled (dnssec-enable yes;).
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Can a NS record refer to a CNAME.
- </para>
- </question>
- <answer>
- <para>
- No. The rules for glue (copies of the *address* records
- in the parent zones) and additional section processing do
- not allow it to work.
- </para>
- <para>
- You would have to add both the CNAME and address records
- (A/AAAA) as glue to the parent zone and have CNAMEs be
- followed when doing additional section processing to make
- it work. No nameserver implementation supports either of
- these requirements.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- What does <quote>RFC 1918 response from Internet for
- 0.0.0.10.IN-ADDR.ARPA</quote> mean?
- </para>
- </question>
- <answer>
- <para>
- If the IN-ADDR.ARPA name covered refers to a internal address
- space you are using then you have failed to follow RFC 1918
- usage rules and are leaking queries to the Internet. You
- should establish your own zones for these addresses to prevent
- you querying the Internet's name servers for these addresses.
- Please see <ulink url="http://as112.net/">&lt;http://as112.net/&gt;</ulink>
- for details of the problems you are causing and the counter
- measures that have had to be deployed.
- </para>
- <para>
- If you are not using these private addresses then a client
- has queried for them. You can just ignore the messages,
- get the offending client to stop sending you these messages
- as they are most probably leaking them or setup your own zones
- empty zones to serve answers to these queries.
- </para>
- <informalexample>
- <programlisting>
-zone "10.IN-ADDR.ARPA" {
- type master;
- file "empty";
-};
-
-zone "16.172.IN-ADDR.ARPA" {
- type master;
- file "empty";
-};
-
-...
-
-zone "31.172.IN-ADDR.ARPA" {
- type master;
- file "empty";
-};
-
-zone "168.192.IN-ADDR.ARPA" {
- type master;
- file "empty";
-};
-
-empty:
-@ 10800 IN SOA &lt;name-of-server&gt;. &lt;contact-email&gt;. (
- 1 3600 1200 604800 10800 )
-@ 10800 IN NS &lt;name-of-server&gt;.</programlisting>
- </informalexample>
- <para>
- <note>
- Future versions of named are likely to do this automatically.
- </note>
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Will named be affected by the 2007 changes to daylight savings
- rules in the US.
- </para>
- </question>
- <answer>
- <para>
- No, so long as the machines internal clock (as reported
- by "date -u") remains at UTC. The only visible change
- if you fail to upgrade your OS, if you are in a affected
- area, will be that log messages will be a hour out during
- the period where the old rules do not match the new rules.
- </para>
- <para>
- For most OS's this change just means that you need to
- update the conversion rules from UTC to local time.
- Normally this involves updating a file in /etc (which
- sets the default timezone for the machine) and possibly
- a directory which has all the conversion rules for the
- world (e.g. /usr/share/zoneinfo). When updating the OS
- do not forget to update any chroot areas as well.
- See your OS's documentation for more details.
- </para>
- <para>
- The local timezone conversion rules can also be done on
- a individual basis by setting the TZ environment variable
- appropriately. See your OS's documentation for more
- details.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Is there a bugzilla (or other tool) database that mere
- mortals can have (read-only) access to for bind?
- </para>
- </question>
- <answer>
- <para>
- No. The BIND 9 bug database is kept closed for a number
- of reasons. These include, but are not limited to, that
- the database contains proprietory information from people
- reporting bugs. The database has in the past and may in
- future contain unfixed bugs which are capable of bringing
- down most of the Internet's DNS infrastructure.
- </para>
- <para>
- The release pages for each version contain up to date
- lists of bugs that have been fixed post release. That
- is as close as we can get to providing a bug database.
- </para>
- </answer>
- </qandaentry>
-
- <qandaentry>
- <question>
- <para>
- Why do queries for NSEC3 records fail to return the NSEC3 record?
- </para>
- </question>
- <answer>
- <para>
- NSEC3 records are strictly meta data and can only be
- returned in the authority section. This is done so that
- signing the zone using NSEC3 records does not bring names
- into existence that do not exist in the unsigned version
- of the zone.
- </para>
- </answer>
- </qandaentry>
-
- </qandadiv> <!-- General Questions -->
-
- <qandadiv><title>Operating-System Specific Questions</title>
-
- <qandadiv><title>HPUX</title>
-
- <qandaentry>
- <question>
- <para>I get the following error trying to configure BIND:
-<programlisting>checking if unistd.h or sys/types.h defines fd_set... no
-configure: error: need either working unistd.h or sys/select.h</programlisting>
- </para>
- </question>
- <answer>
- <para>
- You have attempted to configure BIND with the bundled C compiler.
- This compiler does not meet the minimum compiler requirements to
- for building BIND. You need to install a ANSI C compiler and / or
- teach configure how to find the ANSI C compiler. The later can
- be done by adjusting the PATH environment variable and / or
- specifying the compiler via CC.
- </para>
- <informalexample>
- <programlisting>./configure CC=&lt;compiler&gt; ...</programlisting>
- </informalexample>
- </answer>
- </qandaentry>
-
- </qandadiv> <!-- HPUX -->
-
- <qandadiv><title>Linux</title>
-
- <qandaentry>
- <question>
- <para>
- Why do I get the following errors:
-<programlisting>general: errno2result.c:109: unexpected error:
-general: unable to convert errno to isc_result: 14: Bad address
-client: UDP client handler shutting down due to fatal receive error: unexpected error</programlisting>
- </para>
- </question>
- <answer>
- <para>
- This is the result of a Linux kernel bug.
- </para>
- <para>
- See:
- <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">&lt;http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2&gt;</ulink>
- </para>
- </answer>