diff options
Diffstat (limited to 'contrib/bind9/doc/arm/Bv9ARM.ch04.html')
| -rw-r--r-- | contrib/bind9/doc/arm/Bv9ARM.ch04.html | 72 |
1 files changed, 36 insertions, 36 deletions
diff --git a/contrib/bind9/doc/arm/Bv9ARM.ch04.html b/contrib/bind9/doc/arm/Bv9ARM.ch04.html index 09507fe..e31d85d 100644 --- a/contrib/bind9/doc/arm/Bv9ARM.ch04.html +++ b/contrib/bind9/doc/arm/Bv9ARM.ch04.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.41 2007/10/31 01:35:57 marka Exp $ --> +<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.46 2008/05/24 01:31:11 tbox Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -49,29 +49,29 @@ <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt> <dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd> <dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570642">Split DNS</a></span></dt> -<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570660">Example split DNS setup</a></span></dt></dl></dd> +<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570600">Split DNS</a></span></dt> +<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570618">Example split DNS setup</a></span></dt></dl></dd> <dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571095">Generate Shared Keys for Each Pair of Hosts</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571169">Copying the Shared Secret to Both Machines</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571179">Informing the Servers of the Key's Existence</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571219">Instructing the Server to Use the Key</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571413">TSIG Key Based Access Control</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571458">Errors</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570985">Generate Shared Keys for Each Pair of Hosts</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571127">Copying the Shared Secret to Both Machines</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571138">Informing the Servers of the Key's Existence</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571177">Instructing the Server to Use the Key</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571303">TSIG Key Based Access Control</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571416">Errors</a></span></dt> </dl></dd> -<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571472">TKEY</a></span></dt> -<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571521">SIG(0)</a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571430">TKEY</a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571547">SIG(0)</a></span></dt> <dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571725">Generating Keys</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571795">Signing the Zone</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571874">Configuring Servers</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571684">Generating Keys</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571753">Signing the Zone</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571832">Configuring Servers</a></span></dt> </dl></dd> -<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt> +<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571975">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt> <dd><dl> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572215">Address Lookups Using AAAA Records</a></span></dt> -<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572236">Address to Name Lookups Using Nibble Format</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572173">Address Lookups Using AAAA Records</a></span></dt> +<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572195">Address to Name Lookups Using Nibble Format</a></span></dt> </dl></dd> </dl> </div> @@ -205,7 +205,7 @@ </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2570642"></a>Split DNS</h2></div></div></div> +<a name="id2570600"></a>Split DNS</h2></div></div></div> <p> Setting up different views, or visibility, of the DNS space to internal and external resolvers is usually referred to as a @@ -235,7 +235,7 @@ </p> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2570660"></a>Example split DNS setup</h3></div></div></div> +<a name="id2570618"></a>Example split DNS setup</h3></div></div></div> <p> Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span> (<code class="literal">example.com</code>) @@ -481,7 +481,7 @@ nameserver 172.16.72.4 </p> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571095"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div> +<a name="id2570985"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div> <p> A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>. An arbitrary key name is chosen: "host1-host2.". The key name must @@ -489,7 +489,7 @@ nameserver 172.16.72.4 </p> <div class="sect3" lang="en"> <div class="titlepage"><div><div><h4 class="title"> -<a name="id2571112"></a>Automatic Generation</h4></div></div></div> +<a name="id2571070"></a>Automatic Generation</h4></div></div></div> <p> The following command will generate a 128-bit (16 byte) HMAC-MD5 key as described above. Longer keys are better, but shorter keys @@ -514,7 +514,7 @@ nameserver 172.16.72.4 </div> <div class="sect3" lang="en"> <div class="titlepage"><div><div><h4 class="title"> -<a name="id2571150"></a>Manual Generation</h4></div></div></div> +<a name="id2571109"></a>Manual Generation</h4></div></div></div> <p> The shared secret is simply a random sequence of bits, encoded in base-64. Most ASCII strings are valid base-64 strings (assuming @@ -529,7 +529,7 @@ nameserver 172.16.72.4 </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571169"></a>Copying the Shared Secret to Both Machines</h3></div></div></div> +<a name="id2571127"></a>Copying the Shared Secret to Both Machines</h3></div></div></div> <p> This is beyond the scope of DNS. A secure transport mechanism should be used. This could be secure FTP, ssh, telephone, etc. @@ -537,7 +537,7 @@ nameserver 172.16.72.4 </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571179"></a>Informing the Servers of the Key's Existence</h3></div></div></div> +<a name="id2571138"></a>Informing the Servers of the Key's Existence</h3></div></div></div> <p> Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span> are @@ -566,7 +566,7 @@ key host1-host2. { </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571219"></a>Instructing the Server to Use the Key</h3></div></div></div> +<a name="id2571177"></a>Instructing the Server to Use the Key</h3></div></div></div> <p> Since keys are shared between two hosts only, the server must be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file @@ -598,7 +598,7 @@ server 10.1.2.3 { </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571413"></a>TSIG Key Based Access Control</h3></div></div></div> +<a name="id2571303"></a>TSIG Key Based Access Control</h3></div></div></div> <p> <acronym class="acronym">BIND</acronym> allows IP addresses and ranges to be specified in ACL @@ -626,7 +626,7 @@ allow-update { key host1-host2. ;}; </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571458"></a>Errors</h3></div></div></div> +<a name="id2571416"></a>Errors</h3></div></div></div> <p> The processing of TSIG signed messages can result in several errors. If a signed message is sent to a non-TSIG aware @@ -652,7 +652,7 @@ allow-update { key host1-host2. ;}; </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2571472"></a>TKEY</h2></div></div></div> +<a name="id2571430"></a>TKEY</h2></div></div></div> <p><span><strong class="command">TKEY</strong></span> is a mechanism for automatically generating a shared secret between two hosts. There are several "modes" of @@ -688,7 +688,7 @@ allow-update { key host1-host2. ;}; </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2571521"></a>SIG(0)</h2></div></div></div> +<a name="id2571547"></a>SIG(0)</h2></div></div></div> <p> <acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0) transaction signatures as specified in RFC 2535 and RFC2931. @@ -749,7 +749,7 @@ allow-update { key host1-host2. ;}; </p> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571725"></a>Generating Keys</h3></div></div></div> +<a name="id2571684"></a>Generating Keys</h3></div></div></div> <p> The <span><strong class="command">dnssec-keygen</strong></span> program is used to generate keys. @@ -800,7 +800,7 @@ allow-update { key host1-host2. ;}; </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571795"></a>Signing the Zone</h3></div></div></div> +<a name="id2571753"></a>Signing the Zone</h3></div></div></div> <p> The <span><strong class="command">dnssec-signzone</strong></span> program is used to @@ -844,7 +844,7 @@ allow-update { key host1-host2. ;}; </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2571874"></a>Configuring Servers</h3></div></div></div> +<a name="id2571832"></a>Configuring Servers</h3></div></div></div> <p> To enable <span><strong class="command">named</strong></span> to respond appropriately to DNS requests from DNSSEC aware clients, @@ -932,7 +932,7 @@ options { </div> <div class="sect1" lang="en"> <div class="titlepage"><div><div><h2 class="title" style="clear: both"> -<a name="id2572153"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div> +<a name="id2571975"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div> <p> <acronym class="acronym">BIND</acronym> 9 fully supports all currently defined forms of IPv6 @@ -971,7 +971,7 @@ options { </p> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2572215"></a>Address Lookups Using AAAA Records</h3></div></div></div> +<a name="id2572173"></a>Address Lookups Using AAAA Records</h3></div></div></div> <p> The IPv6 AAAA record is a parallel to the IPv4 A record, and, unlike the deprecated A6 record, specifies the entire @@ -990,7 +990,7 @@ host 3600 IN AAAA 2001:db8::1 </div> <div class="sect2" lang="en"> <div class="titlepage"><div><div><h3 class="title"> -<a name="id2572236"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div> +<a name="id2572195"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div> <p> When looking up an address in nibble format, the address components are simply reversed, just as in IPv4, and |
