Bv9ARM.ch09.html revision 369963ad26cef09c3839d76c74c2d856f91be27a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
f0aad5341752aefe5059832f6cf3abc3283c6e16Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="Bv9ARM.ch08.html" title="Chapter�8.�Troubleshooting">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="next" href="Bv9ARM.ch10.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center">Appendix�A.�Appendices</th></tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="Bv9ARM.ch08.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="Bv9ARM.ch10.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="Bv9ARM.ch09"></a>Appendix�A.�Appendices</h2></div></div></div>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2564071">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2607658">Acknowledgments</a></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2607830">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2611110">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
c48c7872a0e020a63a96faed166c6ae960e4c1e9Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2614510">Prerequisite</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2614520">Compilation</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2611541">Installation</a></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2611572">Known Defects/Restrictions</a></span></dt>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613833">The dns.conf File</a></span></dt>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2613860">Sample Applications</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2614696">Library References</a></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User<a name="id2564071"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="titlepage"><div><div><h3 class="title">
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews This document summarizes changes since the last production release
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater of BIND on the corresponding major release branch.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater<a name="relnotes_download"></a>Download</h3></div></div></div>
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater The latest versions of BIND 9 software can always be found at
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater There you will find additional information about each release,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein source code, and pre-compiled versions for Microsoft Windows
9c6a5d1f22f972232d7a9fd5c5fa64f10bacbdffAutomatic Updater operating systems.
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews<div class="titlepage"><div><div><h3 class="title">
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Errors reported when running <span><strong class="command">rndc addzone</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (e.g., when a zone file cannot be loaded) have been clarified
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to make it easier to diagnose problems.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_features"></a>New Features</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The serial number of a dynamically updatable zone can
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User now be set using
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">rndc signing -serial <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>zonename</code></em></strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt This is particularly useful with <code class="option">inline-signing</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt zones that have been reset. Setting the serial number to a value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein larger than that on the slaves will trigger an AXFR-style
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When answering recursive queries, SERVFAIL responses can now be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein cached by the server for a limited time; subsequent queries for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the same query name and type will return another SERVFAIL until
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the cache times out. This reduces the frequency of retries
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein when a query is persistently failing, which can be a burden
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on recursive serviers. The SERVFAIL cache timeout is controlled
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by <code class="option">servfail-ttl</code>, which defaults to 10 seconds
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and has an upper limit of 30.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The new <span><strong class="command">rndc nta</strong></span> command can now be used to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein set a "negative trust anchor" (NTA), disabling DNSSEC validation for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a specific domain; this can be used when responses from a domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are known to be failing validation due to administrative error
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein rather than because of a spoofing attack. NTAs are strictly
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein temporary; by default they expire after one hour, but can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein configured to last up to one week. The default NTA lifetime
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be changed by setting the <code class="option">nta-lifetime</code> in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS Client Subnet (ECS) option is now supported for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authoritative servers; if a query contains an ECS option then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ACLs containing <code class="option">geoip</code> or <code class="option">ecs</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein elements can match against the the address encoded in the option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This can be used to select a view for a query, so that different
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein answers can be provided depending on the client network.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The EDNS EXPIRE option has been implemented on the client
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein side, allowing a slave server to set the expiration timer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein correctly when transferring zone data from another slave
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A new <code class="option">masterfile-style</code> zone option controls
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the formatting of text zone files: When set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">full</code>, the zone file will dumped in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein single-line-per-record format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +ednsopt</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein arbitrary EDNS options in DNS requests.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +ednsflags</strong></span> can now be used to set
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein yet-to-be-defined EDNS flags in DNS requests.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User disable EDNS version negotiation.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +header-only</strong></span> can now be used to send
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews queries without a question section.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +ttlunits</strong></span> causes <span><strong class="command">dig</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt to print TTL values with time-unit suffixes: w, d, h, m, s for
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt weeks, days, hours, minutes, and seconds.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +zflag</strong></span> can be used to set the last
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein unassigned DNS header flag bit. This bit in normally zero.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dig +dscp=<em class="replaceable"><code>value</code></em></strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can now be used to set the DSCP code point in outgoing query
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">serial-update-method</code> can now be set to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="literal">date</code>. On update, the serial number will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be set to the current date in YYYYMMDDNN format.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">dnssec-signzone -N date</strong></span> also sets the serial
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein number to YYYYMMDDNN.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named -L <em class="replaceable"><code>filename</code></em></strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein causes named to send log messages to the specified file by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein default instead of to the system log.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The rate limiter configured by the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">serial-query-rate</code> option no longer covers
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein NOTIFY messages; those are now separately controlled by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">startup-notify-rate</code> (the latter of which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein controls the rate of NOTIFY messages sent when the server
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is first started up or reconfigured).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default number of tasks and client objects available
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein for serving lightweight resolver queries have been increased,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and are now configurable via the new <code class="option">lwres-tasks</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and <code class="option">lwres-clients</code> options in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">named.conf</code>. [RT #35857]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Log output to files can now be buffered by specifying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">buffered yes;</strong></span> when creating a channel.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ACLs containing <span><strong class="command">geoip asnum</strong></span> elements were
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User not correctly matched unless the full organization name was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified in the ACL (as in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">geoip asnum "AS1234 Example, Inc.";</strong></span>).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User They can now match against the AS number alone (as in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">geoip asnum "AS1234";</strong></span>).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User When using native PKCS#11 cryptography (i.e.,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">configure --enable-native-pkcs11</strong></span>) HSM PINs
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of up to 256 characters can now be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein NXDOMAIN responses to queries of type DS are now cached separately
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews from those for other types. This helps when using "grafted" zones
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of type forward, for which the parent zone does not contain a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User delegation, such as local top-level domains. Previously a query
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of type DS for such a zone could cause the zone apex to be cached
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein as NXDOMAIN, blocking all subsequent queries. (Note: This
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User change is only helpful when DNSSEC validation is not enabled.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User "Grafted" zones without a delegation in the parent are not a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User recommended configuration.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Update forwarding performance has been improved by allowing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a single TCP connection to be shared between multiple updates.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User By default, <span><strong class="command">nsupdate</strong></span> will now check
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the correctness of hostnames when adding records of type
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein A, AAAA, MX, SOA, NS, SRV or PTR. This behavior can be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein disabled with <span><strong class="command">check-names no</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Added support for OPENPGPKEY type.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt The names of the files used to store managed keys and added
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater zones for each view are no longer based on the SHA256 hash
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of the view name, except when this is necessary because the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User view name contains characters that would be incompatible with use
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User as a file name. For views whose names do not contain forward
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User slashes ('/'), backslashes ('\'), or capital letters - which
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein could potentially cause namespace collision problems on
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User case-insensitive filesystems - files will now be named
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User after the view (for example, <code class="filename">internal.mkeys</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User or <code class="filename">external.nzf</code>). However, to ensure
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein consistent behavior when upgrading, if a file using the old
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein name format is found to exist, it will continue to be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">dig</strong></span>, <span><strong class="command">host</strong></span> and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">nslookup</strong></span> aborted when encountering
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a name which, after appending search list elements,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein exceeded 255 bytes. Such names are now skipped, but
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews processing of other names will continue. [RT #36892]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The error message generated when
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named-checkzone</strong></span> or
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named-checkconf -z</strong></span> encounters a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="option">$TTL</code> directive without a value has
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein been clarified. [RT #37138]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Semicolon characters (;) included in TXT records were
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein incorrectly escaped with a backslash when the record was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein displayed as text. This is actually only necessary when there
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are no quotation marks. [RT #37159]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When files opened for writing by <span><strong class="command">named</strong></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein such as zone journal files, were referenced more than once
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User in <code class="filename">named.conf</code>, it could lead to file
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User corruption as multiple threads wrote to the same file. This
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is now detected when loading <code class="filename">named.conf</code>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews and reported as an error. [RT #37172]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When checking for updates to trust anchors listed in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">managed-keys</code>, <span><strong class="command">named</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User now revalidates keys based on the current set of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein active trust anchors, without relying on any cached
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein record of previous validation. [RT #37506]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Large-system tuning
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User (<span><strong class="command">configure --with-tuning=large</strong></span>) caused
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User problems on some platforms by setting a socket receive
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein buffer size that was too large. This is now detected and
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User corrected at run time. [RT #37187]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When NXDOMAIN redirection is in use, queries for a name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that is present in the redirection zone but a type that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is not present will now return NOERROR instead of NXDOMAIN.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="end_of_life"></a>End of Life</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The end of life for BIND 9.11 is yet to be determined but
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein will not be before BIND 9.13.0 has been released for 6 months.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Thank you to everyone who assisted us in making this release possible.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If you would like to contribute to ISC to assist us in continuing to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein make quality open source software, please visit our donations page at
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2607658"></a>Acknowledgments</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Although the "official" beginning of the Domain Name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein System occurred in 1984 with the publication of RFC 920, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein core of the new system was described in 1983 in RFCs 882 and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 883. From 1984 to 1987, the ARPAnet (the precursor to today's
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Internet) became a testbed of experimentation for developing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein new naming/addressing scheme in a rapidly expanding,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User operational network environment. New RFCs were written and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User published in 1987 that modified the original documents to
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews incorporate improvements based on the working model. RFC 1034,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "Domain Names-Concepts and Facilities", and RFC 1035, "Domain
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Names-Implementation and Specification" were published and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein became the standards upon which all <acronym class="acronym">DNS</acronym> implementations are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The first working domain name server, called "Jeeves", was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein written in 1983-84 by Paul Mockapetris for operation on DEC
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User machines located at the University of Southern California's
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sciences Institute (USC-ISI) and SRI International's Network
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Center (SRI-NIC). A <acronym class="acronym">DNS</acronym> server for
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Unix machines, the Berkeley Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Name Domain (<acronym class="acronym">BIND</acronym>) package, was
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein written soon after by a group of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein graduate students at the University of California at Berkeley
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews a grant from the US Defense Advanced Research Projects
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Administration
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Versions of <acronym class="acronym">BIND</acronym> through
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 4.8.3 were maintained by the Computer
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Systems Research Group (CSRG) at UC Berkeley. Douglas Terry, Mark
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt Painter, David Riggle and Songnian Zhou made up the initial <acronym class="acronym">BIND</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein project team. After that, additional work on the software package
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User was done by Ralph Campbell. Kevin Dunlap, a Digital Equipment
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein employee on loan to the CSRG, worked on <acronym class="acronym">BIND</acronym> for 2 years, from 1985
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User to 1987. Many other people also contributed to <acronym class="acronym">BIND</acronym> development
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User during that time: Doug Kingston, Craig Partridge, Smoot
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Carl-Mitchell,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Mike Muuss, Jim Bloom and Mike Schwartz. <acronym class="acronym">BIND</acronym> maintenance was subsequently
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews handled by Mike Karels and �ivind Kure.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <acronym class="acronym">BIND</acronym> versions 4.9 and 4.9.1 were
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews released by Digital Equipment
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Corporation (now Compaq Computer Corporation). Paul Vixie, then
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews a DEC employee, became <acronym class="acronym">BIND</acronym>'s
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews primary caretaker. He was assisted
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews by Phil Almquist, Robert Elz, Alan Barrett, Paul Albitz, Bryan
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Beecher, Andrew
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Baran, Anant Kumar, Art Harkin, Win Treese, Don Lewis, Christophe
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Wolfhugel, and others.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User In 1994, <acronym class="acronym">BIND</acronym> version 4.9.2 was sponsored by
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Vixie Enterprises. Paul
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Vixie became <acronym class="acronym">BIND</acronym>'s principal
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <acronym class="acronym">BIND</acronym> versions from 4.9.3 onward
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein have been developed and maintained
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by the Internet Systems Consortium and its predecessor,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the Internet Software Consortium, with support being provided
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by ISC's sponsors.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Paul Vixie released the first production-ready version of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> version 8 in May 1997.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User BIND version 9 was released in September 2000 and is a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User major rewrite of nearly all aspects of the underlying
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User BIND architecture.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User BIND versions 4 and 8 are officially deprecated.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User No additional development is done
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein on BIND version 4 or BIND version 8.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <acronym class="acronym">BIND</acronym> development work is made
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein possible today by the sponsorship
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of several corporations, and by the tireless work efforts of
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein numerous individuals.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2607830"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IPv6 addresses are 128-bit identifiers for interfaces and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein sets of interfaces which were introduced in the <acronym class="acronym">DNS</acronym> to facilitate
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein scalable Internet routing. There are three types of addresses: <span class="emphasis"><em>Unicast</em></span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein an identifier for a single interface;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an identifier for a set of interfaces; and <span class="emphasis"><em>Multicast</em></span>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an identifier for a set of interfaces. Here we describe the global
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Unicast address scheme. For more information, see RFC 3587,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein "Global Unicast Address Format."
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IPv6 unicast addresses consist of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>global routing prefix</em></span>, a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="emphasis"><em>subnet identifier</em></span>, and an
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="emphasis"><em>interface identifier</em></span>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The global routing prefix is provided by the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User upstream provider or ISP, and (roughly) corresponds to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IPv4 <span class="emphasis"><em>network</em></span> section
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User of the address range.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The subnet identifier is for local subnetting, much the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User same as subnetting an
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User IPv4 /16 network into /24 subnets.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The interface identifier is the address of an individual
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein interface on a given network; in IPv6, addresses belong to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein interfaces rather than to machines.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The subnetting capability of IPv6 is much more flexible than
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that of IPv4: subnetting can be carried out on bit boundaries,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in much the same way as Classless InterDomain Routing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (CIDR), and the DNS PTR representation ("nibble" format)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein makes setting up reverse zones easier.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The Interface Identifier must be unique on the local link,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein and is usually generated automatically by the IPv6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein implementation, although it is usually possible to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein override the default setting if necessary. A typical IPv6
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein address might look like:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">2001:db8:201:9:a00:20ff:fe81:2b32</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein IPv6 address specifications often contain long strings
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews of zeros, so the architects have included a shorthand for
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein them. The double colon (`::') indicates the longest possible
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of zeros that can fit, and can be used only once in an address.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h2 class="title" style="clear: both">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="bibliography"></a>Bibliography (and Suggested Reading)</h2></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="titlepage"><div><div><h3 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="rfcs"></a>Request for Comments (RFCs)</h3></div></div></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specification documents for the Internet protocol suite, including
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the <acronym class="acronym">DNS</acronym>, are published as part of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the Request for Comments (RFCs)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein series of technical notes. The standards themselves are defined
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein by the Internet Engineering Task Force (IETF) and the Internet
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Engineering Steering Group (IESG). RFCs can be obtained online via FTP at:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <a href="ftp://www.isi.edu/in-notes/" target="_top">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ftp://www.isi.edu/in-notes/RFC<em class="replaceable"><code>xxxx</code></em>.txt
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews (where <em class="replaceable"><code>xxxx</code></em> is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the number of the RFC). RFCs are also available via the Web at:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <a href="http://www.ietf.org/rfc/" target="_top">http://www.ietf.org/rfc/</a>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="titlepage"><div><div><h4 class="title">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608086"></a>Bibliography</h4></div></div></div>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews<a name="id2608097"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608120"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2608144"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specification</i>. </span><span class="pubdate">November 1987. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="proposed_standards"></a>Proposed Standards</h3>
b9c96971964d87c2705c8dc29300ff8103479ee6Andreas Gustafsson<a name="id2608180"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specification</i>. </span><span class="pubdate">July 1997. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608206"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Queries</i>. </span><span class="pubdate">March 1998. </span></p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2608232"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2608257"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608280"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608336"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608362"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608389"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="id2608451"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
164ade1482251e1da962b42e5bf0d3aa02a11e03Tinderbox User<a name="id2608481"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2608510"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
<a name="id2608537"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
<a name="id2608619"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
<a name="id2608646"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2608682"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2608747"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
<a name="id2608812"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
<a name="id2608886"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software</i>. </span><span class="pubdate">October 1993. </span></p>
<a name="id2608912"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
<a name="id2608980"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
<a name="id2609015"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
<a name="id2609061"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
<a name="id2609118"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
<a name="id2609156"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
<a name="id2609191"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
<a name="id2609245"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
<a name="id2609284"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
<a name="id2609309"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
<a name="id2609335"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2609430"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2609457"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2609496"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2609526"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2609556"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
<a name="id2609598"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2609632"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
<a name="id2609658"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
<a name="id2609682"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
<a name="id2609739"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
<a name="id2609771"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
<a name="id2609797"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
<a name="id2609819"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
<a name="id2609843"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
<a name="id2609889"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
<a name="id2609912"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
<a name="id2609970"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
<a name="id2609993"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
<a name="id2610020"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
<a name="id2610046"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
<a name="id2610083"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
<a name="id2610129"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
<a name="id2610161"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2610206"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
<a name="id2610242"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
<a name="id2610286"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
<a name="id2610309"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
<a name="id2610403"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
<a name="id2610428"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
<a name="id2610452"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2610498"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
<a name="id2610521"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
<a name="id2610548"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
<a name="id2610573"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
<a name="id2610617"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
<a name="id2610675"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
<a name="id2610701"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
<a name="id2610749"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
<a name="id2610789"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
<a name="id2610816"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
<a name="id2610845"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
<a name="id2610871"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
<a name="id2610898"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
<a name="id2610934"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
<a name="id2610970"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
<a name="id2610997"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
<a name="id2611024"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
<a name="id2611068"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
<a name="id2611122"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright � 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
It provides an interface to parse the traditional resolv.conf
$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>/configure --enable-fixed-rrset <em class="replaceable"><code>[other flags, but not --enable-exportlib]</code></em></code></strong>
$ <strong class="userinput"><code>/configure --enable-exportlib <em class="replaceable"><code>[other flags, but not --enable-fixed-rrset]</code></em></code></strong>
<a href="Bv9ARM.ch06.html#trusted-keys" title="trusted-keys Statement Grammar">the section called “<span><strong class="command">trusted-keys</strong></span> Statement Grammar”</a> for details.)</p>
example, to specify the following DNSKEY of example.com:
-e -k example.com -K "xxx"
"domain". Example: -s example.com:2001:db8::1234
<a name="id2614027"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<a name="id2614418"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
returned by getaddrinfo(). If the dns.conf file exists and
<a name="id2614433"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
dynamic.example.com zone has an IPv6 address 2001:db8::1234,
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key add "foo.dynamic.example.com 30 IN A 192.168.2.1"</code></strong></pre>
adds an A RR for foo.dynamic.example.com using the given key.
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com 30 IN A"</code></strong></pre>
removes all A RRs for foo.dynamic.example.com using the given key.
$ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</code></strong></pre>
removes all RRs for foo.dynamic.example.com using the given key.
<a name="id2614632"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
"example.com". In general this domain name must be the apex
"www.example.com"). nsprobe first identifies the NS RRsets for