summaryrefslogtreecommitdiff
path: root/contrib/bind/doc
diff options
context:
space:
mode:
authorcvs2svn <cvs2svn@FreeBSD.org>2000-08-23 09:25:06 +0000
committercvs2svn <cvs2svn@FreeBSD.org>2000-08-23 09:25:06 +0000
commita430f036b34119abd5873c7e095a9b58e4d1b8ef (patch)
treeb0fc8df9e6b6f62dfe12388e6e94213ce3de3388 /contrib/bind/doc
parent4635a6924f0a91e409eeea611691bc1da72ca21f (diff)
Notes
Diffstat (limited to 'contrib/bind/doc')
-rw-r--r--contrib/bind/doc/bog/00macs.me51
-rw-r--r--contrib/bind/doc/bog/00title.me89
-rw-r--r--contrib/bind/doc/bog/Makefile89
-rw-r--r--contrib/bind/doc/bog/ack.me283
-rw-r--r--contrib/bind/doc/bog/build.me102
-rw-r--r--contrib/bind/doc/bog/files.me1150
-rw-r--r--contrib/bind/doc/bog/intro.me75
-rw-r--r--contrib/bind/doc/bog/manage.me156
-rw-r--r--contrib/bind/doc/bog/named.boot.cache77
-rw-r--r--contrib/bind/doc/bog/named.boot.primary78
-rw-r--r--contrib/bind/doc/bog/named.boot.secondary77
-rw-r--r--contrib/bind/doc/bog/named.local75
-rw-r--r--contrib/bind/doc/bog/ns.me96
-rw-r--r--contrib/bind/doc/bog/resolv.conf67
-rw-r--r--contrib/bind/doc/bog/root.cache102
-rw-r--r--contrib/bind/doc/bog/setup.me88
-rw-r--r--contrib/bind/doc/bog/types.me163
-rw-r--r--contrib/bind/doc/bog/ucbhosts118
-rw-r--r--contrib/bind/doc/bog/ucbhosts.rev86
-rw-r--r--contrib/bind/doc/html/acl.html63
-rw-r--r--contrib/bind/doc/html/address_list.html100
-rw-r--r--contrib/bind/doc/html/comments.html84
-rw-r--r--contrib/bind/doc/html/config.html97
-rw-r--r--contrib/bind/doc/html/controls.html70
-rw-r--r--contrib/bind/doc/html/docdef.html118
-rw-r--r--contrib/bind/doc/html/example.html65
-rw-r--r--contrib/bind/doc/html/include.html57
-rw-r--r--contrib/bind/doc/html/index.html65
-rw-r--r--contrib/bind/doc/html/key.html57
-rw-r--r--contrib/bind/doc/html/logging.html369
-rw-r--r--contrib/bind/doc/html/master.html166
-rw-r--r--contrib/bind/doc/html/options.html814
-rw-r--r--contrib/bind/doc/html/server.html69
-rw-r--r--contrib/bind/doc/html/trusted-keys.html58
-rw-r--r--contrib/bind/doc/html/zone.html244
-rw-r--r--contrib/bind/doc/man/Makefile423
-rw-r--r--contrib/bind/doc/man/dig.1683
-rw-r--r--contrib/bind/doc/man/dnskeygen.1132
-rw-r--r--contrib/bind/doc/man/dnsquery.1178
-rw-r--r--contrib/bind/doc/man/dnssigner.1213
-rw-r--r--contrib/bind/doc/man/getaddrinfo.3361
-rw-r--r--contrib/bind/doc/man/gethostbyname.3246
-rw-r--r--contrib/bind/doc/man/getipnodebyname.3231
-rw-r--r--contrib/bind/doc/man/getnameinfo.3103
-rw-r--r--contrib/bind/doc/man/getnetent.3153
-rw-r--r--contrib/bind/doc/man/hesiod.3129
-rw-r--r--contrib/bind/doc/man/host.1316
-rw-r--r--contrib/bind/doc/man/hostname.7171
-rw-r--r--contrib/bind/doc/man/inet_cidr.394
-rw-r--r--contrib/bind/doc/man/irs.conf.5201
-rw-r--r--contrib/bind/doc/man/mailaddr.7179
-rw-r--r--contrib/bind/doc/man/mkdep.184
-rw-r--r--contrib/bind/doc/man/named-bootconf.870
-rw-r--r--contrib/bind/doc/man/named-xfer.8185
-rw-r--r--contrib/bind/doc/man/named.8441
-rw-r--r--contrib/bind/doc/man/named.conf.52355
-rw-r--r--contrib/bind/doc/man/ndc.8133
-rw-r--r--contrib/bind/doc/man/nslookup.8534
-rw-r--r--contrib/bind/doc/man/nsupdate.8214
-rw-r--r--contrib/bind/doc/man/resolver.3581
-rw-r--r--contrib/bind/doc/man/resolver.5224
-rw-r--r--contrib/bind/doc/man/tsig.3240
-rw-r--r--contrib/bind/doc/misc/DynamicUpdate284
-rw-r--r--contrib/bind/doc/misc/FAQ.1of21602
-rw-r--r--contrib/bind/doc/misc/FAQ.2of21298
-rw-r--r--contrib/bind/doc/misc/IPv672
-rw-r--r--contrib/bind/doc/misc/dns-setup1081
-rw-r--r--contrib/bind/doc/misc/style.txt172
-rw-r--r--contrib/bind/doc/notes/data51
-rw-r--r--contrib/bind/doc/notes/db_names.c184
-rw-r--r--contrib/bind/doc/notes/irp.txt521
-rw-r--r--contrib/bind/doc/secure/copyright.txt28
-rw-r--r--contrib/bind/doc/secure/install.txt155
-rw-r--r--contrib/bind/doc/secure/readme.txt93
-rw-r--r--contrib/bind/doc/secure/usage.txt215
75 files changed, 0 insertions, 20148 deletions
diff --git a/contrib/bind/doc/bog/00macs.me b/contrib/bind/doc/bog/00macs.me
deleted file mode 100644
index 8ce02a287a1f8..0000000000000
--- a/contrib/bind/doc/bog/00macs.me
+++ /dev/null
@@ -1,51 +0,0 @@
-.\" Copyright (c) 1986, 1988 Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that this notice is preserved and that due credit is given
-.\" to the University of California at Berkeley. The name of the University
-.\" may not be used to endorse or promote products derived from this
-.\" software without specific prior written permission. This software
-.\" is provided ``as is'' without express or implied warranty.
-.\"
-.\" @(#)00macs.me 6.3 (Berkeley) 2/28/88
-.\"
-.\" usage: troff -me myfile
-.nr EX 0
-.de BX
-.sp
-.ba +4
-.lp
-.nr EX +1
-.b
-.ta (\\n(.lu-\\n(.iu)R
-EXAMPLE \\n(EX: \(*D
-.r
-.lp
-..
-.de EX
-.br
-.ba
-.b
-.tl '''\(gr'
-.r
-.lp
-..
-.if \nl .ls 2
-.if t .nr bi 5m
-.nr si 3n
-.de $0 \" create a table of contents magically.
-.(x
-.ti (\\$3u-1u)*2m
-\\$2. \\$1
-.)x
-..
-.de $1
-.sp
-..
-.de BU
-.ip "\ \(bu" \w'\ \(bu\ 'u
-..
-.de SM
-\s-1\\$1\s0\\$2
-..
diff --git a/contrib/bind/doc/bog/00title.me b/contrib/bind/doc/bog/00title.me
deleted file mode 100644
index 5048969413193..0000000000000
--- a/contrib/bind/doc/bog/00title.me
+++ /dev/null
@@ -1,89 +0,0 @@
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.+c
-.(l C
-.sz 14
-.b "Name Server Operations Guide"
-.b "for \s-1BIND\s+1"
-.sz
-\fIRelease 4.9.3\fP
-.eh 'SMM:10-%''Name Server Operations Guide for \s-1BIND\s+1'
-.oh 'Name Server Operations Guide for \s-1BIND\s+1''\s-1SMM\s+1:10-%'
-.sp
-\fIReleases from 4.9\fP
-Paul Vixie\**
-.(f
-\** This author was employed by Digital Equipment Corporation's
-Network Systems Laboratory during the development and release of
-\s-1BIND\s+1 4.9. Release 4.9.2 was sponsored by Vixie
-Enterprises. Releases from 4.9.3 were sponsored by the Internet
-Software Consortium.
-.)f
-<paul@vix.com>
-.sp \n(psu
-Internet Software Consortium
-La Honda, CA
-.sp 2
-\fIReleases through 4.8.3\fP
-Kevin J. Dunlap\**
-Michael J. Karels
-.sp \n(psu
-Computer Systems Research Group
-Computer Science Division
-Department of Electrical Engineering and Computer Sciences
-University of California
-Berkeley, CA 94720
-.)l
-.sp 2
-.(f
-\** This author was an employee of Digital Equipment Corporation's
-\s-1ULTRIX\s+1 Engineering Advanced Development Group and was on loan to
-CSRG when this work was done. \s-1ULTRIX\s+1 is a trademark of Digital
-Equipment Corporation.
-.)f
diff --git a/contrib/bind/doc/bog/Makefile b/contrib/bind/doc/bog/Makefile
deleted file mode 100644
index 09e1908ea6b62..0000000000000
--- a/contrib/bind/doc/bog/Makefile
+++ /dev/null
@@ -1,89 +0,0 @@
-# ++Copyright++ 1986, 1988
-# -
-# Copyright (c) 1986, 1988
-# The Regents of the University of California. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-# 3. All advertising materials mentioning features or use of this software
-# must display the following acknowledgement:
-# This product includes software developed by the University of
-# California, Berkeley and its contributors.
-# 4. Neither the name of the University nor the names of its contributors
-# may be used to endorse or promote products derived from this software
-# without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-# -
-# Portions Copyright (c) 1993 by Digital Equipment Corporation.
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies, and that
-# the name of Digital Equipment Corporation not be used in advertising or
-# publicity pertaining to distribution of the document or software without
-# specific, written prior permission.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-# WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-# CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-# SOFTWARE.
-# -
-# --Copyright--
-#
-# @(#)Makefile 6.3 (Berkeley) 2/28/88
-#
-FILES= 00macs.me 00title.me intro.me ns.me types.me\
- files.me named.boot.primary\
- named.boot.secondary named.boot.cache resolv.conf\
- root.cache named.local ucbhosts.rev ucbhosts \
- setup.me manage.me build.me ack.me
-ME= -me
-NROFF= nroff -rb3
-PRINTER= -Pdp
-TBL= dtbl $(PRINTER)
-TROFF= ditroff $(PRINTER)
-GROFF= groff -Tps -t $(ME)
-
-all: file.lst
-
-file.lst: $(FILES)
- tbl $(FILES)| $(NROFF) $(ME) $(FLAGS) > file.lst
-
-file.psf: $(FILES)
- $(GROFF) $(FILES) > file.psf
-
-troff: $(FILES)
- $(TBL) $(FILES)| $(TROFF) $(ME) $(FLAGS)
-
-cat: $(FILES)
- @cat $(FILES)
-
-clean:
- rm -f *.psf *.lst *.BAK *.CKP *~ *.orig
-
-spell: $(FILES)
- @for i in $(FILES); do \
- echo $$i; \
- spell $$i | sort | comm -23 - spell.ok > $$i.spell; \
- done
diff --git a/contrib/bind/doc/bog/ack.me b/contrib/bind/doc/bog/ack.me
deleted file mode 100644
index c9d7d858061f6..0000000000000
--- a/contrib/bind/doc/bog/ack.me
+++ /dev/null
@@ -1,283 +0,0 @@
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.\" @(#)ack.me
-.\"
-.sx 0
-.bp
-.ce
-.b "ACKNOWLEDGEMENTS \(em 4.9.3"
-.pp
-The \fI<bind-workers@vix.com>\fP mailing list was once again of great help;
-this release would not be nearly as ready for prime time if not for their
-efforts. Special commendations are owed to Robert Elz, Don "Truck" Lewis,
-Bob Halley, Mark Andrews, Berthold Paffrath, Ruediger Volk, and Peter Koch.
-.pp
-Digital Equipment Corporation, Hewlett Packard, Silicon Graphics, and SunSoft
-all made hardware available for integration testing; this made the release
-far more solid than it would otherwise have been. More hardware loans are
-welcome \(em if you are a system vendor and you would like \s-2BIND\s+2 to
-run ``out of the box'' on your platform and are willing to lend some rusty
-old hardware for the purpose, please contact me (\fI<paul@vix.org>\fP) to
-make the arrangements.
-.pp
-Special thanks to the Internet Software Consortium for funding this work.
-Contact \fI<isc-info@isc.org>\fP if your organization would like to
-participate in funding future releases of \s-2BIND\s+2 and other freely
-redistributable software packages that are in wide use on the Internet.
-.sp 2
-.ce
-.b "ACKNOWLEDGEMENTS \(em through 4.9"
-.pp
-The alpha-test group was extremely helpful in furnishing improvements,
-finding and repairing bugs, and being patient. I would like to express
-special thanks to Brian Reid of Digital Equipment corporation for funding
-this work. Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew
-Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran, Anant
-Kumar, Art Harkin, Win Treese, Don Lewis, Christophe Wolfhugel, and a cast
-of dozens all helped out above and beyond the call of duty. Special thanks
-to Phil Almquist, who got the project started and contributed a lot of the
-code and fixed several of the worst bugs.
-.sp 2
-.ce
-.b "ACKNOWLEDGEMENTS \(em through 4.8.3"
-.pp
-Many thanks to the users at U. C. Berkeley for falling into many of the holes
-involved with integrating BIND into the system so that others would be
-spared the trauma. I would also like to extend gratitude to Jim McGinness
-and Digital Equipment Corporation for permitting me to spend most of my time
-on this project.
-.pp
-Ralph Campbell, Doug Kingston, Craig Partridge, Smoot Carl-Mitchell, Mike
-Muuss and everyone else on the DARPA Internet who has contributed to the
-development of BIND. To the members of the original BIND project, Douglas
-Terry, Mark Painter, David Riggle and Songnian Zhou.
-.pp
-Anne Hughes, Jim Bloom and Kirk McKusick and the many others who have
-reviewed this paper giving considerable advice.
-.pp
-This work was sponsored by the Defense Advanced Research Projects Agency
-(DoD), Arpa Order No. 4871 monitored by the Naval Electronics Systems
-Command under contract No. N00039-84-C-0089. The views and conclusions
-contained in this document are those of the authors and should not be
-interpreted as representing official policies, either expressed or implied,
-of the Defense Research Projects Agency, of the US Government, or of Digital
-Equipment Corporation.
-.bp
-.ba 0
-.in 0
-.sp 2
-.ce
-.b REFERENCES
-.sp
-.nr ii 1i
-.ip [Birrell]
-Birrell, A. D.,
-Levin, R.,
-Needham, R. M.,
-and Schroeder, M.D.,
-.q "Grapevine: An Exercise in Distributed Computing."
-In
-.ul
-Comm. A.C.M. 25,
-4:260-274
-April 1982.
-.ip [RFC819]
-Su, Z.
-Postel, J.,
-.q "The Domain Naming Convention for Internet User Applications."
-.ul
-Internet Request For Comment 819
-Network Information Center,
-SRI International,
-Menlo Park, California.
-August 1982.
-.ip [RFC974]
-Partridge, C.,
-.q "Mail Routing and The Domain System."
-.ul
-Internet Request For Comment 974
-Network Information Center,
-SRI International,
-Menlo Park, California.
-February 1986.
-.ip [RFC1032]
-Stahl, M.,
-.q "Domain Administrators Guide"
-.ul
-Internet Request For Comment 1032
-Network Information Center,
-SRI International,
-Menlo Park, California.
-November 1987.
-.ip [RFC1033]
-Lottor, M.,
-.q "Domain Administrators Guide"
-.ul
-Internet Request For Comment 1033
-Network Information Center,
-SRI International,
-Menlo Park, California.
-November 1987.
-.ip [RFC1034]
-Mockapetris, P.,
-.q "Domain Names - Concept and Facilities."
-.ul
-Internet Request For Comment 1034
-Network Information Center,
-SRI International,
-Menlo Park, California.
-November 1987.
-.ip [RFC1035]
-Mockapetris, P.,
-.q "Domain Names - Implementation and Specification."
-.ul
-Internet Request For Comment 1035
-Network Information Center,
-SRI International,
-Menlo Park, California.
-November 1987.
-.ip [RFC1101]
-Mockapetris, P.,
-.q "DNS Encoding of Network Names and Other Types."
-.ul
-Internet Request For Comment 1101
-Network Information Center,
-SRI International,
-Menlo Park, California.
-April 1989.
-.ip [RFC1123]
-R. Braden, Editor,
-.q "Requirements for Internet Hosts -- Application and Support"
-.ul
-Internet Request For Comment 1123
-Network Information Center,
-SRI International,
-Menlo Park, California.
-October 1989.
-.ip [RFC1183]
-Everhart, C.,
-Mamakos, L.,
-Ullmann, R.,
-and
-Mockapetris, P.,
-.q "New DNS RR Definitions"
-.ul
-Internet Request For Comment 1183
-Network Information Center,
-SRI International,
-Menlo Park, California.
-October 1990.
-.ip [RFC1327]
-Hardcastle-Kille, S.,
-.q "Mapping between X.400(1988) / ISO 10021 and RFC 822"
-.ul
-Internet Request For Comment 1327
-Network Information Center,
-SRI International,
-Menlo Park, California.
-May 1992.
-.ip [RFC1664]
-Allocchio, C.,
-Bonito, A.,
-Cole, B.,
-Giordano, S.,
-Hagens, R.,
-.q "Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables"
-.ul
-Internet Request For Comment 1664
-Network Information Center,
-SRI International,
-Menlo Park, California.
-August 1994.
-.ip [RFC1713]
-Romao, A.,
-.q "Tools for DNS debugging"
-.ul
-Internet Request For Comment 1713, also FYI27
-Network Information Center,
-SRI International,
-Menlo Park, California.
-November 1994.
-.ip [Terry]
-Terry, D. B.,
-Painter, M.,
-Riggle, D. W.,
-and
-Zhou, S.,
-.ul
-The Berkeley Internet Name Domain Server.
-Proceedings USENIX Summer Conference,
-Salt Lake City, Utah.
-June 1984, pages 23-31.
-.ip [Zhou]
-Zhou, S.,
-.ul
-The Design and Implementation of the Berkeley Internet Name Domain (BIND) Servers.
-UCB/CSD 84/177.
-University of California, Berkeley,
-Computer Science Division.
-May 1984.
-.ip [Mockapetris]
-Mockapetris, P.,
-Dunlap, K,
-.ul
-Development of the Domain Name System
-ACM Computer Communications Review 18, 4:123-133.
-Proceedings ACM SIGCOMM '88 Symposium,
-August 1988.
-.ul
-.ip [Liu]
-Liu, C.,
-Albitz, P.,
-.ul
-DNS and BIND
-O'Reilly & Associates, Sebastopol, CA,
-502 pages, ISBN 0-937175-82-X
-1992
diff --git a/contrib/bind/doc/bog/build.me b/contrib/bind/doc/bog/build.me
deleted file mode 100644
index d6dab9f6f34bf..0000000000000
--- a/contrib/bind/doc/bog/build.me
+++ /dev/null
@@ -1,102 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)build.me 6.3 (Berkeley) 9/19/89
-.\"
-.sh 1 "Building a System with a Name Server"
-.pp
-BIND is composed of two parts. One is the user interface called the
-\fIresolver\fP
-which consists of a group of routines that reside in the C library
-\fI/lib/libc.a\fP.
-Second is the actual server called \fInamed\fP.
-This is a daemon that runs in the background and services queries on a
-given network port. The standard port for UDP and TCP is specified in
-\fI/etc/services\fP.
-.sh 2 "Resolver Routines in libc"
-.pp
-When building your 4.3BSD system you may either
-build the C library to use the name server resolver routines
-or use the host table lookup routines to do host name and address resolution.
-The default resolver for 4.3BSD uses the name server. Newer BSD systems
-include both name server and host table functionality with preference given
-to the name server if there is one or if there is a \fI/etc/resolv.conf\fP
-file.
-.pp
-Building the C library to use the name server changes the way
-\fIgethostbyname\fP\|(3N), \fIgethostbyaddr\fP\|(3N), and
-\fIsethostent\fP\|(3N) do their functions. The name server renders
-\fIgethostent\fP\|(3N) obsolete, since it has no concept of a next line in
-the database. These library calls are built with the resolver routines
-needed to query the name server.
-.pp
-The \fIresolver\fP contains functions that build query
-packets and exchange them with name servers.
-.pp
-Before building the 4.3BSD C library, set the variable \fIHOSTLOOKUP\fP
-equal to \fInamed\fP in \fI/usr/src/lib/libc/Makefile\fP. You
-then make and install the C library and compiler and then compile the rest
-of the 4.3BSD system. For more information see section 6.6 of ``Installing
-and Operating 4.3BSD on the VAX\(dd''.
-.(f
-\(ddVAX is a Trademark of Digital Equipment Corporation
-.)f
-.pp
-If your operating system isn't VAX\(dd 4.3BSD, it is probably the case that
-your vendor has included \fIresolver\fP support in the supplied C Library.
-You should consult your vendor's documentation to find out what has to be
-done to enable \fIresolver\fP support. Note that your vendor's \fIresolver\fP
-may be out of date with respect to the one shipped with \s-1BIND\s+1, and that
-you might want to build \s-1BIND\s+1's resolver library and install it, and
-its include files, into your system's compile/link path so that your own
-network applications will be able to use the newer features.
diff --git a/contrib/bind/doc/bog/files.me b/contrib/bind/doc/bog/files.me
deleted file mode 100644
index ae755ff2fd1ce..0000000000000
--- a/contrib/bind/doc/bog/files.me
+++ /dev/null
@@ -1,1150 +0,0 @@
-.\" ++Copyright++ 1986, 1988, 1995
-.\" -
-.\" Copyright (c) 1986, 1988, 1995
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)files.me 6.8 (Berkeley) 9/19/89
-.\"
-.sh 1 "Files
-.pp
-The name server uses several files to load its data base.
-This section covers the files and their formats needed for \fInamed\fP.
-.sh 2 "Boot File"
-.pp
-This is the file that is first read when \fInamed\fP starts up.
-This tells the server what type of server it is,
-which
-zones it has authority over and where to get its initial data.
-The default location for this file is \fI/etc\|/named.boot\fP\|.
-However this can be changed
-by setting the \fIBOOTFILE\fP variable when you compile \fInamed\fP
-or by specifying
-the location on the command line when \fInamed\fP is started up.
-.sh 3 "Domain"
-.pp
-A default domain may be specified for the name server
-using a line such as
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIdomain Berkeley\fP\fB\|.\|\fP\fIEdu\fP
-.)b
-.re
-Older name servers use this information when they receive a query for a name
-without a ``\fB.\fP'' that is not known. Newer designs assume that the
-resolver library will append its own idea of a ``default domain'' to any
-unqualified names. Though the name server can still be compiled with
-support for the \fIdomain\fP directive in the boot file, the default is to
-leave it out and we strenuously recommend against its use. If you use this
-feature, clients outside your local domain which send you requests about
-unqualified names will have the implicit qualification of your domain rather
-than theirs. The proper place for this function is on the client, in their
-\fB/etc/resolv.conf\fP (or equivalent) file. Use of the \fIdomain\fP
-directive in your boot file is strongly discouraged.
-.sh 3 "Directory"
-.pp
-The \fIdirectory\fP directive specifies the directory in which the name server
-should run, allowing the other file names in the boot file to use relative path
-names. There can be only one \fIdirectory\fP directive and it should be given
-before any other directives that specify file names.
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIdirectory /var/named\fP
-.)b
-.re
-If you have more than a couple of named files to be maintained, you may wish
-to place the named files in a directory such as /var/named and adjust the
-directory command properly. The main purposes of this command are to make
-sure named is in the proper directory when trying to include files by
-relative path names with $INCLUDE and to allow named to run in a location
-that is reasonable to dump core if it feels the urge.
-.sh 3 "Primary Service"
-.pp
-The line in the boot file that designates the server as a primary master server
-for a zone looks as follows:
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIprimary Berkeley\fP\fB\|.\|\fP\fIEdu ucbhosts\fP
-.)b
-.re
-The first field specifies that the server is a primary one for the zone
-stated in the second field.
-The third field is the name of the file from which the data is read.
-.pp
-The above assumes that the zone you are specifying is a class \fIIN\fP
-zone. If you wish to designate a different class you can append
-\fI/class\fP to the first field, where \fIclass\fP is either the
-integer value or the standard mnemonic for the class. For example the line
-for a primary server for a hesiod class zone looks as follows:
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i
-\fIprimary/HS Berkeley\fP\fB\|.\|\fP\fIEdu hesiod.data\fP
-.)b
-.re
-Note that this support for specifying other than class \fIIN\fP zones is a
-compile-time option which your vendor may not have enabled when they built
-your operating system.
-.sh 3 "Secondary Service"
-.pp
-The line for a secondary server is similar to the primary except
-that it lists addresses of other servers (usually primary servers)
-from which the zone data will be obtained.
-.(b l
-.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i
-\fIsecondary Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP
-.)b
-.re
-The first field specifies that the server is a secondary server for
-the zone stated in the second field.
-The two network addresses specify the name servers which have data for the
-zone. Note that at least one of these will be a \fIprimary\fP, and, unless
-you are using some protocol other than \s-1IP/DNS\s+1 for your zone transfer
-mechanism, the others will all be other \fIsecondary\fP servers. Having your
-secondary server pull data from other secondary servers is usually unwise,
-since you can add delay to the propagation of zone updates if your network's
-connectivity varies in pathological but common ways. The intended use for
-multiple addresses on a \fIsecondary\fP declaration is when the \fIprimary\fP
-server has multiple network interfaces and therefore multiple host addresses.
-The secondary server gets its data across the network from one of the listed
-servers. The server addresses are tried in the order listed.
-If a filename is present after the list of primary servers, data for the zone
-will be dumped into that file as a backup.
-When the server is first started, the data is loaded from the backup file
-if possible, and a primary server is then consulted to check that the zone
-is still up-to-date. Note that listing your server as a \fIsecondary\fP
-server does not necessarily make it one \(em the parent zone must
-\fIdelegate\fP authority to your server as well as the primary and the
-other secondaries, or you will be transferring a zone over for no reason;
-no other server will have a reason to query you for that zone unless the
-parent zone lists you as a server for the zone.
-.pp
-As with primary you may specify a secondary server for a class other than
-\fIIN\fP by appending \fI/class\fP to the \fIsecondary\fP keyword, e.g.,
-\fIsecondary/HS\fP.
-.sh 3 "Stub Service"
-.pp
-The line for a stub server is similar to a secondary.
-(This feature is experimental as of 4.9.3.)
-.(b l
-.ta 0.5i +\w`stub `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i
-\fIstub Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP
-.)b
-.re
-The first field specifies that the server is a stub server for the zone stated
-in the second field.
-.pp
-Stub zones are intended to ensure that a primary for a zone always has the
-correct \fINS\fP records for children of that zone. If the primary is not
-a secondary for a child zone it should be configured with stub zones for
-all its children. Stub zones provide a mechanism to allow \fINS\fP records
-for a zone to be specified in only one place.
-.(b l
-.ta 0.5i +\w`primary `u +\w`dms.csiro.au `u +\w`130.155.98.1 `u +.5i +.5i
-\fIprimary CSIRO\fP\fB\|.\|\fP\fIAU \fIcsiro.dat\fP
-\fIstub dms.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI16\fP\fB.\fP\fI1 \fIdms.stub\fP
-\fIstub dap.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI98\fP\fB.\fP\fI1 \fIdap.stub\fP
-.)b
-.re
-.sh 3 "Cache Initialization"
-.pp
-All servers, including ``caching only'' servers, should have a line as
-follows in the boot file to prime the name servers cache:
-.(b l
-\fIcache \fP\fB.\fP\fI root\fP\fB.\fP\fIcache\fP
-.)b
-Do not put anything into your \fIcache\fP files other than root server
-information.
-.pp
-All cache files listed will be read in at named boot time and any values
-still valid will be reinstated in the cache.
-The root name server
-information in the cache files will be used until a root query is
-actually answered by one of the name servers in the cache file, after
-which that answer will be used instead of the cache file until the answer
-times out.
-.pp
-As with \fIprimary\fP and \fIsecondary\fP, you may specify a secondary
-server for a class other than \fIIN\fP by appending \fI/class\fP to the
-\fIcache\fP keyword, e.g., \fIclass/HS\fP.
-.sh 3 "Forwarders"
-.pp
-Any server can make use of \fIforwarders\fP. A \fIforwarder\fP is another
-server capable of processing recursive queries that is willing to try
-resolving queries on behalf of other systems. The \fIforwarders\fP
-command specifies forwarders by internet address as follows:
-.(b l
-\fIforwarders \fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP
-.)b
-.re
-There are two main reasons for wanting to do so. First, some systems may
-not have full network access and may be prevented from sending any IP
-packets into the rest of the Internet and therefore must rely on a forwarder
-which does have access to the full net. The second reason is that the
-forwarder sees a union of all queries as they pass through its server and
-therefore it builds up a very rich cache of data compared to the cache in a
-typical workstation name server. In effect, the \fIforwarder\fP becomes a
-meta-cache that all hosts can benefit from, thereby reducing the total
-number of queries from that site to the rest of the net.
-.pp
-The effect of ``forwarders'' is to prepend some fixed addresses to the list
-of name servers to be tried for every query. Normally that list is made up
-only of higher-authority servers discovered via \fINS\fP record lookups for
-the relevant domain. If the forwarders do not answer, then unless the
-\fIslave\fP directive was given, the appropriate servers for the domains
-will be queried directly.
-
-.sh 3 "Slave Servers"
-.pp
-Slave mode is used if the use of forwarders is the only possible way
-to resolve queries due to lack of full net access or if you wish to prevent
-the name server from using other than the listed forwarders.
-Slave mode is activated by placing the simple command
-.(b l
-\fIoptions forward-only\fP
-.)b
-in the bootfile. If this option is used, then you must specify forwarders.
-When in slave mode, the server will forward each query to each of the
-forwarders until an answer is found or the list of forwarders is exhausted.
-The server will not try to contact any remote name server other than those
-named in the \fIforwarders\fP list.
-.pp
-So while \fIforwarders\fP prepends addresses to the ``server list'' for each
-query, \fIoptions forward-only\fP causes the ``server list'' to contain
-\fIonly\fP those addresses listed in the \fIforwarders\fP declarations.
-Careless use of the \fIoptions forward-only\fP directive can cause really
-horrible forwarding loops, since
-you could end up forwarding queries only to some set of hosts which are also
-slaves, and one or several of them could be forwarding queries back to you.
-.pp
-Use of the \fIoptions forward-only\fP directive should be considered very
-carefully. Note that this same behaviour can be achieved using the deprecated
-directive, \fIslave\fP.
-
-.sh 3 "Nonrecursive Servers"
-.pp
-\s-1BIND\s+1's separation of authoritative (zone) and nonauthoritiative (cache)
-data has always been somewhat weak, and pollution of the former via the latter
-has been known to occur. One way to prevent this, as well as to save memory on
-servers carrying a lot of authoritative data (e.g., root servers) is to make
-such servers ``nonrecursive.'' This can be achieved via the directive
-.(b l
-\fIoptions no-recursion\fP
-.)b
-in the bootfile. A server with this option enabled will not attempt to fetch
-data to help answer queries \(em if you ask it for data it does not have, it
-will send you a referral to a more authoritative server or, if it is itself
-authoritative for the zone of the query, it will send you an negative answer.
-.pp
-A nonrecursive server can be named in an \s-1NS\ RR\s+1 but it cannot be listed
-in the \fIresolv.conf\fP file.
-
-.sh 3 "Query Logging"
-.pp
-If the file system containing your \fIsyslog\fP file has quite a bit of space,
-you can consider using the
-.(b l
-\fIoptions query-log\fP
-.)b
-directive in your bootfile. This will cause your name server to log every
-query it receives, which when combined with a Perl or \s-1AWK\s+1 script to
-postprocess the logs, can be a useful management tool.
-
-.sh 3 "Inverse Query Pseudosupport"
-.pp
-\s-1BIND\s+1 by default does not support inverse queries, and this has been
-known to cause problems for certain microcomputer operating systems and for
-older versions of \s-1BIND\s+1's \fInslookup\fP tool. You may decide that
-rather than answering with ``operation not implemented,'' \fInamed\fP should
-detect the most common inverse queries and answer them with bogus information.
-It is better to upgrade your clients to stop depending on inverse queries, but
-if that is not possible, you should use the
-.(b l
-\fIoptions fake-iquery\fP
-.)b
-directive in your bootfile. \fINOTE:\fP the responses are in fact bogus, in
-that they contain \s-1ISO\s+18859 square brackets (\fB[\fP and \fB]\fP), so
-your clients will not be able to do anything useful with these responses. It
-has been observed that no client ever did anything useful with real inverse
-query responses, either.
-
-.sh 3 "Setting Name Server Limits"
-.pp
-Some name server operations can be quite resource intensive, and in order to
-tune your system properly it is sometimes necessary to change \s-1BIND\s+1's
-internal quotas. This is accomplished via
-.(b l
-\fIlimit <name> <value>\fP
-.)b
-directives in the bootfile. Limits, and their default values, are as follows:
-.(b I
-\fIlimit transfers-in 10\fP
-.)b
-This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is
-willing to start. Higher numbers yield faster convergence to primary servers
-if your secondary server has hundreds or thousands of zones to maintain, but
-setting this number too high can cause thrashing due to starvation of resources
-such as network bandwidth or swap space. \fINOTE:\fP this limit can also be
-expressed via the deprecated directive \fImax-fetch NN\fP.
-.(b I
-\fIlimit transfers-per-ns 2\fP
-.)b
-This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is
-willing to initiate \fIto any given name server\fP. In most cases, you should
-not need to change it. If your secondary server is pulling hundreds or
-thousands of zones from a single primary server, increasing
-\fItransfers-per-ns\fP may speed convergence. It should be kept as
-small as possible, to avoid causing thrashing and resource starvation
-on the primary server.
-.(b I
-\fIlimit datasize <system-dependent>\fP
-.)b
-Most systems have a quota that limits the size of the so-called ``data
-segment,'' which is where \s-1BIND\s+1 keeps all of its authority and cache
-data. \s-1BIND\s+1 will behave suboptimally (perhaps even exiting) if it runs
-up against this quota. If your system supports a system call to change this
-quota for a given process, you can ask \s-1BIND\s+1 to use that system call
-via the \fIlimit datasize NN\fP directive. The value given here may be scaled
-by postfixing \fIk\fP for 1024X, \fIm\fP for (1024^2)X, and \fIg\fP for
-(1024^3)X. In 1995, the root servers all use \fIlimit datasize 64m\fP.
-
-.sh 3 "Zone Transfer Restrictions"
-.pp
-It may be the case that your organization does not wish to give complete
-lists of your hosts to anyone on the Internet who can reach your name servers.
-While it is still possible for people to ``iterate'' through your address
-range, looking for \fIPTR\fP records, and build a list of your hosts the
-``slow'' way, it is still considered reasonable to restrict your export of
-zones via the zone transfer protocol. To limit the list of neighbors who
-can transfer zones from your server, use the \fIxfrnets\fP directive.
-.pp
-This directive has the same syntax as \fIforwarders\fP except that you can
-list network numbers in addition to host addresses. For example, you could
-add the directive
-.(b l
-\fIxfrnets 16.0.0.0\fP
-.)b
-.re
-if you wanted to permit only hosts on Class A network number 16 to transfer
-zones from your server. This is not nearly granular enough, and a future
-version of \s-1BIND\s+1 will permit such access-control to be specified on a
-per-host basis rather than the current per-net basis. Note that while
-addresses without explicit masks are assumed by this directive to be networks,
-you can specify a mask which is as granular as you wish, perhaps including
-all bits of the address such that only a single host is given transfer
-permission. For example, consider
-.(b l
-\fIxfrnets 16.1.0.2&255.255.255.255\fP
-.)b
-which would permit only host \fI16.1.0.2\fP to transfer zones from you. Note
-that no spaces are allowed surrounding the ``\fI&\fP'' character that
-introduces a netmask.
-.pp
-The \fIxfrnets\fP directive may also be given as \fItcplist\fP for
-compatibility with interim releases of \s-1BIND\s+1 4.9.
-
-.sh 3 "Sorting Addresses"
-.pp
-If there are multiple addresses available for a name server which \s-1BIND\s+1
-wants to contact, \s-1BIND\s+1 will try the ones it believes are ``closest''
-first. ``Closeness'' is defined in terms of similarity-of-address; that is,
-if one address is on the same \fIsubnet\fP as some interface of the local host,
-then that address will be tried first. Failing that, an address which is on
-the same \fInetwork\fP will be tried first. Failing that, they will be tried
-in a more-or-less random order unless the \fIsortlist\fP directive was given
-in the \fInamed.boot\fP file. \fIsortlist\fP has a syntax similar to
-\fIforwarders\fP, \fIxfrnets\fP, and \fIbogusns\fP \(em you give it a list
-of dotted-quad networks and it uses these to ``prefer'' some remote name server
-addresses over others. If no explicit mask is provided with each element of
-a \fIsortlist\fP, one will be inferred based on the high order address bits.
-.pp
-If you are on a Class C net which has a Class B net between you and the rest
-of the Internet, you could try to improve the name server's luck in getting
-answers by listing the Class B network's number in a \fIsortlist\fP
-directive. This should have the effect of trying ``closer'' servers before
-the more ``distant'' ones. Note that this behaviour is new as of \s-1BIND
-4.9\s+1.
-.pp
-The other and older effect of the \fIsortlist\fP directive is to cause
-\s-1BIND\s+1 to sort the \fIA\fP records in any response it generates, so as
-to put those which appear on the \fIsortlist\fP earlier than those which do
-not. This is not as helpful as you might think, since many clients will
-reorder the \fIA\fP records either at random or using \s-1LIFO\s+1; also,
-consider the fact that the server won't be able to guess the client's network
-topology, and so will not be able to accurately order for ``closeness'' to
-all possible clients. Doing the ordering in the resolver is clearly superior.
-.pp
-In actual practice, this directive is used only rarely since it hardwires
-information which changes rapidly; a network which is ``close'' today may
-be ``distant'' next month. Since \s-1BIND\s+1 builds up a cache of the
-remote name servers' response times, it will quickly converge on
-``reasonable'' behaviour, which isn't the same as ``optimal'' but it's
-close enough. Future directions for \s-1BIND\s+1 include choosing
-addresses based on local interface metrics (on hosts that have more than
-one) and perhaps on routing table information. We do not intend to solve
-the generalized ``multihomed host'' problem, but we should be able to do a
-little better than we're doing now. Likewise, we hope to see a higher
-level resolver library that sorts responses using topology information that
-only exists on the client's host.
-
-.sh 3 "Bogus Name Servers"
-.pp
-It happens occasionally that some remote name server goes ``bad''. You can
-tell your name server to refuse to listen to or ask questions of certain
-other name servers by listing them in a \fIbogusns\fP directive in your
-\fInamed.boot\fP file. Its syntax is the same as \fIforwarders\fP,
-\fIxfrnets\fP, and \fIsortlist\fP \(em you just give it a list of dotted-quad
-Internet addresses. Note that zones delegated to such servers will not be
-reachable from clients of your servers; thus you should use this directive
-sparingly or not at all.
-
-.sh 3 "Segmented Boot Files"
-.pp
-If you are secondary for a lot of zones, you may find it convenient to split
-your \fInamed.boot\fP file into a static portion which hardly ever changes
-(directives such as \fIdirectory\fP, \fIsortlist\fP, \fIxfrnets\fP and
-\fIcache\fP could go here), and dynamic portions that change frequently
-(all of your \fIprimary\fP directives might go in one file, and all of your
-\fIsecondary\fP directives might go in another file \(em and either or both
-of these might be fetched automatically from some neighbor so that they can
-change your list of secondary zones without requiring your active
-intervention). You can accomplish this via the \fIinclude\fP directive,
-which takes just a single file name as its argument. No quotes are needed
-around the file name. The file name will be evaluated after the name server
-has changed its working directory to that specified in the \fIdirectory\fP
-directive, so you can use relative pathnames if your system supports them.
-
-.sh 2 "Resolver Configuration"
-.pp
-The configuration file's name is \fI/etc/resolv.conf\fP.
-This file designates the name servers on the network that should
-be sent queries.
-The resolver will try to contact a name server on the localhost if it cannot
-find its configuration file. You should install the configuration file
-on every host anyway, since this is the only recommended way to specify a
-system-level default domain, and you can still list the local host's address
-if it runs a name server.
-It is considered reasonable to create this file even if you run a local
-server, since its contents will be cached by each client of the resolver
-library when the client makes its first call to a resolver routine.
-.pp
-The \fIresolv.conf\fP file contains directives, one per line, of the
-following forms:
-.(l I
-; comment
-# another comment
-domain \fIlocal-domain\fP
-search \fIsearch-list\fP
-nameserver \fIserver-address\fP
-sortlist \fIsort-list\fP
-options \fIoption-list\fP
-.)l
-Exactly one of the \fIdomain\fP or \fIsearch\fP directives should be given,
-exactly once.
-If the \fIsearch\fP directive is given, the first item in the given
-\fIsearch-list\fP will override any previously-specified \fIlocal-domain\fP.
-The \fInameserver\fP directive may be given up to three times; additional
-\fInameserver\fP directives will be ignored. Comments may be given by
-starting a line with a ``\fB\|;\|\fP'' or ``\fB\|#\|\fP''; note that
-comments were not permitted in versions of the resolver earlier than the one
-included with \s-1BIND 4.9\s+1 \(em so if your vendor's resolver supports
-comments, you know they are really on the ball.
-.pp
-The \fIlocal-domain\fP will be appended to any query-name that does not
-contain a ``\fB\|.\|\fP''. \fIlocal-domain\fP can be overridden on a
-per-process basis by setting the \s-1LOCALDOMAIN\s+1 environment variable.
-Note that \fIlocal-domain\fP processing can be disabled by setting an
-option in the resolver.
-.pp
-The \fIsearch-list\fP is a list of domains which are tried, in order,
-as qualifying domains for query-names which do not contain a ``\fB\|.\|\fP''.
-Note that \fIsearch-list\fP processing can be disabled by setting an
-option in the resolver. Also note that the environment variable
-``\s-1LOCALDOMAIN\s+1'' can override this \fIsearch-list\fP on a per-process
-basis.
-.pp
-The \fIserver-address\fP\|'s are aggregated and then used as the default
-destination of queries generated through the resolver. In other words,
-this is the way you tell the resolver which name servers it should use. It
-is possible for a given client application to override this list, and this
-is often done inside the name server (which is itself a \fIresolver\fP
-client) and in test programs such as \fInslookup\fP.
-Note that if you wish to list the
-local host in your resolver configuration file, you should probably use its
-primary Internet address rather than a local-host alias such as 127.0.0.1 or
-0.0.0.0. This is due to a bug in the handling of connected \s-1SOCK_DGRAM\s+1
-sockets in some versions of the \s+1BSD\s-1 networking code. If you must use
-an address-alias, you should prefer 0.0.0.0 (or simply ``0'') over 127.0.0.1,
-though be warned that depending on the vintage of your \s-1BSD\s+1-derived
-networking code, both of them are capable of failing in their own ways.
-If your host's IP
-implementation does not create a short-circuit route between the default
-interface and the loopback interface, then you might also want to add a
-static route (eg. in \fB/etc/rc.local\fP) to do so:
-.(b l
-\fIroute add myhost.domain.name localhost 1\fP
-.)b
-.pp
-The \fIsort-list\fP is a list of IP address, netmask pairs. Addresses
-returned by gethostbyname are sorted to the order specified by this list.
-Any addresses that do not match the address netmask pair will be returned
-after those that do. The netmask is optional and the natural netmask will be
-used if not specified.
-.pp
-The \fIoption-list\fP is a list of options which each override some internal
-resolver variable. Supported options at this time are:
-.ip \fBdebug\fP
-sets the \s-1RES_DEBUG\s+1 bit in \fB_res.options\fP.
-.ip \fBndots:\fP\fIn\fP
-sets the lower threshold (measured in ``number of dots'') on names given to
-\fIres_query\fP() such that names with more than this number of dots will be
-tried as absolute names before any \fIlocal-domain\fP or \fIsearch-list\fP
-processing is done. The default for this internal variable is ``1''.
-.\" .pp
-.\" Finally, if the environment variable \s-1HOSTALIASES\s+1 is set, it is
-.\" taken to contain the name of a file which in turn contains resolver-level
-.\" aliases. These aliases are applied only to names which do not contain any
-.\" ``\fB\|.\|\fP'' characters, and they are applied to query-names before the
-.\" query is generated. Note that the resolver options governing the operation
-.\" of \fIlocal-domain\fP and \fIsearch-list\fP do not apply to
-.\" \s-1HOSTALIASES\s+1.
-
-.sh 2 "Cache Initialization File"
-.sh 3 root.cache
-.pp
-The name server needs to know the servers that are the authoritative name
-servers for the root domain of the network. To do this we have to prime the
-name server's cache with the addresses of these higher authorities. The
-location of this file is specified in the boot file. This file uses the
-Standard Resource Record Format (aka. Masterfile Format) covered further on
-in this paper.
-
-.sh 2 "Domain Data Files"
-.pp
-There are two standard files for specifying the data for a
-domain. These are \fIhosts\fP and \fIhost.rev\fP.
-These files use the Standard Resource Record Format covered later
-in this paper. Note that the file names are arbitrary; many network
-administrators prefer to name their zone files after the domains they
-contain, especially in the average case which is where a given server
-is primary and/or secondary for many different zones.
-.sh 3 hosts
-.pp
-This file contains all the data about the machines in this zone.
-The location of this file is specified in the boot file.
-.sh 3 hosts.rev
-.pp
-This file specifies the IN-ADDR\|.\|ARPA domain.
-This is a special domain for allowing address to name mapping.
-As internet host addresses do not fall within domain boundaries,
-this special domain was formed to allow inverse mapping.
-The IN-ADDR\|.\|ARPA domain has four
-labels preceding it. These labels correspond to the 4 octets of
-an Internet address.
-All four octets must be specified even if an octet contains zero.
-The Internet address 128.32.0.4 is located in the domain
-4\|.\|0\|.\|32\|.\|128\|.\|IN-ADDR\|.\|ARPA.
-This reversal of the address is awkward to read but allows
-for the natural grouping of hosts in a network.
-.sh 3 named.local
-.pp
-This file specifies the \fIPTR\fP record for the local loopback interface,
-better known as \fIlocalhost\fP, whose network address is 127.0.0.1. The
-location of this file is specified in the boot file. It is vitally
-important to the proper operation of every name server that the 127.0.0.1
-address have a \fIPTR\fP record pointing back to the name
-``\fBlocalhost.\fP''. The name of this \fIPTR\fP record is always
-``\fB1.0.0.127.\s-1IN-ADDR.ARPA\s+1\fP''. This is necessary if you want
-your users to be able to use hostname-authentication (\fIhosts.equiv\fP or
-\fI~/.rhosts\fP) on the name ``\fBlocalhost\fP''. As implied by this
-\fIPTR\fP record, there should be a ``\fBlocalhost.\fP\fImy.dom.ain\fP''
-\fIA\fP record (with address 127.0.0.1) in every domain that contains hosts.
-``\fBlocalhost.\fP'' will lose its trailing dot when
-\fB1.0.0.127.in-addr.arpa\fP is queried for; then, the DEFNAMES and/or
-DNSRCH resolver options will cause ``\fBlocalhost\fP'' to be evaluated as a
-host name in the local domain, and that means the top domains (or ideally,
-every domain) in your resolver's search path had better have something by
-that name.
-.sh 2 "Standard Resource Record Format"
-.pp
-The records in the name server data files are called resource records.
-The Standard Resource Record Format (RR) is specified in RFC1035.
-The following is a general description of these records:
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class Record Type Record Specific data\fP
-.TE
-Resource records have a standard format shown above.
-The first field is always the name of the domain record
-and it must always start in column 1.
-For all RR's other than the first in a file, the name may be left blank;
-in that case it takes on the name of the previous RR.
-The second field is an optional time to live field.
-This specifies how long this data will be stored in the data base.
-By leaving this field blank the default time to live is specified
-in the \fIStart Of Authority\fP resource record (see below).
-The third field is the address class; currently, only one class is supported:
-\fIIN\fP for internet addresses and other internet information. Limited
-support is included for the \fIHS\fP class, which is for MIT/Athena ``Hesiod''
-information.
-The fourth field states the type of the resource record.
-The fields after that are dependent on the type of the RR.
-Case is preserved in names and data fields when loaded into the name server.
-All comparisons and lookups in the name server data base are case insensitive.
-.bl
-.b
-The following characters have special meanings:
-.ip ``\fB.\fP''
-A free standing dot in the name field refers to the root domain.
-.ip ``@''
-A free standing @ in the name field denotes the current origin.
-.ip "``\eX''"
-Where X is any character other than a digit (0-9),
-quotes that character so that its special meaning does not apply.
-For example, ``\e.'' can be used to place a dot character in a label.
-.ip "``\eDDD''"
-Where each D is a digit, is the octet corresponding to the
-decimal number described by DDD.
-The resulting octet is assumed to be text and
-is not checked for special meaning.
-.ip "``( )''"
-Parentheses are used to group data that crosses a line.
-In effect, line terminations are not recognized within parentheses.
-(At present, this notation only works for SOA RR's and is not optional.)
-.ip "``;''"
-Semicolon starts a comment; the remainder of the line is ignored. Note
-that a completely blank line is also considered a comment, and ignored.
-.ip "``*''"
-An asterisk signifies wildcarding. Note that this is just another data
-character whose special meaning comes about only during internal name
-server search operations. Wildcarding is only meaningful for some RR
-types (notably \fIMX\fP), and then only in the name field \(em not in
-the data fields.
-.pp
-Anywhere a name appears \(em either in the name field or in some data field
-defined to contain names \(em the current origin will be appended if the
-name does not end in a ``\fB\|.\|\fP''.
-This is useful for appending the current domain name to the data,
-such as machine names, but may cause problems where you do not want
-this to happen.
-A good rule of thumb is that, if the name is not in the domain for which
-you are creating the data file, end the name with a ``\fB.\fP''.
-.sh 3 $INCLUDE
-.pp
-An include line begins with $INCLUDE, starting in column 1,
-and is followed by a file name, and, optionally, by a new
-temporary $ORIGIN to be used while reading this file.
-This feature is
-particularly useful for separating different types of data into multiple files.
-An example would be:
-.(b l
-$INCLUDE /usr/local/adm/named/data/mail-exchanges
-.)b
-The line would be interpreted as a request to load the file
-\fI/usr/local/adm/named/data/mail-exchanges\fP. The $INCLUDE command does not cause
-data to be loaded into a different zone or tree. This is simply a way to
-allow data for a given primary zone to be organized in separate files.
-Not even the ``temporary $ORIGIN'' feature described above is sufficient
-to cause your data to branch out into some other zone \(em zone boundaries
-can only be introduced in the boot file.
-.pp
-A $INCLUDE file must have a name on its first RR. That is, the first
-character of the first non-comment line must not be a space. The current
-default name in the parent file \fIdoes not\fP carry into the $INCLUDE
-file.
-.sh 3 $ORIGIN
-.pp
-The origin is a way of changing the origin in a data file. The line starts
-in column 1, and is followed by a domain origin. This seems like it could
-be useful for putting more then one zone into a data file, but that's not
-how it works. The name server fundamentally requires a given zone to map
-entirely to some specific file. You should therefore be very careful to use
-$ORIGIN only once at the top of a file, or, within a file, to change to a
-``lower'' domain in the zone \(em never to some other zone altogether.
-.sh 3 "SOA - Start Of Authority"
-.(b L
-.TS
-l l l l l l.
-\fIname {ttl} addr-class SOA Origin Person in charge\fP
-@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
- 1995122103 ; Serial
- 10800 ; Refresh
- 1800 ; Retry
- 3600000 ; Expire
- 259200 ) ; Minimum
-.TE
-.)b
-The \fIStart of Authority, SOA,\fP record designates the start of a zone.
-The name is the name of the zone and is often given as ``@'' since this
-is always the current $ORIGIN and the SOA RR is usually the first record
-of the primary zone file.
-Origin is the name of the host on which this data file resides (in other
-words, the \fIprimary master\fP server for this zone.)
-Person in charge is the e-mail address for the person responsible
-for the name server, with ``@'' changed to a ``.''.
-The serial number is the version number of this data file and must be a
-positive integer.
-This number must be incremented whenever a change is made to the data.
-Older servers permitted the use of a phantom ``.'' in this and other
-numbers in a zone file; the meaning of n.m was ``n000m'' rather than the
-more intuitive ``n*1000+m'' (such that 1.234 translated to 1000234 rather
-than to 1234). This feature has been deprecated due to its
-obscurity, unpredictability, and lack of necessity.
-Note that using a ``YYYYMMDDNN'' notation you can still make 100 changes
-per day until the year 4294. You should choose a notation that works for
-you. If you're a clever \fIperl\fP programmer you could even use \fIRCS\fP
-version numbers to help generate your zone serial numbers.
-The refresh indicates how often, in seconds, the secondary name servers
-are to check with the primary name server to see if an update is needed.
-The retry indicates how long, in seconds, a secondary server should wait
-before retrying a failed zone transfer.
-Expire is the upper limit, in seconds, that a secondary name server
-is to use the data before it expires for lack of getting a refresh.
-Minimum is the default number of seconds to be used for the Time To Live
-field on resource records which do not specify one in the zone file.
-It is also an enforced minimum on Time To Live if it is specified on
-some resource record (RR) in the zone.
-There must be exactly one \fISOA\fP record per zone.
-.sh 3 "NS - Name Server"
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class NS Name servers name\fP
- IN NS ucbarpa\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB.\fP
-.TE
-The \fIName Server\fP record, \fINS\fP, lists a name server responsible
-for a given domain, creating a \fIdelegation point\fP and a \fIsubzone\fP.
-The first name field specifies the zone that is serviced by
-the name server specified by the second name.
-Every zone needs at least two name servers.
-.bp \" ----PLACEMENT HACK----
-.sh 3 "A - Address"
-.TS
-l l l l l.
-\fI{name} {ttl} addr-class A address\fP
-ucbarpa IN A 128\fB.\fP32\fB.\fP0\fB.\fP4
- IN A 10\fB.\fP0\fB.\fP0\fB.\fP78
-.TE
-The \fIAddress\fP record, \fIA\fP, lists the address for a given machine.
-The name field is the machine name and the address is the network address.
-There should be one \fIA\fP record for each address of the machine.
-.sh 3 "HINFO - Host Information"
-.TS
-l l l l l l.
-\fI{name} {ttl} addr-class HINFO Hardware OS\fP
- IN HINFO VAX-11/780 UNIX
-.TE
-\fIHost Information\fP resource record, \fIHINFO\fP, is for host specific
-data. This lists the hardware and operating system that are running at the
-listed host. If you want to include a space in the machine name you must
-quote the name (using ``"'' characters.) There could be one \fIHINFO\fP
-record for each host, though for security reasons most domains don't have
-any \fIHINFO\fP records at all. No application depends on them.
-.(b L
-.sh 3 "WKS - Well Known Services"
-.TS
-l l l l l l l.
-\fI{name} {ttl} addr-class WKS address protocol list of services\fP
- IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 UDP who route timed domain
- IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 TCP ( echo telnet
- discard sunrpc sftp
- uucp-path systat daytime
- netstat qotd nntp
- link chargen ftp
- auth time whois mtp
- pop rje finger smtp
- supdup hostnames
- domain
- nameserver )
-.TE
-The \fIWell Known Services\fP record, \fIWKS\fP, describes the well known
-services supported by a particular protocol at a specified address. The
-list of services and port numbers come from the list of services specified
-in \fI/etc/services.\fP There should be only one \fIWKS\fP record per
-protocol per address. Note that RFC1123 says of \fIWKS\fP records:
-.)b
-.(l L
- 2.2 Using Domain Name Service
- ...
- An application SHOULD NOT rely on the ability to locate a WKS
- record containing an accurate listing of all services at a
- particular host address, since the WKS RR type is not often used
- by Internet sites. To confirm that a service is present, simply
- attempt to use it.
- ...
- 5.2.12 WKS Use in MX Processing: RFC-974, p. 5
-
- RFC-974 [SMTP:3] recommended that the domain system be queried
- for WKS ("Well-Known Service") records, to verify that each
- proposed mail target does support SMTP. Later experience has
- shown that WKS is not widely supported, so the WKS step in MX
- processing SHOULD NOT be used.
- ...
- 6.1.3.6 Status of RR Types
- ...
- The TXT and WKS RR types have not been widely used by
- Internet sites; as a result, an application cannot rely
- on the existence of a TXT or WKS RR in most
- domains.
-.)l
-.sh 3 "CNAME - Canonical Name"
-.TS
-l l l l l.
-\fIalias {ttl} addr-class CNAME Canonical name\fP
-ucbmonet IN CNAME monet
-.TE
-The \fICanonical Name\fP resource record, \fICNAME\fP, specifies an
-alias or nickname for the official, or canonical, host name.
-This record must be the only one associated with the alias name.
-All other resource records must be
-associated with the canonical name, not with the nickname.
-Any resource records that include a domain name as their value
-(e.g., NS or MX) \fImust\fP list the canonical name, not the nickname.
-Similarly, a CNAME will be followed when searching for A RRs, but not
-for MX RRs or NS RRs or most other types of RRs. CNAMEs are allowed
-to point to other CNAMEs, but this is considered sloppy.
-.pp
-Nicknames are useful when a well known host changes its name. In that
-case, it is usually a good idea to have a \fICNAME\fP record so that
-people still using the old name will get to the right place.
-.sh 3 "PTR - Domain Name Pointer"
-.TS
-l l l l l.
-\fIname {ttl} addr-class PTR real name\fP
-7.0 IN PTR monet\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB\|.\fP
-.TE
-A \fIDomain Name Pointer\fP record, \fIPTR\fP, allows special names to point
-to some other location in the domain. The above example of a \fIPTR\fP
-record is used in setting up reverse pointers for the special
-\fIIN-ADDR\fP\fB\|.\|\fP\fIARPA\fP domain. This line is from the example
-\fIhosts.rev\fP file. \fIPTR\fP records are needed by the
-\fIgethostbyaddr\fP function. Note the trailing ``\fB\|.\|\fP'' which
-prevents \s-1BIND\s+1 from appending the current \s-1$ORIGIN\s+1 to that
-domain name.
-.sh 3 "MX - Mail Exchange"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class MX preference value mail exchange\fP
-Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN MX 0 Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP
-*\fB\|.\|\fPIL\fB\|.\fP IN MX 0 RELAY\fB\|.\|\fPCS\fB\|.\|\fPNET\fB\|.\fP
-.TE
-\fIMail eXchange\fP records, \fIMX\fP, are used to specify a list of hosts
-which are configured to receive mail sent to this domain name. Every name
-which receives mail should have an \fIMX\fP since if one is not found at the
-time mail is being delivered, an \fIMX\fP will be ``imputed'' with a cost
-of 0 and a destination of the host itself. If you want a host to receive
-its own mail, you should create an \fIMX\fP for your host's name, pointing
-at your host's name. It is better to have this be explicit than to let it
-be imputed by remote mailers.
-In the first example, above,
-Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP is a mail gateway that knows how
-to deliver mail to Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP. These two
-machines may have a private connection or use a different transport medium.
-The preference value is the order that a mailer should follow when there is
-more than one way to deliver mail to a single machine. Note that lower
-numbers indicate higher precedence, and that mailers are supposed to randomize
-same-valued \fIMX\fP hosts so as to distribute the load evenly if the costs
-are equal. See RFC974 for more detailed information.
-.pp
-Wildcard names containing the character ``*'' may be used for mail routing
-with \fIMX\fP records. There are likely to be servers on the network that
-simply state that any mail to a domain is to be routed through a relay.
-Second example, above, all mail to hosts in the domain IL is routed through
-RELAY.CS.NET. This is done by creating a wildcard resource record, which
-states that *.IL has an \fIMX\fP of RELAY.CS.NET. Wildcard \fIMX\fP records
-are not very useful in practice, though, since once a mail message gets to
-the gateway for a given domain it still has to be routed \fIwithin\fP that
-domain and it is not currently possible to have an apparently-different set
-of \fIMX\fP records inside and outside of a domain. If you won't be needing
-any Mail Exchanges inside your domain, go ahead and use a wildcard. If you
-want to use both wildcard ``top-level'' and specific ``interior'' \fIMX\fP
-records, note that each specific record will have to ``end with'' a complete
-recitation of the same data that is carried in the top-level record. This
-is because the specific \fIMX\fP records will take precedence over the
-top-level wildcard records, and must be able to perform the top-level's
-if a given interior domain is to be able to receive mail from outside the
-gateway. Wildcard \fIMX\fP records are very subtle and you should be careful
-with them.
-.sh 3 "TXT - Text"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class TXT string\fP
-Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN TXT "foo"
-.TE
-A \fITXT\fP record contains free-form textual data. The syntax of the text
-depends on the domain where it is found; many systems use \fITXT\fP records
-to encode local data in a stylized format. MIT Hesiod is one such system.
-.sh 3 "RP - Responsible Person"
-.TS
-l l l l l l.
-\fIowner {ttl} addr-class RP mbox-domain-name TXT-domain-name\fP
-franklin IN RP ben.franklin.berkeley.edu. sysadmins.berkeley.edu.
-.TE
-.pp
-The Responsible Person record, \fIRP\fP, identifies the name or group name of
-the responsible person for a host. Often it is desirable to be able to
-identify the responsible entity for a particular host. When that host
-is down or malfunctioning, you would want to contact those parties
-who might be able to repair the host.
-.pp
-The first field, \fImbox-domain-name\fP, is a domain name that specifies the
-mailbox for the responsible person. Its format in a zone file uses
-the \s-1DNS\s+1 convention for mailbox encoding, identical to that used for
-the \fIPerson-in-charge\fP mailbox field in the SOA record.
-In the example above, the \fImbox-domain-name\fP shows the encoding for
-``\fB<ben@franklin.berkeley.edu>\fP''.
-The root domain name (just ``\fB\|.\|\fP'') may be specified
-to indicate that no mailbox is available.
-.pp
-The second field, \fITXT-domain-name\fP, is a domain name for which
-\fITXT\fP records exist. A subsequent query can be performed to retrieve
-the associated \fITXT\fP resource records at \fITXT-domain-name\fP. This
-provides a level of indirection so that the entity can be referred to from
-multiple places in the \s-1DNS\s+1. The root domain name (just
-``\fB\|.\|\fP'') may be specified for \fITXT-domain-name\fI to indicate
-that no associated \fITXT\fP RR exists. In the example above,
-``\fBsysadmins.berkeley.edu.\fP'' is the name of a TXT record that might
-contain some text with names and phone numbers.
-.pp
-The format of the \fIRP\fP record is class-insensitive.
-Multiple \fIRP\fP records at a single name may be present in the database,
-though they should have identical TTLs.
-.pp
-The \fIRP\fP record is still experimental; not all name servers implement
-or recognize it.
-.sh 3 "AFSDB - DCE or AFS Server"
-.TS
-l l l l l l.
-\fIname {ttl} addr-class AFSDB subtype server host name\fP
-toaster.com. IN AFSDB 1 jack.toaster.com.
-toaster.com. IN AFSDB 1 jill.toaster.com.
-toaster.com. IN AFSDB 2 tracker.toaster.com.
-.TE
-\fIAFSDB\fP records are used to specify the hosts that provide a style of
-distributed service advertised under this domain name. A subtype value
-(analogous to the ``preference'' value in the \fIMX\fP record) indicates
-which style of distributed service is provided with the given name.
-Subtype 1 indicates that the named host is an AFS (R) database server for
-the AFS cell of the given domain name. Subtype 2 indicates that the
-named host provides intra-cell name service for the DCE (R) cell named by
-the given domain name.
-In the example above, jack\fB\|.\|\fPtoaster\fB\|.\|\fPcom and
-jill\fB\|.\|\fPtoaster\fB\|.\|\fPcom are declared to be AFS database
-servers for the toaster\fB\|.\|\fPcom AFS cell, so that AFS clients
-wishing service from toaster\fB\|.\|\fPcom are directed to those two hosts
-for further information. The third record declares that
-tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom houses a directory server for the
-root of the DCE cell toaster\fB\|.\|\fPcom, so that DCE clients that wish
-to refer to DCE services should consult with the host
-tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom for further information. The
-DCE sub-type of record is usually accompanied by a \fITXT\fP record for
-other information specifying other details to be used in accessing the
-DCE cell. RFC1183 contains more detailed information on the use of
-this record type.
-.pp
-The \fIAFSDB\fP record is still experimental; not all name servers implement
-or recognize it.
-
-.sh 3 "PX - Pointer to X.400/RFC822 mapping information"
-.TS
-l l l l l l l.
-\fIname {ttl} addr-class PX prefer 822-dom X.400-dom\fP
-*.ADMD-garr.X42D.it. IN PX 50 it. ADMD-garr.C-it.
-*.infn.it. IN PX 50 infn.it. O.PRMD-infn.ADMD-garr.C-it.
-*.it. IN PX 50 it. O-gate.PRMD-garr.ADMD-garr.C-it.
-.TE
-.pp
-The \fIPX\fP records (\fIPointer to X.400/RFC822 mapping information\fP)
-are used to specify address mapping rules between X.400 O/R addresses and
-RFC822 style (domain-style) mail addresses. For a detailed description of the
-mapping process please refer to RFC1327.
-.pp
-Mapping rules are of 3 different types:
-.pp
-1) mapping from X.400 to RFC822 (defined as "table 1 rules" in RFC1327)
-.pp
-2) mapping from RFC822 to X.400 (defined as "table 2 rules" in RFC1327)
-.pp
-3) encoding RFC822 into X.400 (defined as "gate table" in RFC1327)
-.pp
-All three types of mapping rules are specified using \fIPX\fP Resource
-Records in DNS, although the \fIname\fP value is different: for case 1, the
-\fIname\fP value is an X.400 domain in DNS syntax, whereas for cases 2 and
-3 the \fIname\fP value is an RFC822 domain. Refer to RFC-1664 for details
-on specifying an X.400 domain in DNS syntax and for the use of the
-\fIX42D\fP keyword in it. Tools are available to convert from RFC1327
-tables format into DNS files syntax. \fIPreference\fP is analogous to the
-\fIMX\fP RR Preference parameter: it is currently advised to use a fixed
-value of 50 for it. \fI822-dom\fP gives the RFC822 part of the mapping
-rules, and \fIX.400-dom\fP gives the X.400 part of the mapping rule (in DNS
-syntax). It is currently advised always to use wildcarded \fIname\fP
-values, as the RFC1327 tables specifications permit wildcard
-specifications only. This is to keep compatibility with existing services
-using static RFC1327 tables instead of DNS \fIPX\fP information.
-.pp
-Specifications of mapping rules from X.400 to RFC822 syntax requires the
-creation of an appropriate X.400 domain tree into DNS, including thus specific
-\fISOA\fP and \fINS\fP records for the domain itself. Specification of mapping
-rules from RFC822 into X.400 can be embedded directly into the normal direct
-\fIname\fP tree.
-Again, refer to RFC1664 for details about organization of this structure.
-.pp
-Tools and library routines, based on the standard resolver ones, are available
-to retrieve from DNS the appropriate mapping rules in RFC1327 or DNS syntax.
-.pp
-Once again, refer to RFC1664 to use the \fIPX\fP resource record, and be careful
-in coordinating the mapping information you can specify in DNS with the same
-information specified into the RFC1327 static tables.
-.pp
-The \fIPX\fP record is still experimental; not all servers implement or
-recognize it.
-
-.sh 2 "Discussion about the TTL"
-.pp
-The Time To Live assigned to the records and to the zone via the
-Minimum field in the SOA record is very important. High values will
-lead to lower BIND network traffic and faster response time. Lower
-values will tend to generate lots of requests but will allow faster
-propagation of changes.
-.pp
-Only changes and deletions from the zone are affected by the TTLs.
-Additions propagate according to the Refresh value in the SOA.
-.pp
-Experience has shown that sites use default TTLs for their zones varying
-from around 0.5 day to around 7 days. You may wish to consider boosting
-the default TTL shown in former versions of this guide from one day
-(86400 seconds) to three days (259200 seconds). This will drastically
-reduce the number of requests made to your name servers.
-.pp
-If you need fast propagation of changes and deletions, it might be wise
-to reduce the Minimum field a few days before the change, then do the
-modification itself and augment the TTL to its former value.
-.pp
-If you know that your zone is pretty stable (you mainly add new records
-without deleting or changing old ones) then you may even wish to consider
-a TTL higher than three days.
-.pp
-Note that in any case, it makes no sense to have records with a TTL
-below the SOA Refresh delay, as Delay is the time required for secondaries
-to get a copy of the newly modified zone.
-
-.sh 2 "About ``secure zones''
-.pp
-Secure zones implement named security on a zone by zone basis. It is
-designed to use a permission list of networks or hosts which may obtain
-particular information from the zone.
-.pp
-In order to use zone security, \fInamed\fP must be compiled with SECURE_ZONES
-defined and you must have at least one secure_zone TXT RR. Unless a
-\fIsecure_zone\fP record exists for a given zone, no restrictions will be
-applied to the data in that zone. The format of the secure_zone TXT RR is:
-.lp
-secure_zone\h'0.5i'addr-class\h'0.5i'TXT\h'0.5i'string
-.pp
-The addr-class may be either \fIHS\fP or \fIIN\fP. The syntax for the TXT
-string is either ``network address:netmask'' or ``host IP address:H''.
-.pp
-``network address:netmask'' allows queries from an entire network. If the
-netmask is omitted, named will use the default netmask for the network
-address specified.
-.pp
-``host IP address:H'' allows queries from a host. The ``H'' after the ``:''
-is required to differentiate the host address from a network address.
-Multiple secure_zone TXT RRs are allowed in the same zone file.
-.pp
-For example, you can set up a zone to only answer Hesiod requests from the
-masked class B network 130.215.0.0 and from host 128.23.10.56 by adding the
-following two TXT RR's:
-.lp
-secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``130.215.0.0:255.255.0.0''
-secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``128.23.10.56:H''
-.pp
-This feature can be used to restrict access to a Hesiod password map or to
-separate internal and external internet address resolution on a firewall
-machine without needing to run a separate named for internal and external
-address resolution.
-.pp
-Note that you will need to include your loopback interface (127.0.0.1) in
-your secure_zone record, or your local clients won't be able to resolve
-names.
-
-.sh 2 "About Hesiod, and HS-class Resource Records
-.pp
-Hesiod, developed by \s-1MIT\s+1 Project Athena, is an information service
-built upon \s-1BIND\s+1. Its intent is similar to that of Sun's
-\s-1NIS\s+1: to furnish information about users, groups, network-accessible
-file systems, printcaps, and mail service throughout an installation. Aside
-from its use of \s-1BIND\s+1 rather than separate server code another
-important difference between Hesiod and \s-1NIS\s+1 is that Hesiod is not
-intended to deal with passwords and authentication, but only with data that
-are not security sensitive. Hesiod servers can be implemented by adding
-resource records to \s-1BIND\s+1 servers; or they can be implemented as
-separate servers separately administered.
-.pp
-To learn about and obtain Hesiod make an anonymous \s-1FTP\s+1 connection to
-host \s-1ATHENA-DIST.MIT.EDU\s+1 and retrieve the compressed tar file
-\fB/pub/ATHENA/hesiod.tar.Z\fP. You will not need the named and resolver
-library portions of the distribution because their functionality has already
-been integrated into \s-1BIND as of 4.9\s+1. To learn how Hesiod functions
-as part of the Athena computing environment obtain the paper
-\fB/pub/ATHENA/usenix/athena-changes.PS\fP from the above \s-1FTP\s+1 server
-host. There is also a tar file of sample Hesiod resource files.
-.pp
-Whether one should use Hesiod class is open to question, since the same
-services can probably be provided with class IN, type TXT and type
-CNAME records. In either case, the code and documents for Hesiod will
-suggest how to set up and use the service.
-.pp
-Note that while \s-1BIND\s+1 includes support for \fIHS\fP-class queries,
-the zone transfer logic for non-\fIIN\fP-class zones is still experimental.
-
-.sh 2 "Sample Files"
-.pp
-The following section contains sample files for the name server.
-This covers example boot files for the different types of servers
-and example domain data base files.
diff --git a/contrib/bind/doc/bog/intro.me b/contrib/bind/doc/bog/intro.me
deleted file mode 100644
index 597fa440b2d30..0000000000000
--- a/contrib/bind/doc/bog/intro.me
+++ /dev/null
@@ -1,75 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)intro.me 6.2 (Berkeley) 2/28/88
-.\"
-.sh 1 Introduction
-.pp
-The Berkeley Internet Name Domain (\s-1BIND\s+1) implements an Internet name
-server for \s-2BSD\s+2-derived operating systems. The \s-1BIND\s+1 consists
-of a server (or ``daemon'') called \fInamed\fP and a \fIresolver\fP library.
-A name server is a network service that enables clients to name resources or
-objects and share this information with other objects in the network. This
-in effect is a distributed data base system for objects in a computer
-network. The \s-1BIND\s+1 server runs in the background, servicing queries
-on a well known network port. The standard port for UDP and TCP is specified
-in \fI/etc/services\fP. The \fIresolver\fP is a set of routines residing
-in a system library that provides the interface that programs can use to
-access the domain name services.
-.pp
-BIND is fully integrated into BSD (4.3 and later releases)
-network programs for use in storing and retrieving host names and address.
-The system administrator can configure the system to use BIND as a
-replacement to the older host table lookup of information in the network
-hosts file \fI/etc/hosts\fP. The default configuration for BSD uses
-BIND.
diff --git a/contrib/bind/doc/bog/manage.me b/contrib/bind/doc/bog/manage.me
deleted file mode 100644
index 6f17b80b7bb1d..0000000000000
--- a/contrib/bind/doc/bog/manage.me
+++ /dev/null
@@ -1,156 +0,0 @@
-.\" ++Copyright++ 1986, 1988, 1995
-.\" -
-.\" Copyright (c) 1986, 1988, 1995
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)manage.me 6.6 (Berkeley) 9/19/89
-.\" $Id: manage.me,v 8.4 1995/12/22 10:20:24 vixie Exp $
-.\"
-.sh 1 "Domain Management"
-.pp
-This section contains information for starting, controlling and debugging
-\fInamed\fP.
-.sh 2 /etc/rc.local
-.pp
-The hostname should be set to the full domain style name in
-\fI/etc/rc.local\fP using \fIhostname\|(1)\fP. The following entry should
-be added to \fI/etc/rc.local\fP to start up \fInamed\fP at system boot time:
-.(b l
-\fIif [ -f /usr/sbin/named ]; then
- /usr/sbin/named\fP [options] \fI& echo -n ' named' >/dev/console\fP
-\fIfi\fP
-.)b
-This usually directly follows the lines that start \fIsyslogd\fP.
-\fBDo Not\fP attempt to run \fInamed\fP from \fIinetd\fP.
-This will
-continuously restart the name server and defeat the purpose of the cache.
-.sh 2 /var/run/named.pid
-.pp
-When \fInamed\fP is successfully started up it writes its process id into
-the file \fI/var/run/named.pid\fP. This is useful to programs that want to
-send signals to \fInamed\fP. The name of this file may be changed by defining
-\fIPIDFILE\fP to the new name when compiling \fInamed\fP.
-.sh 2 /etc/hosts
-.pp
-The \fIgethostbyname\|()\fP library call can detect if \fInamed\fP is running.
-If it is determined that \fInamed\fP is not running it will look in
-\fI/etc/hosts\fP to resolve an address.
-This option was added to allow \fIifconfig\|(8C)\fP to configure the machines
-local interfaces and to enable a system manager to access the network
-while the system is in single user mode.
-It is advisable to put the local machines interface addresses and a couple of
-machine names and address in
-\fI/etc/hosts\fP so the system manager can rcp files from another machine
-when the system is in single user mode.
-The format of \fI/etc/hosts\fP has not changed. See \fIhosts\|(5)\fP
-for more information.
-Since the process of reading \fI/etc/hosts\fP is slow,
-it is not advisable to use this option when the system is in multi user mode.
-
-.sh 2 Signals
-.pp
-There are several signals that can be sent to the \fInamed\fP process
-to have it do tasks without restarting the process.
-.sh 3 Reload
-.pp
-SIGHUP -
-Causes \fInamed\fP to read \fInamed.boot\fP and reload the database.
-This is useful when you have made a change to a ``primary'' data file
-and you want \fInamed\fP\|'s internal database to reflect the change.
-If you build \s-1BIND\s+1 with the \s-1FORCED_RELOAD\s+1 option, then
-\s-1SIGHUP\s+1 also has the effect of scheduling all ``secondary'' zones
-for serial-number checks, which could lead to zone transfers ahead of
-the usual schedule. Normally serial-number compares are done only at
-the intervals specified in the zone's \s-1SOA\s+1 record.
-.sh 3 Debugging
-.pp
-When \fInamed\fP is running incorrectly, look first in
-\fI/var/log/messages\fP and check for any messages logged by \fIsyslog\fP.
-Next send it a signal to see what is happening. Unless you run it with the
-``-d'' option, \fInamed\fP has very little to say on its standard output or
-standard error. Everything \fInamed\fP has to say, it says to \fIsyslog\fP.
-.pp
-SIGINT -
-Dumps the current data base and cache to
-\fI/var/tmp/named_dump.db\fP
-This should give you an indication to whether the data base was loaded
-correctly.
-The name of the dump file may be changed
-by defining \fIDUMPFILE\fP to the new name when compiling \fInamed\fP.
-
-\fINote:\fP the following two signals only work when \fInamed\fP is built with
-\fIDEBUG\fP defined.
-.pp
-SIGUSR1 -
-Turns on debugging. Each following SIGUSR1 increments the debug level.
-The output goes to \fI/var/tmp/named.run\fP
-The name of this debug file may be changed
-by defining \fIDEBUGFILE\fP to the new name before compiling \fInamed\fP.
-.pp
-SIGUSR2 -
-Turns off debugging completely.
-
-For more detailed debugging, define DEBUG when compiling the resolver
-routines into \fI/lib/libc.a\fP.
-.pp
-SIGWINCH -
-Toggles tracing of all incoming queries if \fInamed\fP has been
-compiled with \fIQRYLOG\fP defined. The trace is sent to syslog, and
-is huge, but it is very useful for tracking down problems.
-
-To run with tracing of all queries specify the \fI-q\fP flag on the
-command line. If you routinely log queries you will probably want to
-analyze the results using the dnsstats stats script in the
-contrib directory.
-.pp
-SIGIOT -
-Dumps statistics data into \fI/var/tmp/named.stats\fP if the server
-is built with \fISTATS\fP defined. Statistics are appended to the file.
diff --git a/contrib/bind/doc/bog/named.boot.cache b/contrib/bind/doc/bog/named.boot.cache
deleted file mode 100644
index 5e0e3d3481281..0000000000000
--- a/contrib/bind/doc/bog/named.boot.cache
+++ /dev/null
@@ -1,77 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)named.boot.cache 6.4 (Berkeley) 9/19/89
-.\"
-.ne 13v
-.sh 4 "Caching Only Server"
-.(b L
-.TS
-l.
-;
-; Boot file for Caching Only Name Server
-;
-.TE
-.TS
-l l l
-l
-l l l.
-; type domain source file or host
-;
-directory /usr/local/adm/named
-cache \fB.\fP root\fB.\fPcache
-primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal
-.TE
-.)b
-
-
diff --git a/contrib/bind/doc/bog/named.boot.primary b/contrib/bind/doc/bog/named.boot.primary
deleted file mode 100644
index 0f3c3ca9aa85b..0000000000000
--- a/contrib/bind/doc/bog/named.boot.primary
+++ /dev/null
@@ -1,78 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)named.boot.primary 6.4 (Berkeley) 9/19/89
-.\"
-.ne 15v
-.sh 3 "Boot Files"
-.sh 4 "Primary Server"
-.(b L
-.TS
-l.
-;
-; Boot file for Primary Name Server
-;
-.TE
-.TS
-l l l
-l
-l l l.
-; type domain source file or host
-;
-directory /usr/local/adm/named
-primary Berkeley\fB.\fPEdu ucbhosts
-primary 32\fB.\fP128\fB.\fPin-addr\fB.\fParpa ucbhosts\fB.\fPrev
-primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal
-cache \fB.\fP root\fB.\fPcache
-.TE
-.)b
diff --git a/contrib/bind/doc/bog/named.boot.secondary b/contrib/bind/doc/bog/named.boot.secondary
deleted file mode 100644
index 64a607d58019e..0000000000000
--- a/contrib/bind/doc/bog/named.boot.secondary
+++ /dev/null
@@ -1,77 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)named.boot.secondary 6.4 (Berkeley) 9/19/89
-.\"
-.ne 12v
-.sh 4 "Secondary Server"
-.(b L
-.TS
-l.
-;
-; Boot file for Secondary Name Server
-;
-.TE
-.TS
-l l l
-l
-l l l.
-; type domain source file or host
-;
-directory /usr/local/adm/named
-secondary Berkeley\fB.\fPEdu 128\fB.\fP32\fB.\fP0\fB.\fP4 128\fB.\fP32\fB.\fP0\fB.\fP10 ucbhosts.bak
-secondary 32\fB.\fP128\fB.\fPin-addr\fB.\fParpa 128\fB.\fP32\fB.\fP0\fB.\fP4 128\fB.\fP32\fB.\fP0\fB.\fP10 ucbhosts.rev.bak
-primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal
-cache \fB.\fP root\fB.\fPcache
-.TE
-.)b
diff --git a/contrib/bind/doc/bog/named.local b/contrib/bind/doc/bog/named.local
deleted file mode 100644
index 209c5be8bae20..0000000000000
--- a/contrib/bind/doc/bog/named.local
+++ /dev/null
@@ -1,75 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)named.local 6.3 (Berkeley) 5/24/89
-.\"
-.ne 13v
-.sh 3 "named.local"
-.(b L
-
-.TS
-l l l l l s.
-@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu. kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
-.T&
-l l l l l.
- 1994072100 ; Serial
- 10800 ; Refresh
- 1800 ; Retry
- 3600000 ; Expire
- 259200 ) ; Minimum
-.T&
-l l l l l s.
- IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ; pedantic
-1 IN PTR localhost\fB.\fP
-.TE
-.)b
diff --git a/contrib/bind/doc/bog/ns.me b/contrib/bind/doc/bog/ns.me
deleted file mode 100644
index ec3ca3c7988e1..0000000000000
--- a/contrib/bind/doc/bog/ns.me
+++ /dev/null
@@ -1,96 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)ns.me 6.3 (Berkeley) 9/19/89
-.\"
-.sh 1 "The Name Service"
-.pp
-The basic function of the name server is to provide information about network
-objects by answering queries. The specifications for this name server are
-defined in RFC1034, RFC1035 and RFC974. These documents can be found in
-\fI/usr/src/etc/named/doc\fP in 4.3BSD or \fIftp\fPed from
-\fBftp.rs.internic.net\fP.
-It is also recommended that you read the related manual pages,
-\fInamed\fP\|(8),
-\fIresolver\fP\|(3),
-and \fIresolver\fP\|(5).
-.pp
-The advantage of using a name server over the host table lookup for host
-name resolution is to avoid the need for a single centralized clearinghouse
-for all names. The authority for this information can be delegated to the
-different organizations on the network responsible for it.
-.pp
-The host table lookup routines require that the master file for the entire
-network be maintained at a central location by a few people. This works
-fine for small networks where there are only a few machines and the
-different organizations responsible for them cooperate. But this does not
-work well for large networks where machines cross organizational boundaries.
-.pp
-With the name server, the network can be broken into a hierarchy of domains.
-The name space is organized as a tree according to organizational or
-administrative boundaries.
-Each node, called a \fIdomain\fP, is given a label, and the name of the
-domain is the concatenation of all the labels of the domains from
-the root to the current domain, listed from right to left separated by dots.
-A label need only be unique within its domain.
-The whole space is partitioned into several areas called \fIzones\fP,
-each starting at a domain and extending down to the leaf domains or to
-domains where other zones start.
-Zones usually represent administrative boundaries.
-An example of a host address for a host at the University of California,
-Berkeley would look as follows:
-.(b
-\fImonet\fP\|\fB.\fP\|\fIBerkeley\fP\|\fB.\fP\|\fIEDU\fP
-.)b
-The top level domain for educational organizations is EDU;
-Berkeley is a subdomain of EDU and monet is the name of the host.
diff --git a/contrib/bind/doc/bog/resolv.conf b/contrib/bind/doc/bog/resolv.conf
deleted file mode 100644
index 1f15991f8e6ac..0000000000000
--- a/contrib/bind/doc/bog/resolv.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)resolv.conf 6.2 (Berkeley) 2/29/88
-.\"
-.ne 6v
-.\" .bp
-.sh 3 "Remote Server / DNS Client"
-.sh 4 "/etc/resolv.conf"
-.(b L
-
-domain Berkeley\fB.\fPEdu
-nameserver 128\fB.\fP32\fB.\fP0\fB.\fP4
-nameserver 128\fB.\fP32\fB.\fP0\fB.\fP10
-sortlist 130.155.160.0/255.255.240.0 130.155.0.0
-
-.)b
diff --git a/contrib/bind/doc/bog/root.cache b/contrib/bind/doc/bog/root.cache
deleted file mode 100644
index 3bf572724f826..0000000000000
--- a/contrib/bind/doc/bog/root.cache
+++ /dev/null
@@ -1,102 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)root.cache 6.4 (Berkeley) 4/29/90
-.\"
-.ne 38v
-.sh 3 "root.cache"
-.(b L
-
-;
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC registration services
-; under anonymous FTP as
-; file /domain/named.root
-; on server FTP.RS.INTERNIC.NET
-; -OR- under Gopher at RS.INTERNIC.NET
-; under menu InterNIC Registration Services (NSI)
-; submenu InterNIC Registration Archives
-; file named.root
-;
-; last update: Oct 5, 1994
-; related version of root zone: 1994100500
-;
-.TS
-l l l l l.
-\fB.\fP 604800 IN NS NS\fB.\fPINTERNIC\fB.\fPNET\fB.\fP
-NS\fB.\fPINTERNIC\fB.\fPNET\fB.\fP 604800 IN A 198\fB.\fP41\fB.\fP0\fB.\fP4
-\fB.\fP 604800 IN NS NS1\fB.\fPISI\fB.\fPEDU\fB.\fP
-NS1\fB.\fPISI\fB.\fPEDU\fB.\fP 604800 IN A 128\fB.\fP9\fB.\fP0\fB.\fP107
-\fB.\fP 604800 IN NS C\fB.\fPPSI\fB.\fPNET\fB.\fP
-C\fB.\fPPSI\fB.\fPNET\fB.\fP 604800 IN A 192\fB.\fP33\fB.\fP4\fB.\fP12
-\fB.\fP 604800 IN NS TERP\fB.\fPUMD\fB.\fPEDU\fB.\fP
-TERP\fB.\fPUMD\fB.\fPEDU\fB.\fP 604800 IN A 128\fB.\fP8\fB.\fP10\fB.\fP90
-\fB.\fP 604800 IN NS NS\fB.\fPNASA\fB.\fPGOV\fB.\fP
-NS\fB.\fPNASA\fB.\fPGOV\fB.\fP 604800 IN A 128\fB.\fP102\fB.\fP16\fB.\fP10
- 604800 IN A 192\fB.\fP52\fB.\fP195\fB.\fP10
-\fB.\fP 604800 IN NS NS\fB.\fPISC\fB.\fPORG\fB.\fP
-NS\fB.\fPISC\fB.\fPORG\fB.\fP 604800 IN A 192\fB.\fP5\fB.\fP5\fB.\fP241
-\fB.\fP 604800 IN NS NS\fB.\fPNIC\fB.\fPDDN\fB.\fPMIL\fB.\fP
-NS\fB.\fPNIC\fB.\fPDDN\fB.\fPMIL\fB.\fP 604800 IN A 192\fB.\fP112\fB.\fP36\fB.\fP4
-\fB.\fP 604800 IN NS AOS\fB.\fPARL\fB.\fPARMY\fB.\fPMIL\fB.\fP
-AOS\fB.\fPARL\fB.\fPARMY\fB.\fPMIL\fB.\fP 604800 IN A 128\fB.\fP63\fB.\fP4\fB.\fP82
- 604800 IN A 192\fB.\fP5\fB.\fP25\fB.\fP82
-\fB.\fP 604800 IN NS NIC\fB.\fPNORDU\fB.\fPNET\fB.\fP
-NIC\fB.\fPNORDU\fB.\fPNET\fB.\fP 604800 IN A 192\fB.\fP36\fB.\fP148\fB.\fP17
-.TE
-; End of File
-.)b
diff --git a/contrib/bind/doc/bog/setup.me b/contrib/bind/doc/bog/setup.me
deleted file mode 100644
index fff765748f9a8..0000000000000
--- a/contrib/bind/doc/bog/setup.me
+++ /dev/null
@@ -1,88 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)setup.me 6.4 (Berkeley) 9/19/89
-.\"
-.sh 1 "Setting up Your Own Domain"
-.pp
-When setting up a domain that is going to be on a public network the site
-administrator should contact the organization in charge of the network and
-request the appropriate domain registration form. An organization that
-belongs to multiple networks (such as the \fIInternet\fP and
-\fIBITNET\fP) should register with only one network.
-.sh 2 "Internet"
-.pp
-Sites on the Internet who need information on setting up a domain should
-contact the registrar for their network, which is one of the following:
-.TS
-l l.
-MILnet \s-1HOSTMASTER\s+1@\s-1NIC\s+1\fB\|.\|\fP\s-1DDN\s+1\fB\|.\|\fP\s-1MIL\s+1
-other \s-1HOSTMASTER\s+1@\s-1INTERNIC\s+1\fB\|.\|\fP\s-1NET\s+1
-.TE
-You may also want to be placed on the \s-1BIND\s+1 mailing list, which is a
-mail group for people on the Internet who run \s-1BIND\s+1. The group
-discusses future design decisions, operational problems, and other related
-topic. The address to request being placed on this mailing list is:
-.(b l
-\fIbind-request\|@\|uunet\fP\fB\|.\|\fP\fIuu\fP\fB\|.\|\fP\fInet\fP
-.)b
-.sh 2 "Subdomains of Existing Domains"
-.pp
-If you want a subdomain of some existing domain, you should find the contact
-point for the parent domain rather than asking one of the above top-level
-registrars. There should be a convention that \fBregistrar\fP@\fIdomain\fP
-or \fBhostmaster\fP@\fIdomain\fP for any given domain will always be an alias
-for that domain's registrar (somewhat analogous to \fBpostmaster\fP), but
-there is no such convention. Try it as a last resort, but first you should
-examine the \fISOA\fP record for the domain and send mail to the ``responsible
-person'' shown therein. You can also try \fIwhois\fP.
diff --git a/contrib/bind/doc/bog/types.me b/contrib/bind/doc/bog/types.me
deleted file mode 100644
index 9d14111214d3d..0000000000000
--- a/contrib/bind/doc/bog/types.me
+++ /dev/null
@@ -1,163 +0,0 @@
-.\" ++Copyright++ 1986, 1988, 1995
-.\" -
-.\" Copyright (c) 1986, 1988, 1995
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)types.me 6.3 (Berkeley) 9/19/89
-.\"
-.sh 1 "Types of Zones"
-.pp
-A ``zone'' is a point of delegation in the DNS tree. It contains all names
-from a certain point ``downward'' except those which are delegated to other
-zones. A ``delegation point'' has one or more \fINS\fP records in the
-``parent zone'', which should be matched by equivalent \fINS\fP records at
-the root of the ``delegated zone'' (i.e., the ``@'' name in the zone file).
-.pp
-Understanding the difference between a ``zone'' and a ``domain'' is crucial
-to the proper operation of a name server. As an example, consider the
-\s-1DEC.COM\s+1 \fIdomain\fP, which includes names such as
-\s-1POBOX1.PA.DEC.COM\s+1 and \s-1QUABBIN.CRL.DEC.COM\s+1 even though
-the \s-1DEC.COM\s+1 \fIzone\fP includes only \fIdelegations\fP for the
-\s-1PA.DEC.COM\s+1 and \s-1CRL.DEC.COM\s+1 zones. A zone can map exactly
-to a single domain, but could also include only part of a domain (the rest
-of which could be delegated to other name servers). Technically speaking,
-every name in the DNS tree is a ``domain'', even if it is ``terminal'', that
-is, has no ``subdomains''. Technically speaking, every subdomain is a domain
-and every domain except the root is also a subdomain. The terminology is not
-intuitive and you would do well to read RFC's 1033, 1034, and 1035 to gain a
-complete understanding of this difficult and subtle topic.
-.pp
-Though \s-1BIND\s+1 is a \fIDomain\fP Name Server, it deals primarily in terms
-of \fIzones\fP. The \fIprimary\fP and \fIsecondary\fP declarations in the
-\fInamed.boot\fP file specify \fIzones\fP, not \fIdomains\fP. When you ask
-someone if they are willing to be a secondary server for your ``domain'', you
-are actually asking for secondary service for some collection of \fIzones\fP.
-.pp
-Each zone will have one ``primary'' server, which loads the zone contents
-from some local file which is edited by humans or perhaps generated
-mechanically from some other local file which is edited by humans. Then
-there will be some number of ``secondary'' servers, which load the zone
-contents using the \s-1IP/DNS\s+1 protocol (that is, the secondary servers will
-contact the primary and fetch the zone using \s-1IP/TCP\s+1). This set of
-servers (the primary and all of the secondaries) should be listed in the
-\fINS\fP records in the parent zone, which will constitute a ``delegation''.
-This set of servers must also be listed in the zone file itself, usually
-under the ``@'' name which is a magic cookie that means the ``top level''
-or ``root'' of current zone. You can list servers in the zone's
-top-level ``@'' \fINS\fP records that are not in the parent's \fINS\fP
-delegation, but you cannot list servers in the parent's delegation that are
-not present in the zone's ``@''. Any servers listed in the \fINS\fP records
-must be configured as authoritative (either primary or secondary) for the
-zone. If a server listed in a \fINS\fP record is not authoritative, it
-will respond with a ``lame delegation'' when queried.
-.sh 1 "Types of Servers"
-.pp
-Servers do not really have ``types''. A server can be a primary for some
-zones and a secondary for others, or it can be only a primary, or only a
-secondary, or it can serve no zones and just answer queries via its ``cache''.
-Previous versions of this document referred to servers as ``master'' and
-``slave'' but we now feel that those distinctions \(em and the assignment of
-a ``type'' to a name server \(em are not useful.
-.sh 2 "Caching Only Server"
-.pp
-All servers are caching servers. This means that the server caches the
-information that it receives for use until the data expires. A \fICaching
-Only Server\fP is a server that is not authoritative for any zone. This
-server services queries and asks other servers, who have the authority, for
-the information needed. All servers keep data in their cache until the data
-expires, based on a \fITTL\fP (``Time To Live'') field which is maintained
-for all resource records.
-.sh 2 "Remote Server"
-.pp
-A Remote Server is an option given to people who would like to use
-a name server from their workstation or on a machine that has a limited
-amount of memory and CPU cycles.
-With this option you can run all of the networking programs that use
-the name server without the name server running on the local machine.
-All of the queries are serviced by a name server that is running on another
-machine on the network.
-A host which has an
-\fI/etc/resolv.conf\fP file listing only remote hosts, and which does not
-run a name server of its own, is sometimes called a Remote Server (because
-the actual server is remote?) but more
-often it is called simply a DNS Client.
-This kind of host is technically not a ``server'',
-since it has no cache and does not answer queries.
-.sh 2 "Slave Server"
-.pp
-A Slave Server is a server that always forwards queries it cannot
-satisfy from its cache, to a fixed list of \fIforwarding\fP servers
-instead of interacting
-with the name servers for the root and other domains.
-The queries to the \fIforwarding servers\fP are recursive queries.
-There may be one or more forwarding servers, and they are tried in turn
-until the list is exhausted.
-A Slave and forwarder configuration is typically used when you do not
-wish all the servers at a given site to interact with the rest
-of the Internet servers. A typical scenario would involve a number of
-workstations and a departmental timesharing machine with Internet
-access. The workstations might be
-administratively prohibited from having Internet access.
-To give the workstations the appearance of access to the Internet
-domain system, the workstations could be Slave servers to the timesharing
-machine which would forward the queries and interact with other
-name servers to resolve the query before returning the answer.
-An added benefit of using the forwarding feature is that the central
-machine develops a much more complete cache of information that
-all the workstations can take advantage of. The use of Slave mode
-and forwarding is discussed further under the description of
-the \fInamed\fP bootfile commands.
-.pp
-There is no prohibition against declaring a server to be a \fIslave\fP
-even though it has \fIprimary\fP and/or \fIsecondary\fP zones as well;
-the effect will still be that anything in the local server's cache or
-zones will be answered, and anything else will be forwarded using the
-\fIforwarders\fP list.
diff --git a/contrib/bind/doc/bog/ucbhosts b/contrib/bind/doc/bog/ucbhosts
deleted file mode 100644
index 2cb26355eb852..0000000000000
--- a/contrib/bind/doc/bog/ucbhosts
+++ /dev/null
@@ -1,118 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)ucbhosts 6.3 (Berkeley) 2/8/89
-.\"
-.\" .ne 48v
-.\" .bp
-.sh 3 "Hosts"
-.(b L
-;
-; @(#)ucb-hosts 1.2 (berkeley) 88/02/05
-;
-.TS
-l l l l l s.
-@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPmonet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
-.T&
-l l l l l.
- 1988020501 ; Serial
- 10800 ; Refresh
- 1800 ; Retry
- 3600000 ; Expire
- 259200 ) ; Minimum
-.T&
-l l l l s.
- IN NS ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
- IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-localhost IN A 127\fB.\fP1
- ; note that 127.1 is the same as 127.0.0.1; see inet(3n)
-ucbarpa IN A 128\fB.\fP32\fB.\fP4
- IN A 10\fB.\fP0\fB.\fP0\fB.\fP78
- IN HINFO VAX-11/780 UNIX
-arpa IN CNAME ucbarpa
-ernie IN A 128\fB.\fP32\fB.\fP6
- IN HINFO VAX-11/780 UNIX
-ucbernie IN CNAME ernie
-monet IN A 128\fB.\fP32\fB.\fP7
- IN A 128\fB.\fP32\fB.\fP130\fB.\fP6
- IN HINFO VAX-11/750 UNIX
-ucbmonet IN CNAME monet
-ucbvax IN A 10\fB.\fP2\fB.\fP0\fB.\fP78
- ; 128.32.10 means 128.32.0.10; see inet(3n)
- IN A 128\fB.\fP32\fB.\fP10
- ; HINFO and WKS are widely unused,
- ; but we'll show them as examples.
- IN HINFO VAX-11/750 UNIX
- IN WKS 128.32.0.10 TCP ( echo telnet
- discard sunrpc sftp
- uucp-path systat daytime
- netstat qotd nntp
- link chargen ftp
- auth time whhois mtp
- pop rje finger smtp
- supdup hostnames
- domain
- nameserver )
-vax IN CNAME ucbvax
-toybox IN A 128\fB.\fP32\fB.\fP131\fB.\fP119
- IN HINFO Pro350 RT11
-toybox IN MX 0 monet.Berkeley.Edu.
-csrg IN MX 0 Ralph.CS
- IN MX 0 Zhou.CS
- IN MX 0 Painter.CS
- IN MX 0 Riggle.CS
- IN MX 0 Terry.CS
- IN MX 0 Kevin.CS
-.TE
-.)b
-.\" .bp
diff --git a/contrib/bind/doc/bog/ucbhosts.rev b/contrib/bind/doc/bog/ucbhosts.rev
deleted file mode 100644
index 16207afefede6..0000000000000
--- a/contrib/bind/doc/bog/ucbhosts.rev
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" ++Copyright++ 1986, 1988
-.\" -
-.\" Copyright (c) 1986, 1988
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)ucbhosts.rev 6.3 (Berkeley) 9/19/89
-.\"
-.ne 22v
-.sh 3 "host.rev"
-.(b L
-
-;
-; @(#)ucb-hosts.rev 1.1 (Berkeley) 86/02/05
-;
-.TS
-l l l l l s.
-@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPmonet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP (
-.T&
-l l l l l.
- 1986020501 ; Serial
- 10800 ; Refresh
- 1800 ; Retry
- 3600000 ; Expire
- 259200 ) ; Minimum
-.T&
-l l l l s.
- IN NS ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
- IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-0\fB.\fP0 IN PTR Berkeley-net\fB.\fPBerkeley\fB.\fPEDU\fB.\fP
- IN A 255\fB.\fP255\fB.\fP255\fB.\fP0
-0\fB.\fP130 IN PTR csdiv-net\fB.\fPBerkeley\fB.\fPEDU\fB.\fP
-4\fB.\fP0 IN PTR ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-6\fB.\fP0 IN PTR ernie\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-7\fB.\fP0 IN PTR monet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-10\fB.\fP0 IN PTR ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-6\fB.\fP130 IN PTR monet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP
-.TE
-.)b
diff --git a/contrib/bind/doc/html/acl.html b/contrib/bind/doc/html/acl.html
deleted file mode 100644
index 57cf8690cb152..0000000000000
--- a/contrib/bind/doc/html/acl.html
+++ /dev/null
@@ -1,63 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND acl Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>acl</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-acl <VAR>name</VAR> {
- <VAR><A HREF="address_list.html">address_match_list</A></VAR>
-};
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The <CODE>acl</CODE> statement creates a named address match list.
-It gets its name from a primary use of address match lists: Access
-Control Lists (ACLs).</P>
-
-<P>Note that an address match list's name must be defined with
-<CODE>acl</CODE> before it can be used elsewhere; no forward
-references are allowed.</P>
-
-The following ACLs are built-in:
-
-<DL>
-<DT><CODE>any</CODE>
-<DD>
-Allows all hosts.
-
-<DT><CODE>none</CODE>
-<DD>
-Denies all hosts.
-
-<DT><CODE>localhost</CODE>
-<DD>
-Allows the IP addresses of all interfaces on the system.
-
-<DT><CODE>localnets</CODE>
-<DD>
-Allows any host on a network for which the system has an interface.
-</DL>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-|&nbsp;<A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: acl.html,v 1.5 1999/09/15 20:28:00 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html
deleted file mode 100644
index ec391383dfd66..0000000000000
--- a/contrib/bind/doc/html/address_list.html
+++ /dev/null
@@ -1,100 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Address Match Lists</TITLE>
-</HEAD>
-<BODY>
-
-<H2>BIND Configuration File Guide--Address Match Lists</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-<VAR>address_match_list</VAR> = 1*<VAR>address_match_element</VAR>
-
-<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">address_match_list</A></VAR> / <VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR><A HREF="docdef.html">"key" key_id</A></VAR>) ";"
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>Address match lists are primarily used to determine access control for
-various server operations. They are also used to define priorities
-for querying other nameservers and to set the addresses on which
-<CODE>named</CODE> will listen for queries.
-The elements which constitute an address match list can be any
-of the following:</P>
-
-<UL>
-<LI>an IP address (in dotted-decimal notation),</LI>
-
-<LI>an IP prefix (in the '/'-notation),</LI>
-
-<LI>a key ID, as defined by the
-<A HREF="key.html"><CODE>key</CODE></A> statement, or
-
-<LI>the name of an address match list previously defined with
-the <A HREF="acl.html"><CODE>acl</CODE></A> statment, or</LI>
-
-<LI>another <VAR>address_match_list</VAR></LI>
-</UL>
-
-<P>Elements can be negated with a leading exclamation mark ("!"), and
-the match list names "any", "none", "localhost" and "localnets" are
-predefined. More information on those names can be found in the
-description of the <A HREF="acl.html"><CODE>acl</CODE></A> statement.
-
-<P>The addition of the <CODE>key</CODE>
-clause made the name of this syntactic element something of a
-misnomer, since security keys can be used to validate access without
-regard to a host or network address. Nonetheless, the term "address
-match list" is still used throughout the documentation.</P>
-
-<P>When a given IP address or prefix is compared to an address match
-list, the list is traversed in order until an element matches. The
-interpretation of a match depends on whether the list is being used
-for access control, defining <CODE>listen-on</CODE> ports, or as a
-topology, and whether the element was negated.</P>
-
-<P>When used as an access control list, a non-negated match allows
-access and a negated match denies access. If there is no match,
-access is denied. The clauses <CODE>allow-query</CODE>,
-<CODE>allow-transfer</CODE>, <CODE>allow-update</CODE> and
-<CODE>blackhole</CODE> all use address match lists like this.
-Similarly, the <CODE>listen-on</CODE>
-option will cause the server to not accept queries on any of the
-machine's addresses which do not match the list.
-
-<P>When used with the <CODE>topology</CODE> clause, a non-negated
-match returns a distance based on its position on the list (the closer
-the match is to the start of the list, the shorter the distance is
-between it and the server). A negated match will be assigned the
-maximum distance from the server. If there is no match, the address
-will get a distance which is further than any non-negated list
-element, and closer than any negated element.</P>
-
-<P>Because of the first-match aspect of the algorithm, an element that
-defines a subset of another element in the list should come before the
-broader element, regardless of whether either is negated. For
-example, in <CODE>1.2.3/24;&nbsp;!&nbsp;1.2.3.13;</CODE> the 1.2.3.13
-element is completely useless, because the algorithm will match
-any lookup for 1.2.3.13 to the 1.2.3/24 element. Using
-<CODE>!&nbsp;1.2.3.13;&nbsp;1.2.3/24</CODE> fixes that problem by
-having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts
-fall through.
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: address_list.html,v 1.8 1999/09/15 20:28:00 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/comments.html b/contrib/bind/doc/html/comments.html
deleted file mode 100644
index a064c1ceb6011..0000000000000
--- a/contrib/bind/doc/html/comments.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Comment Syntax</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--Comment Syntax</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-/* This is a BIND comment as in C */
-
-// This is a BIND comment as in C++
-
-# This is a BIND comment as in common Unix shells and perl
-</PRE>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>Comments may appear anywhere that whitespace may appear in a BIND
-configuration file.</P>
-
-<P>C-style comments start with the two characters <CODE>/*</CODE>
-(slash, star) and end with <CODE>*/</CODE> (star, slash). Because
-they are completely delimited with these characters, they can be used
-to comment only a portion of a line or to span multiple lines.</P>
-
-<P>C-style comments cannot be nested. For example, the following is
-not valid because the entire comment ends with the first
-<CODE>*/</CODE>:
-
-<PRE>
-/* This is the start of a comment.
- This is still part of the comment.
-/* This is an incorrect attempt at nesting a comment. */
- This is no longer in any comment. */
-</PRE>
-
-
-<P>C++-style comments start with the two characters <CODE>//</CODE>
-(slash, slash) and continue to the end of the physical line. They
-cannot be continued across multiple physical lines; to have one
-logical comment span multiple lines, each line must use the
-<CODE>//</CODE> pair. For example:
-
-<PRE>
-// This is the start of a comment. The next line
-// is a new comment, even though it is logically
-// part of the previous comment.
-</PRE>
-
-<P>Shell-style (or perl-style, if you prefer) comments start with the
-character <CODE>#</CODE> (hash or pound or number or octothorpe or
-whatever) and continue to the end of the physical line, like C++
-comments.</P> For example:
-
-<PRE>
-# This is the start of a comment. The next line
-# is a new comment, even though it is logically
-# part of the previous comment.
-</PRE>
-
-<P><STRONG>WARNING:</STRONG> you cannot use the <CODE>;</CODE>
-(semicolon) character to start a comment such as you would in a zone
-file. The semicolon indicates the end of a configuration statement,
-so whatever follows it will be interpreted as the start of the next
-statement.</P>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-|&nbsp;<A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: comments.html,v 1.5 1999/09/15 20:28:00 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/config.html b/contrib/bind/doc/html/config.html
deleted file mode 100644
index 97f3a1b037791..0000000000000
--- a/contrib/bind/doc/html/config.html
+++ /dev/null
@@ -1,97 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Configuration File Guide</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide</H2>
-
-<HR>
-
-<H3>Overview</H3>
-
-<P>BIND 8 is much more configurable than previous release of BIND.
-There are entirely new areas of configuration, such as access control lists
-and categorized logging. Many options that previously applied to all zones
-can now be used selectively. These features, plus a consideration of future
-configuration needs led to the creation of a new configuration file format.
-
-<H3>The Configuration File</H3>
-
-<H4><A HREF="example.html">Example Configuration</A></H4>
-
-<H4>Statements</H4>
-
-<P>A BIND 8 configuration consists of statements and comments.
-Statements end with a semicolon. Many statements contain a block of
-substatements, which are also terminated with a semicolon.</P>
-
-<P>The following statements are supported:
-<DL>
-<DT><CODE><A HREF="acl.html">acl</A></CODE>
-<DD>
-defines a named IP address matching list, for access control and other uses
-
-<DT><CODE><A HREF="include.html">include</A></CODE>
-<DD>
-includes a file
-
-<DT><CODE><A HREF="key.html">key</A></CODE>
-<DD>
-specifies key information for use in authentication and authorization
-
-<DT><CODE><A HREF="logging.html">logging</A></CODE>
-<DD>
-specifies what the server logs, and where the log messages are sent
-
-<DT><CODE><A HREF="options.html">options</A></CODE>
-<DD>
-controls global server configuration options and sets defaults for other
-statements
-
-<DT><CODE><A HREF="controls.html">controls</A></CODE>
-<DD>
-declares control channels to be used by the <VAR>ndc</VAR> utility
-
-<DT><CODE><A HREF="server.html">server</A></CODE>
-<DD>
-sets certain configuration options on a per-server basis
-
-<DT><CODE><A HREF="trusted-keys.html">trusted-keys</A></CODE>
-<DD>
-defines DNSSEC keys that are preconfigured into the server and implicitly
-trusted
-
-<DT><CODE><A HREF="zone.html">zone</A></CODE>
-<DD>
-defines a zone
-</DL>
-
-<P>The <CODE>logging</CODE> and <CODE>options</CODE> statements may only
-occur once per configuration.
-
-<H4>Comments</H4>
-
-The BIND 8 <A HREF="comments.html">comment syntax</A> allows for
-comments to appear anywhere that whitespace may appear in a BIND
-configuration file. To appeal to programmers of all kinds, they can
-be written in C, C++, or shell/perl constructs.
-
-<H3>Converting from BIND 4.9.x</H3>
-
-<p>BIND 4.9.x configuration files can be converted to the new format by
-using <code>src/bin/named/named-bootconf</code>, a shell script that is part of
-the BIND 8.2.x source kits.
-
-<HR>
-
-<CENTER><P>[ <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-|&nbsp;<A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: config.html,v 1.10 1999/09/15 20:28:01 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/controls.html b/contrib/bind/doc/html/controls.html
deleted file mode 100644
index 92619264a7b18..0000000000000
--- a/contrib/bind/doc/html/controls.html
+++ /dev/null
@@ -1,70 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND controls Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>controls</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-controls {
- [ inet <VAR><A HREF="docdef.html">ip_addr</A></VAR>
- port <VAR><A HREF="docdef.html">ip_port</A></VAR>
- allow { <VAR><A HREF="address_list.html">address_match_list</A></VAR>; }; ]
- [ unix <VAR><A HREF="docdef.html">path_name</A></VAR>
- perm <VAR><A HREF="docdef.html">number</A></VAR>
- owner <VAR><A HREF="docdef.html">number</A></VAR>
- group <VAR><A HREF="docdef.html">number</A></VAR>; ]
-};
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The <CODE>controls</CODE> statement declares control channels
-to be used by system
-administrators to affect the operation of the local name server. These
-control channels are used by the <CODE>ndc</CODE> utility to send commands
-to and retrieve non-DNS results from a name server.</P>
-
-<P>A <CODE>unix</CODE> control channel is a FIFO in the file system,
-and access to it is
-controlled by normal file system permissions.
-It is created by <CODE>named</CODE> with the specified file mode bits (see
-the <CODE>chmod</CODE>(1) manual page), user and group owner.
-Note that, unlike <CODE>chmod</CODE>, the mode bits specified for
-<CODE>perm</CODE> will normally have a leading 0 so the number
-is interpreted as octal. Also note that the user and group
-ownership specified as <CODE>owner</CODE> and <CODE>group</CODE>
-must be given as numbers, not names.
-It is recommended that the
-permissions be restricted to administrative personnel only, or else any
-user on the system might be able to manage the local name server.</P>
-
-<P>An <CODE>inet</CODE> control channel is a TCP/IP socket accessible
-to the Internet, created at the specified <VAR>ip_port</VAR> on the
-specified <VAR>ip_addr</VAR>.
-Modern <VAR>telnet</VAR> clients are capable of speaking directly to these
-sockets, and the control protocol is ARPAnet-style text. It is recommended
-that 127.0.0.1 be the only <VAR>ip_addr</VAR> used, and this only if you
-trust all non-privileged users on the local host to manage your name
-server.</P>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: controls.html,v 1.4 1999/09/15 20:28:01 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/docdef.html b/contrib/bind/doc/html/docdef.html
deleted file mode 100644
index 0885c1f102cf1..0000000000000
--- a/contrib/bind/doc/html/docdef.html
+++ /dev/null
@@ -1,118 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Documentation Definitions</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--Documentation Definitions</H2>
-
-<HR>
-
-<H3>Syntactic Miscellany</H3>
-
-<P>Described below are elements used throughout the BIND configuration
-file documentation. Elements which are only associated with one
-statement are described only in the section describing that statement.
-
-<DL>
-<DT><VAR>acl_name</VAR>
-<DD>
-The name of an <A HREF="address_list.html">address match list</A>,
-as defined by the <A HREF="acl.html">acl</A> statement.
-
-<DT><VAR>address_match_list</VAR>
-<DD>
-A list of one or more <VAR>ip_address</VAR>, <VAR>ip_prefix</VAR>
-<VAR>key_id</VAR> or <VAR>acl_name</VAR> elements, as described in the
-<A HREF="address_list.html">Address Match Lists</A> section.
-
-<DT><VAR>dotted-decimal</VAR>
-<DD>
-One or more integers valued 0 through 255 separated only by dots
-(&quot;.&quot;), such as <CODE>123</CODE> or <CODE>45.67</CODE> or
-<CODE>89.123.45.67</CODE>.
-
-<DT><VAR>domain_name</VAR>
-<DD>
-A quoted string which will be used as a DNS name, for example
-<CODE>"my.test.domain"</CODE>.
-
-<DT><VAR>path_name</VAR>
-<DD>
-A quoted string which will be used as a pathname, such as
-<CODE>"zones/master/my.test.domain"</CODE>.
-
-<DT><VAR>ip_addr</VAR>
-<DD>
-An IP address in with exactly four elements in
-<VAR>dotted-decimal</VAR> notation.
-
-<DT><VAR>ip_port</VAR>
-<DD>
-An IP port <VAR>number</VAR>. <VAR>number</VAR> is limited to 0
-through 65535, with values below 1024 typically restricted to
-root-owned processes. In some cases an asterisk (``*'') character
-can be used as a placeholder to select a random high-numbered port.
-
-<DT><VAR>ip_prefix</VAR>
-<DD>
-An IP network specified in <VAR>dotted-decimal</VAR> form, followed by "/"
-and then the number of bits in the netmask. E.g. <CODE>127/8</CODE> is
-the network <CODE>127.0.0.0</CODE> with netmask <CODE>255.0.0.0</CODE>.
-<CODE>1.2.3.0/24</CODE> is network <CODE>1.2.3.0</CODE> with netmask
-<CODE>255.255.255.0</CODE>.
-
-<DT><VAR>key_id</VAR>
-<DD>
-A string representing the name of a shared key, to be used for transaction
-security.
-
-<DT><VAR>number</VAR>
-<DD>
-A non-negative integer with an entire range limited by the range of a
-C language signed integer (2,147,483,647 on a machine with 32 bit
-integers). Its acceptable value might further be limited by the
-context in which it is used.
-
-<DT><VAR>size_spec</VAR>
-<DD>
-A <VAR>number</VAR>, the word <CODE>unlimited</CODE>, or the word
-<CODE>default</CODE>.
-
-<P>The maximum value of <VAR>size_spec</VAR> is that of unsigned long
-integers on the machine. <CODE>unlimited</CODE> requests unlimited use, or
-the maximum available amount. <CODE>default</CODE> uses the limit that
-was in force when the server was started.</P>
-
-<P>A <VAR>number</VAR> can optionally be followed by a scaling factor:
-<CODE>K</CODE> or <CODE>k</CODE> for kilobytes, <CODE>M</CODE> or
-<CODE>m</CODE> for megabytes, and <CODE>G</CODE> or <CODE>g</CODE> for
-gigabytes, which scale by 1024, 1024*1024, and 1024*1024*1024
-respectively.
-
-<P>Integer storage overflow is currently silently ignored during
-conversion of scaled values, resulting in values less than intended,
-possibly even negative. Using <CODE>unlimited</CODE> is the best way
-to safely set a really large number.</P>
-
-<DT><VAR>yes_or_no</VAR>
-<DD>
-Either <CODE>yes</CODE> or <CODE>no</CODE>. The words
-<CODE>true</CODE> and <CODE>false</CODE> are also accepted, as are the
-numbers <CODE>1</CODE> and <CODE>0</CODE>.
-
-</DL>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: docdef.html,v 1.8 1999/09/15 20:28:01 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/example.html b/contrib/bind/doc/html/example.html
deleted file mode 100644
index a147828a25f0e..0000000000000
--- a/contrib/bind/doc/html/example.html
+++ /dev/null
@@ -1,65 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Configuration File Guide -- Example Config File</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide -- Example Config File</H2>
-
-<HR>
-
-<PRE>
-
-/*
- * A simple BIND 8 configuration
- */
-
-logging {
- category lame-servers { null; };
- category cname { null; };
-};
-
-options {
- directory "/var/named";
-};
-
-controls {
- inet * port 52 allow { localnets; }; // a BAD idea
- unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default
-};
-
-zone "isc.org" in {
- type master;
- file "master/isc.org";
-};
-
-zone "vix.com" in {
- type slave;
- file "slave/vix.com";
- masters { 10.0.0.53; };
-};
-
-zone "." in {
- type hint;
- file "named.cache";
-};
-
-zone "0.0.127.in-addr.arpa" in {
- type master;
- notify no;
- file "master/127.0.0";
-};
-</PRE>
-
-<HR>
-
-<CENTER><P>[ <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-|&nbsp;<A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: example.html,v 1.5 1999/09/15 20:28:01 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/include.html b/contrib/bind/doc/html/include.html
deleted file mode 100644
index 421d97b58ea7e..0000000000000
--- a/contrib/bind/doc/html/include.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND include Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>include</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-include <VAR><A HREF="docdef.html">path_name</A></VAR>;
-</PRE>
-
-<HR>
-
-<A Name="#Usage"><H3>Definition and Usage</H3></A>
-
-<P>The <CODE>include</CODE> statement inserts the specified file at
-the point that the <CODE>include</CODE> statement is encountered. It
-cannot be used within another statement, though, so a line such as
-<PRE>
-acl internal_hosts { include &quot;internal_hosts.acl&quot;; };
-</PRE>
-is not allowed.</P>
-
-<P>Use <CODE>include</CODE> to break the configuration up into
-easily-managed chunks. For example:
-
-<PRE>
-include &quot;/etc/security/keys.bind&quot;;
-include &quot;/etc/acls.bind&quot;;
-</PRE>
-
-<P>could be used at the top of a BIND configuration file in order to
-include any ACL or key information.</P>
-
-<P>Be careful not to type
-&quot;<CODE>#include</CODE>&quot;, like you would in a C
-program, because &quot;<CODE>#</CODE>&quot; is used to start a
-comment.</P>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: include.html,v 1.7 1999/09/15 20:28:01 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/index.html b/contrib/bind/doc/html/index.html
deleted file mode 100644
index f19464b23ff9d..0000000000000
--- a/contrib/bind/doc/html/index.html
+++ /dev/null
@@ -1,65 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND Version 8 Online Documentation</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Version 8 Online Documentation</H2>
-
-<H3>BIND 8 Highlights</H3>
-
-<UL>
-<LI>DNS Dynamic Updates
-(<A HREF=http://ds.internic.net/rfc/rfc2136.txt>RFC 2136</A>)</LI>
-<LI>DNS Change Notification
-(<A HREF=http://ds.internic.net/rfc/rfc1996.txt>RFC 1996</A>)</LI>
-<LI>Completely new configuration syntax</LI>
-<LI>Flexible, categorized logging system</LI>
-<LI>IP-address-based access control for queries, zone transfers, and
-updates that may be specified on a zone-by-zone basis</LI>
-<LI>More efficient zone transfers</LI>
-<LI>Improved performance for servers with thousands of zones</LI>
-<LI>The server no longer forks for outbound zone transfers</LI>
-<LI>Many bug fixes</LI>
-</UL>
-
-<H3><A HREF="config.html">Configuration File Guide</A></H3>
-
-<H3><A HREF="master.html">Master File Format</A></H3>
-
-<H3>Kits</H3>
-<UL>
-<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/cur">
-The latest production release</A></LI>
-<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/testing">
-The latest public test release</A></LI>
-</UL>
-
-<H3>Bug Reports and Comments</H3>
-<P>Send bug reports to
-<A HREF="mailto:bind-bugs@isc.org">bind-bugs@isc.org</A>.
-
-<H3>DNS Related Newsgroups</H3>
-<UL>
-<LI><A HREF="news:comp.protocols.dns.bind">Using BIND</A></LI>
-<LI><A HREF="news:comp.protocols.dns.ops">DNS Operations</A></LI>
-<LI><A HREF="news:comp.protocols.dns.std">DNS Standards</A></LI>
-</UL>
-
-<H3><A HREF="http://www.isc.org/">The Internet Software Consortium</A></H3>
-
-BIND is supported by the Internet Software Consortium, and
-although it is free for use and redistribution and incorporation into
-vendor products and export and anything else you can think of, it
-costs money to produce. That money comes from ISPs, hardware and
-software vendors, companies who make extensive use of the software,
-and generally kind hearted folk such as yourself.
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: index.html,v 1.5 1998/11/24 01:44:43 marka Exp $
-</ADDRESS>
-
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/key.html b/contrib/bind/doc/html/key.html
deleted file mode 100644
index bf2e3d1592a3d..0000000000000
--- a/contrib/bind/doc/html/key.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND key Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>key</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-key <VAR>key_id</VAR> {
- algorithm <VAR>algorithm_id</VAR>;
- secret <VAR>secret_string</VAR>;
-};
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The <CODE>key</CODE> statement defines a key ID which can be used
-in a <A HREF="server.html"><CODE>server</CODE></A> statement to
-associate an authentication method with a particular name server.
-
-<P>A key ID must be created with the <CODE>key</CODE>
-statement before it can be used in a <CODE>server</CODE>
-definition or an address match list.</P>
-
-<P>The <VAR>algorithm_id</VAR> is a string that specifies a
-security/authentication algorithm. The only supported
-algorithm is "hmac-md5".
-
-<P><VAR>secret_string</VAR> is the secret to be used by the algorithm,
-and is treated as a base-64 encoded string. This may be generated
-using dnskeygen or another utility or created manually.
-
-<P>The <CODE>key</CODE> statement is intended for use in transaction
-security. Unless included in a <A HREF="server.html"><CODE>server</CODE></A>
-statement, it is not used to sign any requests. It is used to verify
-requests matching the <VAR>key_id</VAR> and <VAR>algorithm_id</VAR>,
-and sign replies to those requests.
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: key.html,v 1.10 1999/09/15 20:28:02 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/logging.html b/contrib/bind/doc/html/logging.html
deleted file mode 100644
index 10e2168b5c0f2..0000000000000
--- a/contrib/bind/doc/html/logging.html
+++ /dev/null
@@ -1,369 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND logging Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide -- <CODE>logging</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-logging {
- [ channel <VAR>channel_name</VAR> {
- ( file <VAR><A HREF="docdef.html">path_name</A></VAR>
- [ versions ( <VAR>number</VAR> | unlimited ) ]
- [ size <VAR><A HREF="docdef.html">size_spec</A></VAR> ]
- | syslog ( kern | user | mail | daemon | auth | syslog | lpr |
- news | uucp | cron | authpriv | ftp |
- local0 | local1 | local2 | local3 |
- local4 | local5 | local6 | local7 )
- | null );
-
- [ severity ( critical | error | warning | notice |
- info | debug [ <VAR>level</VAR> ] | dynamic ); ]
- [ print-category <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ print-severity <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ print-time <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- }; ]
-
- [ category <VAR>category_name</VAR> {
- <VAR>channel_name</VAR>; [ <VAR>channel_name</VAR>; ... ]
- }; ]
- ...
-};
-</PRE>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The <CODE>logging</CODE> statement configures a wide variety of
-logging options for the nameserver. Its <CODE>channel</CODE> phrase
-associates output methods, format options and severity levels with
-a name that can then be used with the <CODE>category</CODE> phrase to
-select how various classes of messages are logged.</P>
-
-<P>Only one <CODE>logging</CODE> statement is used to define as many
-channels and categories as are wanted. If there are multiple logging
-statements in a configuration, the first defined determines the logging,
-and warnings are issued for the others. If there is no logging statement,
-the logging configuration will be:</P>
-
-<PRE>
- logging {
- category default { default_syslog; default_debug; };
- category panic { default_syslog; default_stderr; };
- category packet { default_debug; };
- category eventlib { default_debug; };
- };
-</PRE>
-
-The logging configuration is established as soon as the
-<CODE>logging</CODE> statement is parsed. If you want to redirect
-messages about processing of the entire configuration file, the
-<CODE>logging</CODE>statement must appear first. Even if you do not
-redirect configuration file parsing messages, we recommend
-always putting the <CODE>logging</CODE> statement first so that this
-rule need not be consciously recalled if you ever do need want the
-parser's messages relocated.
-
-<H4>The <CODE>channel</CODE> phrase</H4>
-
-<P>All log output goes to one or more "channels"; you can make as many
-of them as you want.</P>
-
-<P>Every channel definition must include a clause that says whether
-messages selected for the channel go to a file, to a particular syslog
-facility, or are discarded. It can optionally also limit the message
-severity level that will be accepted by the channel (default is
-"info"), and whether to include a <CODE>named</CODE>-generated time
-stamp, the category name and/or severity level (default is not to
-include any).</P>
-
-<P>The word <CODE>null</CODE> as the destination option for the
-channel will cause all messages sent to it to be discarded; other
-options for the channel are meaningless.</P>
-
-<P>The <CODE>file</CODE> clause can include limitations both on how
-large the file is allowed to become, and how many versions of the file
-will be saved each time the file is opened.
-
-<P>The <CODE>size</CODE> option for files is simply a hard ceiling on
-log growth. If the file ever exceeds the size,
-<CODE>named</CODE> will just not write anything more to it until the
-file is reopened; exceeding the size does not automatically trigger a
-reopen. The default behavior is to not limit the size of the file.</P>
-
-<P>If you use the <CODE>version</CODE> logfile option,
-<CODE>named</CODE> will retain that many backup versions of the file
-by renaming them when opening. For example, if you choose to keep 3
-old versions of the file "lamers.log" then just before it is opened
-lamers.log.1 is renamed to lames.log.2, lamers.log.0 is renamed to
-lamers.log.1, and lamers.log is renamed to lamers.log.0. No rolled
-versions are kept by default; any existing log file is simply
-appended. The <CODE>unlimited</CODE> keyword is synonymous with
-<CODE>99</CODE> in current BIND releases.</P>
-
-<P>Example usage of the size and versions options:
-
-<PRE>
- channel an_example_level {
- file "lamers.log" versions 3 size 20m;
- print-time yes;
- print-category yes;
- };
-</PRE>
-
-<P>The argument for the <CODE>syslog</CODE> clause is a syslog
-facility as described in the <CODE>syslog</CODE> manual page. How
-<CODE>syslogd</CODE> will handle messages sent to this facility is
-described in the <CODE>syslog.conf</CODE> manual page. If you have a
-system which uses a very old version of <CODE>syslog</CODE> that only
-uses two arguments to the <CODE>openlog()</CODE> function, this
-clause is silently ignored.</P>
-
-<P>The <CODE>severity</CODE> clause works like <CODE>syslog</CODE>'s
-"priorities", except that they can also be used if you are writing
-straight to a file rather than using <CODE>syslog</CODE>. Messages
-which are not at least of the severity level given will not be
-selected for the channel; messages of higher severity levels will be
-accepted.</P>
-
-<P>If you are using <CODE>syslog</CODE>, the
-<CODE>syslog.conf</CODE> priorities will also determine what
-eventually passes through. For example, defining a channel facility
-and severity as <CODE>daemon</CODE> and <CODE>debug</CODE> but only
-logging <CODE>daemon.warning</CODE> via <CODE>syslog.conf</CODE> will
-cause messages of severity <CODE>info</CODE> and <CODE>notice</CODE>
-to be dropped. If the situation were reversed, with
-<CODE>named</CODE> writing messages of only <CODE>warning</CODE> or
-higher, <CODE>syslogd</CODE> would print all messages it received
-from the channel.</P>
-
-<P>The server can supply extensive debugging information when it is in
-debugging mode. If the server's global debug level is greater than
-zero, debugging mode will be active. The global debug level is
-set either by starting the <CODE>named</CODE> server with the "-d"
-flag followed by a positive integer, or by sending the running server the
-SIGUSR1 signal (for example, by using "ndc trace"). The global debug
-level can be set to zero, and debugging mode turned off, by sending
-the server the SIGUSR2 signal ("ndc notrace"). All debugging messages
-in the server have a debug level, and higher debug levels give more
-more detailed output.
-Channels that specify a specific debug severity, e.g.
-
-<PRE>
- channel specific_debug_level {
- file "foo";
- severity debug 3;
- };
-</PRE>
-
-<P>will get debugging output of level 3 or less any time the
-server is in debugging mode, regardless of the global debugging level.
-Channels with <code>dynamic</code> severity use the server's global
-level to determine what messages to print.
-
-<P>If <CODE>print-time</CODE> has been turned on, the date and
-time will be logged. <CODE>print-time</CODE> may be specified for a
-syslog channel, but is usually pointless since syslog also prints the
-date and time. If <CODE>print-category</CODE> is requested,
-then the category of the message will be logged as well. Finally, if
-<CODE>print-severity</CODE> is on, the severity level of the
-message will be logged. The <CODE>print-</CODE> options may be used
-in any combination, and will always be printed in the following order:
-time, category, severity. Here is an example where all three
-<CODE>print-</CODE> options are on:
-
-<PRE>
- 28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries.
-</PRE>
-
-<P>There are four predefined channels that are used for
-<CODE>named</CODE>'s default logging as follows. How they are used
-used is described in the next section, The <CODE>category</CODE> phrase.
-
-<PRE>
- channel default_syslog {
- syslog daemon; # send to syslog's daemon facility
- severity info; # only send priority info and higher
- };
-
- channel default_debug {
- file "named.run"; # write to named.run in the working directory
- # Note: stderr is used instead of "named.run"
- # if the server is started with the "-f" option.
- severity dynamic; # log at the server's current debug level
- };
-
- channel default_stderr { # writes to stderr
- file "&lt;stderr&gt;"; # this is illustrative only; there's currently
- # no way of specifying an internal file
- # descriptor in the configuration language.
- severity info; # only send priority info and higher
- };
-
- channel null {
- null; # toss anything sent to this channel
- };
-</PRE>
-
-<P>Once a channel is defined, it cannot be redefined. Thus you cannot
-alter the built-in channels directly, but you can modify the default
-logging by pointing categories at channels you have defined.</P>
-
-<H4>The <CODE>category</CODE> phrase</H4>
-
-<P>There are many categories, so you can send the logs you want to see
-wherever you want, without seeing logs you don't want. If you don't specify
-a list of channels for a category, log messages in that category will
-be sent to the <CODE>default</CODE> category instead. If you don't specify
-a default category, the following "default default" is used:
-
-<PRE>
- category default { default_syslog; default_debug; };
-</PRE>
-
-<P>As an example, let's say you want to log security events to a file,
-but you also want keep the default logging behavior. You'd specify the
-following:
-
-<PRE>
- channel my_security_channel {
- file "my_security_file";
- severity info;
- };
- category security { my_security_channel; default_syslog; default_debug; };
-</PRE>
-
-<P>To discard all messages in a category, specify the
-<CODE>null</CODE> channel:
-
-<PRE>
- category lame-servers { null; };
- category cname { null; };
-</PRE>
-
-<P>The following
-categories are available:</P>
-
-<DL>
-<DT><CODE>default</CODE>
-<DD>
-The catch-all. Many things still aren't classified into categories,
-and they all end up here. Also, if you don't specify any channels for
-a category, the default category is used instead. If you do not
-define the default category, the following definition is used:
-<CODE>category default { default_syslog; default_debug; };</CODE>
-
-<DT><CODE>config</CODE>
-<DD>
-High-level configuration file processing.
-
-<DT><CODE>parser</CODE>
-<DD>
-Low-level configuration file processing.
-
-<DT><CODE>queries</CODE>
-<DD>
-A short log message is generated for every query the server receives.
-
-<DT><CODE>lame-servers</CODE>
-<DD>
-Messages like "Lame server on ..."
-
-<DT><CODE>statistics</CODE>
-<DD>
-Statistics.
-
-<DT><CODE>panic</CODE>
-<DD>
-If the server has to shut itself down due to an internal problem, it
-will log the problem in this category as well as in the problem's native
-category. If you do not define the panic category, the following definition
-is used: <CODE>category panic { default_syslog; default_stderr; };</CODE>
-
-<DT><CODE>update</CODE>
-<DD>
-Dynamic updates.
-
-<DT><CODE>ncache</CODE>
-<DD>
-Negative caching.
-
-<DT><CODE>xfer-in</CODE>
-<DD>
-Zone transfers the server is receiving.
-
-<DT><CODE>xfer-out</CODE>
-<DD>
-Zone transfers the server is sending.
-
-<DT><CODE>db</CODE>
-<DD>
-All database operations.
-
-<DT><CODE>eventlib</CODE>
-<DD>
-Debugging info from the event system. Only one channel may be specified for
-this category, and it must be a file channel. If you do not define the
-eventlib category, the following definition is used: <CODE>category eventlib
-{ default_debug; };</CODE>
-
-<DT><CODE>packet</CODE>
-<DD>
-Dumps of packets received and sent. Only one channel may be specified for
-this category, and it must be a file channel. If you do not define the
-packet category, the following definition is used: <CODE>category packet
-{ default_debug; };</CODE>
-
-<DT><CODE>notify</CODE>
-<DD>
-The NOTIFY protocol.
-
-<DT><CODE>cname</CODE>
-<DD>
-Messages like "... points to a CNAME".
-
-<DT><CODE>security</CODE>
-<DD>
-Approved/unapproved requests.
-
-<DT><CODE>os</CODE>
-<DD>
-Operating system problems.
-
-<DT><CODE>insist</CODE>
-<DD>
-Internal consistency check failures.
-
-<DT><CODE>maintenance</CODE>
-<DD>
-Periodic maintenance events.
-
-<DT><CODE>load</CODE>
-<DD>
-Zone loading messages.
-
-<DT><CODE>response-checks</CODE>
-<DD>
-Messages arising from response checking, such as
-"Malformed response ...", "wrong ans. name ...",
-"unrelated additional info ...", "invalid RR type ...", and "bad referral ...".
-
-</DL>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: logging.html,v 1.12 1999/09/30 17:58:35 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/master.html b/contrib/bind/doc/html/master.html
deleted file mode 100644
index ff4ba0a20a60f..0000000000000
--- a/contrib/bind/doc/html/master.html
+++ /dev/null
@@ -1,166 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>Master File Format</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration Guide -- Master File Format</H2>
-
-<HR>
-
-<P>
-The Master File Format was initially defined in
-<A HREF=http://ds.internic.net/rfc/rfc1035.txt>RFC 1035</A>
-and has subsequently been extended.
-<P>
-While the Master File Format is class independent all records in a
-Master File must be of the same class.
-
-<H3>Master File Directives</H3>
-<H4>$ORIGIN</H4>
-Syntax: <CODE>$ORIGIN &lt;domain-name&gt; [&lt;comment&gt;]</CODE>
-<P>
-<CODE>$ORIGIN</CODE> set the domain name that will be appended to any
-unqualified records.
-When a zone is first read in there is an implict <CODE>$ORIGIN</CODE>
-&lt;zone-name&gt;.
-The current <CODE>$ORIGIN</CODE> is appended to the domain specified in the
-<CODE>$ORIGIN</CODE> argument if it is not absolute.
-
-<PRE>
-$ORIGIN EXAMPLE.
-$ORIGIN MYZONE
-WWW CNAME MAIN-SERVER
-</PRE>
-is equivlent to
-<PRE>
-WWW.MYZONE.EXAMPLE. CNAME MAIN-SERVER.MYZONE.EXAMPLE.
-</PRE>
-
-<H4>$INCLUDE</H4>
-Syntax: <CODE>$INCLUDE &lt;filename&gt; [&lt;origin&gt;] [&lt;comment&gt;]</CODE>
-<P>
-Read and process the file filename as if it was included into the file at this
-point.  If origin is specified the file is processed with <CODE>$ORIGIN</CODE>
-set to that value otherwise the current <CODE>$ORIGIN</CODE> is used.
-<I>NOTE: The behaviour when &lt;origin&gt; is specified differs from that
-described in
-<A HREF=http://ds.internic.net/rfc/rfc1035.txt>RFC 1035</A>.</I>
-<P>
-The origin and current domain revert to the values they were prior to the
-<CODE>$INCLUDE</CODE> once the file has been read.
-<H4>$TTL</H4>
-Syntax: <CODE>$TTL &lt;default-ttl&gt; [&lt;comment&gt;]</CODE>
-<P>
-Set the default Time To Live (TTL) for subsequent records with undefined
-TTL's. Valid TTL's are of the range 0-2147483647.
-<P>
-<CODE>$TTL</CODE> is defined in
-<A HREF=http://ds.internic.net/rfc/rfc2308.txt>RFC 2308</A>.
-<H3>BIND Master File Extentions</H3>
-<H4>$GENERATE</H4>
-Syntax: <CODE>$GENERATE &lt;range&gt; &lt;lhs&gt; &lt;type&gt; &lt;rhs&gt;
-[&lt;comment&gt;]</CODE>
-<P>
-<CODE>$GENERATE</CODE> is used to create a series of resource records
-that only differ from each other by an iterator. <CODE>$GENERATE</CODE>
-can be used to easily generate the sets of records required to support
-sub /24 reverse delegations described in
-<A HREF=http://ds.internic.net/rfc/rfc2317.txt>RFC 2317: Classless IN-ADDR.ARPA delegation</A>.
-
-<PRE>
-$ORIGIN 0.0.192.IN-ADDR.ARPA.
-$GENERATE 1-2 0 NS SERVER$.EXAMPLE.
-$GENERATE 1-127 $ CNAME $.0
-</PRE>
-is equivalent to
-<PRE>
-0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
-0.0.0.192.IN-ADDR.ARPA NS SERVER2.EXAMPLE.
-1.0.0.192.IN-ADDR.ARPA CNAME 1.0.0.0.192.IN-ADDR.ARPA.
-2.0.0.192.IN-ADDR.ARPA CNAME 2.0.0.0.192.IN-ADDR.ARPA.
-...
-127.0.0.192.IN-ADDR.ARPA CNAME 127.0.0.0.192.IN-ADDR.ARPA.
-</PRE>
-<DL>
-<DT>range</DT>
-<DD>
-This can be one of two forms:
-<I>start</I>-<I>stop</I>
-or
-<I>start</I>-<I>stop</I>/<I>step</I>. If the first form is
-used then step is set to 1. All of start, stop and step must be positive.
-<DT>lhs</DT>
-<DD>
-Lhs describes the owner name of the resource records to be created.
-Any single $ symbols within the LHS side are replaced by the iterator value.
-To get a $ in the output use \$. If the lhs is not absolute
-the current $ORIGIN is appended to the name, when appropriate.
-You can also apply an offset to the iterator by using ${offset} where
-offset is a decimal value to add to the iterator.
-And you can also change the format of the iterator by using a printf
-like string. The format is ${offset,width,radix} where offset is as before
-(use 0 for no change), width is the minimum field width (always zero padded)
-radix is one of d, o, x, or X to change the radix to decimal, octal, hex, or hex
-with capital letters.
-The default is ${0,1,d}.
-For example: ${16,3} will add 16 to the iterator and be replaced by
-a 3 digit decimal representation. ${0,2,x} will be replaced by a 2 digit
-hex representation. To get a { character inserted into the text
-immediately after the iterator, use $\{.
-<DT>type</DT>
-<DD>
-At present the only supported types are A, AAAA, PTR, CNAME and NS.
-<DT>rhs</DT>
-<DD>
-Rhs is the data. It is processed similarly to the lhs.
-<DD>
-</DL>
-<H2>Resource Records</H2>
-Syntax: <CODE>{&lt;domain&gt;|@|&lt;blank&gt;}
-[&lt;ttl&gt;] [&lt;class&gt;] &lt;type&gt; &lt;rdata&gt;
-[&lt;comment&gt;]</CODE>
-<P>
-All resource records have the same basic syntax.
-<DL>
-<DT><CODE>domain</CODE></DT>
-<DD>
-Specify the domain name for this record. If it is not absolute the
-current <CODE>$ORIGIN</CODE> is appended.
-<DT><CODE>@</CODE></DT>
-<DD>
-Use the current <CODE>$ORIGIN</CODE> for the domain name for this record.
-<DT><CODE>blank</CODE></DT>
-<DD>
-Use the last specified domainname.
-<DT><CODE>ttl</CODE></DT>
-<DD>
-This specifies how long this record will be cached by caching servers.
-The valid range is 0-2147483647.
-<DT><CODE>class</CODE></DT>
-<DD>
-Specify the class of this record. This is usually redundent as the
-class of a zone is specfied in the configuration file prior to reading
-the zone file.
-<DT><CODE>type</CODE></DT>
-<DD>
-Specify the type of this record. This describes the contents of the rdata
-section.
-<DT><CODE>rdata</CODE></DT>
-<DD>
-This is the value of the resource record.
-</DL>
-<H2>Time Values: Alternate Specification format (BIND Enhancement)</H2>
-<P>
-Many time values within the MASTER file may be specified in multiples
-of weeks, days, hours, minutes and seconds rather than just seconds.
-<P>
-The format for this is <CODE>#w#d#h#m#s</CODE>. To specify 1 week you would
-use <CODE>1w</CODE> or two weeks and 1 hour <CODE>2w1h</CODE>.
-<P>
-This format applies to TTL values, and SOA REFRESH, RETRY, EXPIRE and MINIMUM
-values.
-</P>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/options.html b/contrib/bind/doc/html/options.html
deleted file mode 100644
index e3e09efdb3729..0000000000000
--- a/contrib/bind/doc/html/options.html
+++ /dev/null
@@ -1,814 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND options Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide -- <CODE>options</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-options {
- [ version <VAR>version_string</VAR>; ]
- [ directory <VAR>path_name</VAR>; ]
- [ named-xfer <VAR>path_name</VAR>; ]
- [ dump-file <VAR>path_name</VAR>; ]
- [ memstatistics-file <VAR>path_name</VAR>; ]
- [ pid-file <VAR>path_name</VAR>; ]
- [ statistics-file <VAR>path_name</VAR>; ]
- [ auth-nxdomain <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ deallocate-on-exit <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ fake-iquery <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ fetch-glue <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ has-old-clients <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ host-statistics <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ multiple-cnames <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ recursion <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ rfc2308-type1 <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ use-id-pool <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ treat-cr-as-space <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ... ] };
- [ forward ( only | first ); ]
- [ forwarders { [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; ... ] ] }; ]
- [ check-names ( master | slave | response ) ( warn | fail | ignore); ]
- [ allow-query { <VAR>address_match_list</VAR> }; ]
- [ allow-transfer { <VAR>address_match_list</VAR> }; ]
- [ allow-recursion { <VAR>address_match_list</VAR> }; ]
- [ blackhole { <VAR>address_match_list</VAR> }; ]
- [ listen-on [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR>address_match_list</VAR> }; ]
- [ query-source [ address ( <VAR><A HREF="docdef.html">ip_addr</A></VAR> | * ) ] [ port ( <VAR><A HREF="docdef.html">ip_port</A></VAR> | * ) ] ; ]
- [ lame-ttl <VAR>number</VAR>; ]
- [ max-transfer-time-in <VAR>number</VAR>; ]
- [ max-ncache-ttl <VAR>number</VAR>; ]
- [ min-roots <VAR>number</VAR>; ]
- [ serial-queries <VAR>number</VAR>; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ transfers-in <VAR>number</VAR>; ]
- [ transfers-out <VAR>number</VAR>; ]
- [ transfers-per-ns <VAR>number</VAR>; ]
- [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ]
- [ maintain-ixfr-base <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ max-ixfr-log-size <VAR>number</VAR>; ]
- [ coresize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ datasize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ files <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ stacksize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ]
- [ cleaning-interval <VAR>number</VAR>; ]
- [ heartbeat-interval <VAR>number</VAR>; ]
- [ interface-interval <VAR>number</VAR>; ]
- [ statistics-interval <VAR>number</VAR>; ]
- [ <A HREF="#topology">topology</A> { <VAR>address_match_list</VAR> }; ]
- [ <A HREF="#sortlist">sortlist</A> { <VAR>address_match_list</VAR> }; ]
- [ rrset-order { <VAR>order_spec</VAR> ; [ <VAR>order_spec</VAR> ; ... ] ] };
-};
-</PRE>
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The options statement sets up global options to be used by
-BIND. This statement may appear at only once in a
-configuration file; if more than one occurrence is found, the
-first occurrence determines the actual options used,
-and a warning will be generated. If there is no options statement,
-an options block with each option set to its default will be used.</P>
-
-<H4>Pathnames</H4>
-
-<DL>
-<DT><CODE>version</CODE>
-<DD>
-The version the server should report via the <VAR>ndc</VAR> command
-or via a query of name <CODE>version.bind</CODE> in class <I>chaos</I>.
-The default is the real version number of the server, but some server
-operators prefer the string <CODE>"surely you must be joking"</CODE>.
-
-<DT><CODE>directory</CODE>
-<DD>
-The working directory of the server. Any non-absolute
-pathnames in the configuration file will be taken as relative to this
-directory. The default location for most server output files
-(e.g. "named.run") is this directory. If a directory is not
-specified, the working directory defaults to ".", the directory from which the
-server was started. The directory specified should be an absolute path.
-
-<DT><CODE>named-xfer</CODE>
-<DD>
-The pathname to the named-xfer program that the server uses for
-inbound zone transfers. If not specified, the default is
-system dependent (e.g. "/usr/sbin/named-xfer").
-
-<DT><CODE>dump-file</CODE>
-<DD>
-The pathname of the file the server dumps the database to when it
-receives <CODE>SIGINT</CODE> signal (<CODE>ndc dumpdb</CODE>). If not
-specified, the default is "named_dump.db".
-
-<DT><CODE>memstatistics-file</CODE>
-<DD>
-The pathname of the file the server writes memory usage statistics to, on exit,
-if <CODE>deallocate-on-exit</CODE> is <CODE>yes</CODE>. If not
-specified, the default is "named.memstats".
-
-<DT><CODE>pid-file</CODE>
-<DD>
-The pathname of the file the server writes its process ID in. If not
-specified, the default is operating system dependent, but is usually
-"/var/run/named.pid" or "/etc/named.pid". The pid-file is used by
-programs like "ndc" that want to send signals to the running
-nameserver.
-
-<DT><CODE>statistics-file</CODE>
-<DD>
-The pathname of the file the server appends statistics to when it
-receives <CODE>SIGILL</CODE> signal (<CODE>ndc stats</CODE>). If not
-specified, the default is "named.stats".
-</DL>
-
-<A name="BooleanOptions"><H4>Boolean Options</H4></A>
-
-<DL>
-<DT><CODE>auth-nxdomain</CODE>
-<DD>
-If <CODE>yes</CODE>, the <CODE>AA</CODE> bit is always set on
-NXDOMAIN responses, even if the server is not actually authoritative.
-The default is <CODE>yes</CODE>. Do not turn off
-<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
-doing, as some older software won't like it.
-
-<DT><CODE>deallocate-on-exit</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will painstakingly deallocate every object it
-it allocated, when it exits, and then write a memory usage report to
-the <CODE>memstatistics-file</CODE>. The default is <CODE>no</CODE>, because
-it is faster to let the operating system clean up.
-<CODE>deallocate-on-exit</CODE> is handy for detecting memory leaks.
-
-<DT><CODE>dialup</CODE>
-<DD>
-If <CODE>yes</CODE>, the server treats all zones as if they are
-doing zone transfers across a dial on demand dialup link, which can
-be brought up by traffic originating from this server. This has
-different effects according to zone type and concentrates the zone
-maintenance so that it all happens in a short interval, once every
-<CODE>heartbeat-interval</CODE> and hopefully during the one call.
-It also suppresses some of the normal zone maintainance traffic.
-The default is <CODE>no</CODE>. The <CODE>dialup</CODE>
-option may also be specified in the <CODE>zone</CODE> statement, in which
-case it overrides the <CODE>options dialup</CODE> statement.
-
-<P>
-If the zone is a <CODE>master</CODE> zone, the server will send out
-NOTIFY request to all the slaves. This will trigger the "zone up to
-date checking" in the slave (providing it supports NOTIFY), allowing
-the <CODE>slave</CODE> to verify the zone while the call us up.
-
-<P>
-If the zone is a <CODE>slave</CODE> or <CODE>stub</CODE> zone, the server
-will suppress the regular "zone up to date" queries and only perform
-them when the <CODE>heartbeat-interval</CODE> expires.
-
-<DT><CODE>fake-iquery</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will simulate the obsolete DNS query type
-IQUERY. The default is <CODE>no</CODE>.
-
-<DT><CODE>fetch-glue</CODE>
-<DD>
-If <CODE>yes</CODE> (the default), the server will fetch "glue" resource
-records it doesn't have when constructing the additional data section of
-a response. <CODE>fetch-glue no</CODE> can be used in conjunction with
-<CODE>recursion no</CODE> to prevent the server's cache from growing or
-becoming corrupted (at the cost of requiring more work from the client).
-
-<DT><CODE>has-old-clients</CODE>
-<DD>
-Setting the option to <CODE>yes</CODE> is equivalent to setting the follow
-three options <CODE>auth-nxdomain yes;</CODE>, <CODE>maintain-ixfr-base
-yes;</CODE> and <CODE>rfc2308-type1 no;</CODE>.
-The use of <CODE>has-old-clients</CODE> with <CODE>auth-nxdomain</CODE>,
-<CODE>maintain-ixfr-base</CODE> and <CODE>rfc2308-type1</CODE> is order
-dependant.
-
-<DT><CODE>host-statistics</CODE>
-<DD>
-If <CODE>yes</CODE>, statistics are kept for every host that the
-the nameserver interacts with. The default is <CODE>no</CODE>. <I>Note:</I>
-turning on <CODE>host-statistics</CODE> can consume huge amounts of memory.
-
-<DT><CODE>maintain-ixfr-base</CODE>
-<DD>
-If <CODE>yes</CODE>, a transaction log is kept for
-Incremental Zone Transfer. The default is <CODE>no</CODE>.
-
-<DT><CODE>multiple-cnames</CODE>
-<DD>
-If <CODE>yes</CODE>, multiple CNAME resource records will be
-allowed for a domain name. The default is <CODE>no</CODE>. Allowing
-multiple CNAME records is against standards and is not recommended.
-Multiple CNAME support is available because previous versions of BIND
-allowed multiple CNAME records, and these records have been used for load
-balancing by a number of sites.
-
-<DT><CODE>notify</CODE>
-<DD>
-If <CODE>yes</CODE> (the default), DNS NOTIFY messages are sent when a
-zone the server is authoritative for changes. The use of NOTIFY
-speeds convergence between the master and its slaves. Slave servers
-that receive a NOTIFY message, and understand it, will contact the
-master server for the zone to see if they need to do a zone transfer. If
-they do, they will initiate it immediately. The <CODE>notify</CODE>
-option may also be specified in the <CODE>zone</CODE> statement, in which
-case it overrides the <CODE>options notify</CODE> statement.
-
-<DT><CODE>recursion</CODE>
-<DD>
-If <CODE>yes</CODE>, and a DNS query requests recursion, the
-server will attempt to do all the work required to answer the query.
-If recursion is not on, the server will return a referral to the
-client if it doesn't know the answer. The default is <CODE>yes</CODE>.
-See also <CODE>fetch-glue</CODE> above.
-
-<DT><CODE>rfc2308-type1</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will send NS records along with the SOA
-record for negative answers.
-You need to set this to <CODE>no</CODE> if you have an old BIND
-server using you as a forwarder that does not understand negative answers
-which contain both SOA and NS records or you have an old version of sendmail.
-The correct fix is to upgrade the broken server or sendmail.
-The default is <CODE>no</CODE>.
-
-<DT><CODE>use-id-pool</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will keep track of its own outstanding
-query ID's to avoid duplication and increase randomness. This will result
-in 128KB more memory being consumed by the server.
-The default is <CODE>no</CODE>.
-
-<DT><CODE>treat-cr-as-space</CODE>
-<DD>
-If <CODE>yes</CODE>, the server will treat '\r' characters the same way it
-treats a ' ' or '\t'. This may be necessary when loading zone files on a
-UNIX system that were generated on an NT or DOS machine. The default is <CODE>no</CODE>.
-
-</DL>
-
-<A NAME="Also-notify"><H4>Also-Notify</H4></A>
-
-<DT><CODE>also-notify</CODE>
-<P>
-Defines a global list of IP addresses that also get sent NOTIFY messages
-whenever a fresh copy of the zone is loaded. This helps to ensure that
-copies of the zones will quickly converge on ``stealth'' servers.
-If an <CODE>also-notify</CODE> list is given in a <CODE>zone</CODE>
-statement, it will override the <CODE>options also-notify</CODE> statement.
-When a <CODE>zone notify</CODE> statement is set to <CODE>no</CODE>,
-the IP addresses in the global <CODE>also-notify</CODE> list will not get
-sent NOTIFY messages for that zone.
-The default is the empty list (no global notification list).
-
-<A NAME="Forwarding"><H4>Forwarding</H4></A>
-
-<P>The forwarding facility can be used to create a large site-wide
-cache on a few servers, reducing traffic over links to external
-nameservers. It can also be used to allow queries by servers that do
-not have direct access to the Internet, but wish to look up exterior
-names anyway. Forwarding occurs only on those queries for which the
-server is not authoritative and does not have the answer in its cache.
-
-<DL>
-<DT><CODE>forward</CODE>
-<DD>
-This option is only meaningful if the <CODE>forwarders</CODE> list is
-not empty. A value of <CODE>first</CODE>, the default, causes the
-server to query the forwarders first, and if that doesn't answer the
-question the server will then look for the answer itself. If
-<CODE>only</CODE> is specified, the server will only query the
-forwarders.
-
-<DT><CODE>forwarders</CODE>
-<DD>
-Specifies the IP addresses to be used for forwarding. The default is the
-empty list (no forwarding).
-</DL>
-
-<P>Forwarding can also be configured on a per-zone basis, allowing for
-the global forwarding options to be overridden in a variety of ways.
-You can set particular zones to use different forwarders, or have
-different <CODE>forward only/first</CODE> behavior, or to not forward
-at all. See the <A HREF="zone.html"><CODE>zone</CODE></A> statement
-for more information.
-
-<P>Future versions of BIND 8 will provide a more powerful forwarding
-system. The syntax described above will continue to be supported.
-
-<a name="NameChecking"><H4>Name Checking</H4></a>
-
-<P>The server can check domain names based upon their expected client contexts.
-For example, a domain name used as a hostname can be checked for compliance
-with the RFCs defining valid hostnames.
-
-<P>Three checking methods are available:
-
-<DL>
-<DT><CODE>ignore</CODE>
-<DD>
-No checking is done.
-
-<DT><CODE>warn</CODE>
-<DD>
-Names are checked against their expected client contexts. Invalid names are
-logged, but processing continues normally.
-
-<DT><CODE>fail</CODE>
-<DD>
-Names are checked against their expected client contexts. Invalid names are
-logged, and the offending data is rejected.
-</DL>
-
-<P>The server can check names three areas: master zone files, slave
-zone files, and in responses to queries the server has initiated. If
-<CODE>check-names response fail</CODE> has been specified, and
-answering the client's question would require sending an invalid name
-to the client, the server will send a REFUSED response code to the
-client.
-
-<P>The defaults are:
-
-<PRE>
- check-names master fail;
- check-names slave warn;
- check-names response ignore;
-</PRE>
-
-<P><CODE>check-names</CODE> may also be specified in the
-<A HREF="zone.html"><CODE>zone</CODE></A>
-statement, in which case it overrides the <CODE>options check-names</CODE>
-statement. When used in a <CODE>zone</CODE> statement, the area is not
-specified (because it can be deduced from the zone type).
-
-<A name="AccessControl"><H4>Access Control</H4></A>
-
-<P>Access to the server can be restricted based on the IP address of the
-requesting system. See
-<VAR><A HREF="address_list.html">address_match_list</A></VAR> for details
-on how to specify IP address lists.
-
-<DL>
-<DT><CODE>allow-query</CODE>
-<DD>
-Specifies which hosts are allowed to ask ordinary questions.
-<CODE>allow-query</CODE> may also be specified in the
-<CODE>zone</CODE> statement, in which case it overrides the
-<CODE>options allow-query</CODE> statement. If not specified, the default is
-to allow queries from all hosts.
-
-<DT><CODE>allow-transfer</CODE>
-<DD>
-Specifies which hosts are allowed to receive zone transfers from the
-server. <CODE>allow-transfer</CODE> may also be specified in the
-<CODE>zone</CODE> statement, in which case it overrides the
-<CODE>options allow-transfer</CODE> statement. If not specified, the default
-is to allow transfers from all hosts.
-
-<DT><CODE>allow-recursion</CODE>
-<DD>
-Specifies which hosts are allowed to make recursive queries through this
-server. If not specified, the default is to allow recursive queries from
-all hosts.
-
-<DT><CODE>blackhole</CODE>
-<DD>
-Specifies a list of addresses that the server will not accept queries from
-or use to resolve a query. Queries from these addresses will not be
-responded to.
-</DL>
-
-<H4>Interfaces</H4>
-
-<P>The interfaces and ports that the server will answer queries from may
-be specified using the <CODE>listen-on</CODE> option. <CODE>listen-on</CODE>
-takes an optional port, and an
-<VAR><A HREF="address_list.html">address_match_list</A></VAR>. The server will
-listen on all interfaces allowed by the address match list. If a port is
-not specified, port 53 will be used.
-
-<P>Multiple <CODE>listen-on</CODE> statements are allowed. For example,
-
-<PRE>
- listen-on { 5.6.7.8; };
- listen-on port 1234 { !1.2.3.4; 1.2/16; };
-</PRE>
-
-will enable the nameserver on port 53 for the IP address 5.6.7.8, and
-on port 1234 of an address on the machine in net 1.2 that is not
-1.2.3.4.
-
-<P>If no <CODE>listen-on</CODE> is specified, the server will listen on port
-53 on all interfaces.
-
-<H4>Query Address</H4>
-
-<P>If the server doesn't know the answer to a question, it will query
-other nameservers. <CODE>query-source</CODE> specifies the address
-and port used for such queries. If <CODE>address</CODE> is
-<CODE>*</CODE> or is omitted, a wildcard IP address
-(<CODE>INADDR_ANY</CODE>) will be used. If <CODE>port</CODE> is
-<CODE>*</CODE> or is omitted, a random unprivileged port will be used.
-The default is
-
-<PRE>
- query-source address * port *;
-</PRE>
-
-<P>Note: <CODE>query-source</CODE> currently applies only to UDP queries;
-TCP queries always use a wildcard IP address and a random unprivileged
-port.
-
-<A name="ZoneTransfers"><H4>Zone Transfers</H4></A>
-
-<DL>
-<DT><CODE>max-transfer-time-in</CODE>
-<DD>
-Inbound zone transfers (<CODE>named-xfer</CODE> processes) running
-longer than this many minutes will be terminated. The default is 120
-minutes (2 hours).
-
-<DT><CODE>transfer-format</CODE>
-<DD>
-The server supports two zone transfer methods.
-<CODE>one-answer</CODE> uses one DNS message per resource record
-transferred. <CODE>many-answers</CODE> packs as many resource records
-as possible into a message. <CODE>many-answers</CODE> is more
-efficient, but is only known to be understood by BIND 8.1+ and patched
-versions of BIND 4.9.5. The default is <CODE>one-answer</CODE>.
-<CODE>transfer-format</CODE> may be
-overridden on a per-server basis by using the <CODE>server</CODE> statement.
-
-<DT><CODE>transfers-in</CODE>
-<DD>
-The maximum number of inbound zone transfers that can be running
-concurrently. The default value is 10. Increasing
-<CODE>transfers-in</CODE> may speed up the convergence of slave zones,
-but it also may increase the load on the local system.
-
-<DT><CODE>transfers-out</CODE>
-<DD>
-This option will be used in the future to limit the number of
-concurrent outbound zone transfers. It is checked for syntax, but is
-otherwise ignored.
-
-<DT><CODE>transfers-per-ns</CODE>
-<DD>
-The maximum number of inbound zone transfers (<CODE>named-xfer</CODE>
-processes) that can be concurrently transferring from a given remote
-nameserver. The default value is 2. Increasing
-<CODE>transfers-per-ns</CODE> may speed up the convergence of slave
-zones, but it also may increase the load on the remote nameserver.
-<CODE>transfers-per-ns</CODE> may be overridden on a per-server basis
-by using the <CODE>transfers</CODE> phrase of the <CODE>server</CODE>
-statement.
-
-<DT><CODE>transfer-source</CODE>
-<DD>
-<CODE>transfer-source</CODE> determines which local address will be bound
-to the TCP connection used to fetch all zones transferred inbound by the
-server. If not set, it defaults to a system controlled value which will
-usually be the address of the interface ``closest to'' the remote end.
-This address must appear in the remote end's <CODE>allow-transfer</CODE>
-option for the zone being transferred, if one is specified. This statement
-sets the <CODE>transfer-source</CODE> for all zones, but can be overridden
-on a per-zone basis by including a <CODE>transfer-source</CODE> statement
-within the zone block in the configuration file.
-
-<DT><CODE>serial-queries</CODE>
-<DD>
-Slave servers will periodically query master servers to find out if zone
-serial numbers have changed. Each such query uses a minute amount of the
-slave server's network bandwidth, but more importantly each query uses a
-small amount of <I>memory</I> in the slave server while waiting for the
-master server to respond. The <CODE>serial-queries</CODE> option sets the
-maximum number of concurrent serial-number queries allowed to be outstanding
-at any given time. The default is four (4).
-<B>Note:</B>
-If a server loads a large (tens or hundreds of thousands) number of slave
-zones, this limit should be raised to the high hundreds or low
-thousands -- otherwise the slave server may never actually become aware of
-zone changes in the master servers. Beware, though, that setting this limit
-arbitrarily high can spend a considerable amount of your slave server's
-network, CPU, and memory resources. As with all tunable limits, this one
-should be changed gently and monitored for its effects.
-</DL>
-
-<H4>Resource Limits</H4>
-
-<P>The server's usage of many system resources can be limited. Some
-operating systems don't support some of the limits. On such systems,
-a warning will be issued if the unsupported limit is used. Some
-operating systems don't support limiting resources, and on these systems
-a <CODE>cannot set resource limits on this system</CODE> message will
-be logged.
-
-<P>Scaled values are allowed when specifying resource limits. For
-example, <CODE>1G</CODE> can be used instead of
-<CODE>1073741824</CODE> to specify a limit of one gigabyte.
-<CODE>unlimited</CODE> requests unlimited use, or the maximum
-available amount. <CODE>default</CODE> uses the limit that was in
-force when the server was started. See
-<VAR><A HREF="docdef.html">size_spec</A></VAR> for more details.
-
-<DL>
-<DT><CODE>coresize</CODE>
-<DD>
-The maximum size of a core dump. The default is <CODE>default</CODE>.
-
-<DT><CODE>datasize</CODE>
-<DD>
-The maximum amount of data memory the server may use. The default is
-<CODE>default</CODE>.
-
-<DT><CODE>files</CODE>
-<DD>
-The maximum number of files the server may have open concurrently.
-The default is <CODE>unlimited</CODE>. <I>Note:</I> on some operating
-systems the server cannot set an unlimited value and cannot determine
-the maximum number of open files the kernel can support. On such
-systems, choosing <CODE>unlimited</CODE> will cause the server to use
-the larger of the <CODE>rlim_max</CODE> for <CODE>RLIMIT_NOFILE</CODE>
-and the value returned by <CODE>sysconf(_SC_OPEN_MAX)</CODE>. If the
-actual kernel limit is larger than this value, use <CODE>limit
-files</CODE> to specify the limit explicitly.
-
-<DT><CODE>max-ixfr-log-size</CODE>
-<DD>
-The <CODE>max-ixfr-log-size</CODE> will be used in a future release of
-the server to limit the size of the
-transaction log kept for Incremental Zone Transfer.
-
-<DT><CODE>stacksize</CODE>
-<DD>
-The maximum amount of stack memory the server may use. The default is
-<CODE>default</CODE>.
-</DL>
-
-<H4>Periodic Task Intervals</H4>
-
-<DL>
-<DT><CODE>cleaning-interval</CODE>
-<DD>
-The server will remove expired resource records from the cache every
-<CODE>cleaning-interval</CODE> minutes. The default is 60 minutes. If set
-to 0, no periodic cleaning will occur.
-
-<DT><CODE>heartbeat-interval</CODE>
-<DD>
-The server will perform zone maintenance tasks for all zones marked
-<CODE>dialup yes</CODE> whenever this interval expires.
-The default is 60 minutes. Reasonable values are up to 1 day (1440 minutes).
-If set to 0, no zone maintenance for these zones will occur.
-<DT><CODE>interface-interval</CODE>
-<DD>
-The server will scan the network interface list every
-<CODE>interface-interval</CODE> minutes. The default is 60 minutes.
-If set to 0, interface scanning will only occur when the configuration
-file is loaded. After the scan, listeners will be started on any new
-interfaces (provided they are allowed by the <CODE>listen-on</CODE>
-configuration). Listeners on interfaces that have gone away will be
-cleaned up.
-
-<DT><CODE>statistics-interval</CODE>
-<DD>
-Nameserver statistics will be logged every <CODE>statistics-interval</CODE>
-minutes. The default is 60. If set to 0, no statistics will be logged.
-</DL>
-
-<H4><A NAME="topology">Topology</A></H4>
-
-<P>All other things being equal, when the server chooses a nameserver
-to query from a list of nameservers, it prefers the one that is
-topologically closest to itself. The <CODE>topology</CODE> statement
-takes an <VAR><A HREF="address_list.html">address_match_list</A></VAR>
-and interprets it in a special way. Each top-level list element is
-assigned a distance. Non-negated elements get a distance based on
-their position in the list, where the closer the match is to the start
-of the list, the shorter the distance is between it and the server. A
-negated match will be assigned the maximum distance from the server.
-If there is no match, the address will get a distance which is further
-than any non-negated list element, and closer than any negated
-element. For example,
-
-<PRE>
- topology {
- 10/8;
- !1.2.3/24;
- { 1.2/16; 3/8; };
- };
-</PRE>
-
-<P>will prefer servers on network 10 the most, followed by hosts on
-network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception
-of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least
-of all.
-
-<P>The default topology is
-
-<PRE>
- topology { localhost; localnets; };
-</PRE>
-
-<H4><A NAME="sortlist">Resource Record sorting</A></H4>
-
-<P>
-When returning multiple RRs,
-the nameserver will normally return them in
-<B>Round Robin</B>,
-i.e. after each request, the first RR is put to the end of the list.
-As the order of RRs is not defined, this should not cause any problems.
-</P>
-<P>
-The client resolver code should re-arrange the RRs as appropriate,
-i.e. using any addresses on the local net in preference to other addresses.
-However, not all resolvers can do this, or are not correctly configured.
-</P>
-<P>
-When a client is using a local server, the sorting can be performed in the
-server, based on the client's address.
-This only requires configuring the nameservers, not all the clients.
-</P>
-<P>
-The sortlist statement takes an address match list and interprets it even
-more specially than the <A HREF="#topology">topology</A> statement does.
-</P>
-<P>
-Each top level statement in the sortlist must itself be an explicit
-address match list with one or two elements. The first element
-(which may be an IP address, an IP prefix, an ACL name or nested
-address match list) of each top level list is checked against the
-source address of the query until a match is found.
-</P>
-<P>
-Once the source address of the query has been matched, if the top level
-statement contains only one element, the actual primitive element that
-matched the source address is used to select the address in the response
-to move to the beginning of the response. If the statement is a list
-of two elements, the second element is treated like the address
-match list in a topology statement. Each top level element is assigned
-a distance and the address in the response with the minimum distance is
-moved to the beginning of the response.
-</P>
-<P>
-In the following example, any queries received from any of the addresses
-of the host itself will get responses preferring addresses on any of
-the locally connected networks. Next most preferred are addresses on
-the 192.168.1/24 network, and after that either the 192.168.2/24 or
-192.168.3/24 network with no preference shown between these two networks.
-Queries received from a host on the 192.168.1/24 network will prefer
-other addresses on that network to the 192.168.2/24 and 192.168.3/24
-networks. Queries received from a host on the 192.168.4/24 or the
-192.168.5/24 network will only prefer other addresses on their
-directly connected networks.
-<PRE>
-sortlist {
- { localhost; // IF the local host
- { localnets; // THEN first fit on the
- 192.168.1/24; // following nets
- { 192,168.2/24; 192.168.3/24; }; }; };
- { 192.168.1/24; // IF on class C 192.168.1
- { 192.168.1/24; // THEN use .1, or .2 or .3
- { 192.168.2/24; 192.168.3/24; }; }; };
- { 192.168.2/24; // IF on class C 192.168.2
- { 192.168.2/24; // THEN use .2, or .1 or .3
- { 192.168.1/24; 192.168.3/24; }; }; };
- { 192.168.3/24; // IF on class C 192.168.3
- { 192.168.3/24; // THEN use .3, or .1 or .2
- { 192.168.1/24; 192.168.2/24; }; }; };
- { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
- };
-};
-</PRE>
-The following example will give reasonable behaviour for the local host
-and hosts on directly connected networks. It is similar to the behavior
-of the address sort in BIND 4.9.x. Responses sent to queries from the
-local host will favor any of the directly connected networks. Responses
-sent to queries from any other hosts on a directly connected network will
-prefer addresses on that same network. Responses to other queries will
-not be sorted.
-<PRE>
-sortlist {
- { localhost; localnets; };
- { localnets; };
-};
-</PRE>
-<!--
- * XXX - it would be nice to have an ACL called "source" that matched the
- * source address of a query so that a host could be configured to
- * automatically prefer itself, and an ACL called "sourcenet", that
- * would return the primitive IP match element that matched the source
- * address so that you could do:
- * { localnets; { sourcenet; { other stuff ...}; };
- * and automatically get similar behaviour to what you get with:
- * { localnets; };
--->
-</P>
-
-<a name="RrsetOrder">
-<H4>RRset Ordering</H4>
-
-<P>When multiple records are returned in an answer it may be useful to
-configure the order the records are placed into the response. For example the
-records for a zone might be configured to always be returned in the order they
-are defined in the zone file. Or perhaps a <i>random</i> shuffle of the
-records as they are returned is wanted. The <var>rrset-order</var> statement
-permits configuration of the ordering made of the records in a multiple record
-response. The default, if no ordering is defined, is a cyclic ordering (round
-robin).
-
-<P>An <var>order_spec</var> is defined as follows:
-
-<PRE>
- [ <var>class</var> class_name ][ <var>type</var> type_name ][ <var>name</var> "FQDN" ] <var>order</var> ordering
-</PRE>
-
-<P>If no <var>class</var> is specified, the default is <code>ANY</code>. If no
-<var>type</var> is specified, the default is <code>ANY</code>. If no
-<var>name</var> is specified, the default is <code>"*"</code>.
-
-<P>The legal values for <code>ordering</code> are:
-
-<DL>
-<DT><code>fixed</code>
-<DD>Records are returned in the order they are defined in the zone file.
-
-<DT><code>random</code>
-<DD>Records are returned in some random order.
-
-<DT><code>cyclic</code>
-<DD>Records are returned in a round-robin order.
-
-</DL>
-
-
-<P>For example:
-
-<PRE>
- rrset-order {
- class IN type A name "rc.vix.com" order random;
- order cyclic;
- };
-</PRE>
-
-<P>will cause any responses for type <VAR>A</VAR> records in class
-<VAR>IN</VAR> that have "rc.vix.com" as a suffix, to always be returned in
-random order. All other records are returned in cyclic order.
-
-<P>If multiple <code>rrset-order</code> statements appear, they are not
-combined--the last one applies.
-
-<P>If no <code>rrset-order</code> statement is specified, a default one
-of:
-
-<pre>
- rrset-order { class ANY type ANY name "*" order cyclic ; };
-</pre>
-
-<P>is used.
-
-<H4>Tuning</H4>
-
-<DL>
-<DT><CODE>lame-ttl</CODE>
-<DD>
-Sets the number of seconds to cache a lame server indication.
-0 disables caching. Default is 600 (10 minutes). Maximum value is 1800 (30 minutes).
-<DT><CODE>max-ncache-ttl</CODE>
-<DD>
-To reduce network traffic and increase performance the server stores negative
-answers. <CODE>max-ncache-ttl</CODE> is used to set a maximum retention time
-for these answers in the server is seconds. The default <CODE>max-ncache-ttl</CODE> is
-10800 seconds (3 hours). <CODE>max-ncache-ttl</CODE> cannot exceed the
-maximum retention time for ordinary (positive) answers (7 days) and will be
-silently truncated to 7 days if set to a value which is greater that 7 days.
-<DT><CODE>min-roots</CODE>
-<DD>
-The minimum number of root servers that is required for a
-request for the root servers to be accepted. Default 2.
-</DL>
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: options.html,v 1.36 1999/10/13 20:57:05 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html
deleted file mode 100644
index eba350ba3f366..0000000000000
--- a/contrib/bind/doc/html/server.html
+++ /dev/null
@@ -1,69 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND server Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>server</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-server <VAR><A HREF="docdef.html">ip_addr</A></VAR> {
- [ bogus <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ support-ixfr <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ transfers <VAR><A HREF="docdef.html">number</A></VAR>; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ keys { <VAR><A HREF="key.html">key_id</A></VAR> [<VAR>key_id</VAR> ... ] }; ]
-};
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<P>The server statement defines the characteristics to be
-associated with a remote name server.</P>
-
-<P>If you discover that a server is giving out bad data, marking it as
-<CODE>bogus</CODE> will prevent further queries to it. The default value of
-<CODE>bogus</CODE> is <CODE>no</CODE>.
-
-<P>The server supports two zone transfer methods. The first,
-<CODE>one-answer</CODE>, uses one DNS message per resource record
-transferred. <CODE>many-answers</CODE> packs as many resource records
-as possible into a message. <CODE>many-answers</CODE> is more
-efficient, but is only known to be understood by BIND 8.1 and patched
-versions of BIND 4.9.5. You can specify which method to use for a
-server with the <CODE>transfer-format</CODE> option. If
-<CODE>transfer-format</CODE> is not specified, the <CODE>transfer-format</CODE>
-specified by the <CODE>options</CODE> statement will be used.
-
-<P>The <CODE>transfers</CODE> will be used in a future release of the server
-to limit the number of concurrent in-bound zone transfers from the specified
-server. It is checked for syntax but is otherwise ignored.
-
-<P>The <CODE>keys</CODE> clause is used to identify a
-<VAR>key_id</VAR> defined by the <CODE>key</CODE> statement, to be
-used for transaction security when talking to the remote server.
-The <CODE>key</CODE> statememnt must come before the <CODE>server</CODE>
-statement that references it. When a request is sent to the remote server,
-a request signature will be generated using the key specified here and
-appended to the message. A request originating from the remote server is not
-required to be signed by this key.
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-|&nbsp;<A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: server.html,v 1.10 1999/09/15 20:28:02 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/trusted-keys.html b/contrib/bind/doc/html/trusted-keys.html
deleted file mode 100644
index acf2beda8c75e..0000000000000
--- a/contrib/bind/doc/html/trusted-keys.html
+++ /dev/null
@@ -1,58 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND trusted-keys Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>trusted-keys</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-trusted-keys {
- [ <VAR><A HREF="docdef.html">domain_name</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
-};
-
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-The <CODE>trusted-keys</CODE>
-statement is for use with DNSSEC-style security, originally specified
-in RFC 2065. DNSSEC is meant to
-provide three distinct services: key distribution, data origin
-authentication, and transaction and request authentication. A
-complete description of DNSSEC and its use is beyond the scope of this
-document, and readers interested in more information should start with
-<A HREF="http://info.internet.isi.edu/in-notes/rfc/files/rfc2065.txt">
-RFC 2065</A> and then continue with the
-<A HREF="http://www.ietf.org/ids.by.wg/dnssec.html">
-Internet Drafts</A>.</P>
-
-<P>Each trusted key is associated with a domain name. Its attributes are
-the non-negative integral <VAR>flags</VAR>, <VAR>protocol</VAR>, and
-<VAR>algorithm</VAR>, as well as a base-64 encoded string representing
-the key.</P>
-
-A trusted key is added when a public key for a non-authoritative zone is
-known, but cannot be securely obtained through DNS. This occurs when
-a signed zone is a child of an unsigned zone. Adding the trusted
-key here allows data signed by that zone to be considered secure.</P>
-
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: trusted-keys.html,v 1.4 1999/09/15 20:28:02 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/html/zone.html b/contrib/bind/doc/html/zone.html
deleted file mode 100644
index 8d90a45ee875b..0000000000000
--- a/contrib/bind/doc/html/zone.html
+++ /dev/null
@@ -1,244 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
-<HTML>
-<HEAD>
- <TITLE>BIND zone Statement</TITLE>
-</HEAD>
-
-<BODY>
-<H2>BIND Configuration File Guide--<CODE>zone</CODE> Statement</H2>
-
-<HR>
-
-<A NAME="Syntax"><H3>Syntax</H3></A>
-
-<PRE>
-zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] {
- type master;
- file <VAR><A HREF="docdef.html">path_name</A></VAR>;
- [ forward ( only | first ); ]
- [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
- [ check-names ( warn | fail | ignore ); ]
- [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
- [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
- [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
-};
-
-zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] {
- type ( slave | stub );
- [ file <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
- [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ]
- masters [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
- [ forward ( only | first ); ]
- [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
- [ check-names ( warn | fail | ignore ); ]
- [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ]
- [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ]
- [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ max-transfer-time-in <VAR>number</VAR>; ]
- [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ]
- [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] };
- [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ]
-};
-
-zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] {
- type forward;
- [ forward ( only | first ); ]
- [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ]
- [ check-names ( warn | fail | ignore ); ]
-};
-
-zone "." [ ( in | hs | hesiod | chaos ) ] {
- type hint;
- file <VAR><A HREF="docdef.html">path_name</A></VAR>;
- [ check-names ( warn | fail | ignore ); ]
-};
-</PRE>
-
-<HR>
-
-<A NAME="Usage"><H3>Definition and Usage</H3></A>
-
-<H4>Zone Types</H4>
-
-<DL>
-<DT><CODE>master</CODE>
-<DD>
-The server has a master copy of the data for the zone and will be able
-to provide authoritative answers for it.
-
-
-<DT><CODE>slave</CODE>
-<DD>
-A <CODE>slave</CODE> zone is a replica of a master zone. The
-<CODE>masters</CODE> list specifies one or more IP addresses that the
-slave contacts to update its copy of the zone. If a <CODE>port</CODE>
-is specified then checks to see if the zone is current and zone transfers
-will be done to the port given. If <CODE>file</CODE>
-is specified, the replica will be written to this file whenever
-the zone is changed, and reloaded from this file on a server restart.
-Use of
-<CODE>file</CODE> is recommended, since it often speeds server startup
-and eliminates a needless waste of bandwidth. Note that for large numbers
-(in the tens or hundreds of thousands) of zones per server, it is best to
-use a two level naming scheme for zone file names. For example, a slave
-server for the zone <CODE>vix.com</CODE> might place the zone contents into
-a file called <CODE>"vi/vix.com"</CODE> where <CODE>vi/</CODE> is just the
-first two letters of the zone name. (Most operating systems behave very
-slowly if you put 100K files into a single directory.)
-
-<DT><CODE>stub</CODE>
-<DD>
-A <CODE>stub</CODE> zone is like a slave zone, except that it replicates
-only the NS records of a master zone instead of the entire zone.
-
-<DT><CODE>forward</CODE>
-<DD>
-A <CODE>forward</CODE> zone is used to <A HREF="options.html#Forwarding">
-direct all queries</A> in it to other servers. The specification of
-options in such a zone will override any global options
-declared in the <A HREF="options.html#Forwarding">options</A> statement.
-
-<P>If either no <CODE>forwarders</CODE> statement is present in the
-zone or an empty list for <CODE>forwarders</CODE> is given, no
-forwarding will be done for the zone, cancelling the effects of any
-<CODE>forwarders</CODE> in the <CODE>options</CODE> statement.
-Thus if you want to use this
-type of zone to change the behavior of the global <CODE>forward</CODE>
-option, and not the servers used, you also need to respecify the
-global forwarders.
-
-<DT><CODE>hint</CODE>
-<DD>
-The initial set of root nameservers is specified using a
-<CODE>hint</CODE> zone. When the server starts up, it uses the root hints
-to find a root nameserver and get the most recent list of root nameservers.
-</DL>
-
-<P>Note: previous releases of BIND used the term <EM>primary</EM> for a
-master zone, <EM>secondary</EM> for a slave zone, and <EM>cache</EM> for
-a hint zone.</P>
-
-<H4>Class</H4>
-
-<P>The zone's name may optionally be followed by a class. If a class
-is not specified, class <CODE>in</CODE> (for "internet"), is assumed.
-This is correct for the vast majority of cases.
-
-<P>The <CODE>hesiod</CODE> class is for an information service from MIT's
-Project Athena. It is used to share information about various systems
-databases, such as users, groups, printers and so on. More
-information can be found at
-<A HREF="ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS">MIT</A>.
-The keyword <CODE>hs</CODE> is a synonym for <CODE>hesiod</CODE>.</P>
-
-<P>Another MIT development was CHAOSnet, a LAN protocol created in the
-mid-1970s. It is still sometimes seen on LISP stations and other
-hardware in the AI community, and zone data for it can be specified
-with the
-<CODE>chaos</CODE> class.</P>
-
-<H4>Options</H4>
-
-<DL>
-<DT><CODE>check-names</CODE>
-<DD>
-See <A HREF="options.html#NameChecking">Name Checking</A>.
-
-<DT><CODE>allow-query</CODE>
-<DD>
-See the description of <CODE>allow-query</CODE> in the
-<A HREF="options.html#AccessControl">Access Control</A> section. Note that
-this should in general be <I>more restrictive</I> than the similar global
-option of the same name; otherwise, confusing and nonworthwhile delegations
-will be returned.
-
-<DT><CODE>allow-update</CODE>
-<DD>
-Specifies which hosts are allowed to submit Dynamic DNS updates to the
-server. The default is to deny updates from all hosts.
-
-<DT><CODE>allow-transfer</CODE>
-<DD>
-See the description of <CODE>allow-transfer</CODE> in
-the <A HREF="options.html#AccessControl">Access Control</A> section.
-
-<DT><CODE>transfer-source</CODE>
-<DD>
-<CODE>transfer-source</CODE> determines which local address will be bound to
-the TCP connection used to fetch this zone. If not set, it defaults to a
-system controlled value which will usually be the address of the interface
-``closest to'' the remote end. This address must appear in the remote end's
-<CODE>allow-transfer</CODE> option for this zone if one is specified.
-
-<DT><CODE>ixfr-base</CODE>
-<DD>
-<CODE>ixfr-base</CODE>
-specifies the file name used for IXFR transaction log file.
-
-<DT><CODE>max-transfer-time-in</CODE>
-<DD>
-See the description of <CODE>max-transfer-time-in</CODE> in
-the <A HREF="options.html#ZoneTransfers">Zone Transfers</A> section.
-
-<DT><CODE>dialup</CODE>
-<DD>
-See the description of <CODE>dialup</CODE> in
-the <A HREF="options.html#BooleanOptions">Boolean Options</A> section.
-
-<DT><CODE>notify</CODE>
-<DD>
-See the description of <CODE>notify</CODE> in
-the <A HREF="options.html#BooleanOptions">Boolean Options</A> section.
-
-<DT><CODE>also-notify</CODE>
-<DD>
-<CODE>also-notify</CODE> is only meaningful if <CODE>notify</CODE> is
-active for this zone. The set of machines that will receive a DNS
-NOTIFY message for this zone is made up of all the listed nameservers
-for the zone (other than the primary master) plus any IP addresses
-specified with <CODE>also-notify</CODE>. <CODE>also-notify</CODE> is not
-meaningful for <CODE>stub</CODE> zones. The default is the empty list.
-
-<DT><CODE>forward</CODE>
-<DD>
-<CODE>forward</CODE> is only meaningful if the zone has a
-<CODE>forwarders</CODE> list. The <CODE>only</CODE> value causes the
-lookup to fail after trying the <CODE>forwarders</CODE> and getting no
-answer, while <CODE>first</CODE> would allow a normal lookup to be tried.
-
-<DT><CODE>forwarders</CODE>
-<DD>
-The <CODE>forwarders</CODE> option in a zone is used to override the
-list of global forwarders. If it is not specified in a zone of type
-<CODE>forward</CODE>, <STRONG>no</STRONG> forwarding is done for the
-zone; the global options are not used.
-
-<DT><CODE>pubkey</CODE>
-<DD>
-A pubkey represents a public key for this zone. It is needed when this is the
-top level authoritative zone served by this server and there is no chain of
-trust to a <A HREF="trusted-keys.html">trusted key</A>. It is considered
-secure, so that data that it signs will be considered secure. The DNSSEC
-flags, protocol, and algorithm are specified, as well as a base-64 encoded
-string representing the key.
-
-</DL>
-<HR>
-
-<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
-| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A>
-| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER>
-
-<HR>
-<ADDRESS>
-Last Updated: $Id: zone.html,v 1.23 1999/09/30 17:58:41 cyarnell Exp $
-</ADDRESS>
-</BODY>
-</HTML>
diff --git a/contrib/bind/doc/man/Makefile b/contrib/bind/doc/man/Makefile
deleted file mode 100644
index b792ef92675cc..0000000000000
--- a/contrib/bind/doc/man/Makefile
+++ /dev/null
@@ -1,423 +0,0 @@
-## Portions Copyright (c) 1993 by Digital Equipment Corporation.
-##
-## Permission to use, copy, modify, and distribute this software for any
-## purpose with or without fee is hereby granted, provided that the above
-## copyright notice and this permission notice appear in all copies, and that
-## the name of Digital Equipment Corporation not be used in advertising or
-## publicity pertaining to distribution of the document or software without
-## specific, written prior permission.
-##
-## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-## SOFTWARE.
-
-## Portions Copyright (c) 1996,1999 by Internet Software Consortium
-##
-## Permission to use, copy, modify, and distribute this software for any
-## purpose with or without fee is hereby granted, provided that the above
-## copyright notice and this permission notice appear in all copies.
-##
-## THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-## ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-## CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-## SOFTWARE.
-
-#
-# Makefile to install the BIND manual entries.
-#
-# Default Configuration:
-# There are a set of default assignments immediately following this
-# note. These defaults are for BSD4.4, BSD/386, other net2-alikes,
-# and will install manual entries with following characteristics:
-# o They will be catable (i.e., passed through nroff)
-# o They will be installed in the directories
-# /usr/share/man/catN, where N is 1, 3, 5, 7, 8
-# o They will have an extension of `.0'
-#
-# Don't change these defaults. Instead, following the default configuration
-# are sets of commented values for particular systems that can be used
-# to override the default values.
-#
-
-#
-# Target directory for the manual directory tree. Eg., may be used to
-# specify the path of an NFS-mounted directory for common files.
-#
-DESTDIR=
-
-#
-# Default location for manual section directories.
-#
-DESTMAN= /usr/share/man
-
-#
-# Install manuals in ${MANDIR}N. For systems that generate catable manual
-# entries on the fly, use
-# MANDIR = man
-#
-MANDIR = cat
-
-#
-# Default extension for manual entries. To install the manual entries under
-# their `real' extensions use
-# CATEXT = $$N
-#
-CATEXT = 0
-
-#
-# Command to install manual entries
-#
-INSTALL= install
-
-#
-# `install' options to set Owner and Group for manual entries. Eg. for
-# BSD `install' use
-# MAN_OWNER = -o bin
-# MAN_GROUP = -g bin
-#
-MAN_OWNER =
-MAN_GROUP =
-
-SHELL= /bin/sh
-
-INDOT=
-XFER_INDOT=
-#
-# Uppercase versions of the above variables (`INDOT_U' and `XFER_INDOT_U')
-# are defined for use in `.TH' lines.
-#
-
-#
-# Command used to generate a manual entry. By default this produces catable
-# manual entries.
-#
-# For systems that store manuals in MDOC form (eg modern BSD systems) and
-# can generate catable manual entries on the fly the following assignment
-# can be used.
-# MANROFF = cat
-#
-MANROFF = ( tbl | nroff -mandoc )
-
-#
-# Default extensions for installed manual entries. The following variables
-# have been defined to allow BIND's manual entries to be installed in the
-# right place for a given platform.
-#
-# CMD_EXT = extension for user commands (eg, dig)
-# LIB_NETWORK_EXT = extension for network library routines (eg,
-# gethostbyname)
-# FORMAT_EXT = extension for files describing file formats
-# (eg, resolver)
-# DESC_EXT = extension for descriptive files (eg, mailaddr)
-# SYS_OPS_EXT = extension system operation and maintenance commands
-# and applications. (eg, named, named-xfer, syslog)
-#
-# Associated with each variable is an additional variable with the suffix
-# `_DIR' that specifies the suffix to ${MANDIR}. It's needed because on
-# some systems, eg., Ultrix, multiple subsections (eg 3x, 3m 3n) are
-# stored in generic manual section directories (eg., man3).
-#
-# Associated with each variable is an additional variable with the suffix
-# `_U' which gives the upper case form of the variable for use in `.TH'
-# commands. Useful for platforms (such as Solaris 2) that include letters
-# in manual sections.
-#
-CMD_EXT = 1
-CMD_EXT_DIR = ${CMD_EXT}
-LIB_NETWORK_EXT = 3
-LIB_NETWORK_EXT_DIR = ${LIB_NETWORK_EXT}
-FORMAT_EXT = 5
-FORMAT_EXT_DIR = ${FORMAT_EXT}
-DESC_EXT = 7
-DESC_EXT_DIR = ${DESC_EXT}
-SYS_OPS_EXT = 8
-SYS_OPS_EXT_DIR = ${SYS_OPS_EXT}
-
-#
-# Additional variables are defined for cross-references within manual
-# entries:
-# SYSCALL_EXT = extension for system calls
-# BSD_SYSCALL_EXT = extension for BSD-specifc system calls. On some
-# systems (eg Ultrix) these appear in section 2.
-# On other system (eg SunOS 5) these are implemented
-# via a BSD-compatibility library and appear in
-# section 3.
-# LIB_C_EXT = extension for C library routines (eg, signal)
-#
-SYSCALL_EXT = 2
-SYSCALL_EXT_DIR = ${SYSCALL_EXT}
-BSD_SYSCALL_EXT = 2
-BSD_SYSCALL_EXT_DIR = ${BSD_SYSCALL_EXT}
-LIB_C_EXT = 3
-LIB_C_EXT_DIR = ${LIB_C_EXT}
-
-######################################################################
-#
-# No user changes needed past this point.
-#
-######################################################################
-#
-# This sed command is used to update the manual entries so they refer to
-# the appropriate section of the manual for a given platform.
-#
-EXT_SED_CMD = INDOT_U=`echo "${INDOT}"|tr "[a-z]" "[A-Z]"`; \
- export INDOT_U; \
- XFER_INDOT_U=`echo "${XFER_INDOT}"|tr "[a-z]" "[A-Z]"`; \
- export XFER_INDOT_U; \
- CMD_EXT_U=`echo "${CMD_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export CMD_EXT_U; \
- SYS_OPS_EXT_U=`echo "${SYS_OPS_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export SYS_OPS_EXT_U; \
- LIB_NETWORK_EXT_U=`echo "${LIB_NETWORK_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export LIB_NETWORK_EXT_U; \
- FORMAT_EXT_U=`echo "${FORMAT_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export FORMAT_EXT_U; \
- DESC_EXT_U=`echo "${DESC_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export DESC_EXT_U; \
- SYSCALL_EXT_U=`echo "${SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export SYSCALL_EXT_U; \
- BSD_SYSCALL_EXT_U=`echo "${BSD_SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export BSD_SYSCALL_EXT_U; \
- LIB_C_EXT_U=`echo "${LIB_C_EXT}"|tr "[a-z]" "[A-Z]"`; \
- export LIB_C_EXT_U; \
- sed -e "s/@INDOT@/${INDOT}/g" \
- -e "s/@INDOT_U@/$${INDOT_U}/g" \
- -e "s/@XFER_INDOT@/${XFER_INDOT}/g" \
- -e "s/@XFER_INDOT_U@/$${XFER_INDOT_U}/g" \
- -e "s/@CMD_EXT@/${CMD_EXT}/g" \
- -e "s/@CMD_EXT_U@/$${CMD_EXT_U}/g" \
- -e "s/@LIB_NETWORK_EXT@/${LIB_NETWORK_EXT}/g" \
- -e "s/@LIB_NETWORK_EXT_U@/$${LIB_NETWORK_EXT_U}/g" \
- -e "s/@FORMAT_EXT@/${FORMAT_EXT}/g" \
- -e "s/@FORMAT_EXT_U@/$${FORMAT_EXT_U}/g" \
- -e "s/@DESC_EXT@/${DESC_EXT}/g" \
- -e "s/@DESC_EXT_U@/$${DESC_EXT_U}/g" \
- -e "s/@SYS_OPS_EXT@/${SYS_OPS_EXT}/g" \
- -e "s/@SYS_OPS_EXT_U@/$${SYS_OPS_EXT_U}/g" \
- -e "s/@SYSCALL_EXT@/${SYSCALL_EXT}/g" \
- -e "s/@SYSCALL_EXT_U@/$${SYSCALL_EXT_U}/g" \
- -e "s/@BSD_SYSCALL_EXT@/${BSD_SYSCALL_EXT}/g" \
- -e "s/@BSD_SYSCALL_EXT_U@/$${BSD_SYSCALL_EXT_U}/g" \
- -e "s/@LIB_C_EXT@/${LIB_C_EXT}/g" \
- -e "s/@LIB_C_EXT_U@/$${LIB_C_EXT_U}/g"
-
-#
-# Command used to produce manual entries
-#
-MK_MANFILE = ( ${EXT_SED_CMD} | ${MANROFF} )
-
-#
-# Extensions for the generated manual entries
-#
-OUT_EXT = lst
-CMD_OUT_EXT = ${OUT_EXT}${CMD_EXT}
-LIB_NETWORK_OUT_EXT = ${OUT_EXT}${LIB_NETWORK_EXT}
-FORMAT_OUT_EXT = ${OUT_EXT}${FORMAT_EXT}
-DESC_OUT_EXT = ${OUT_EXT}${DESC_EXT}
-SYS_OPS_OUT_EXT = ${OUT_EXT}${SYS_OPS_EXT}
-
-#
-# User command manual entries
-#
-CMD_BASE = dig host dnsquery dnskeygen
-CMD_SRC_EXT = 1
-CMD_SRC = dig.${CMD_SRC_EXT} \
- host.${CMD_SRC_EXT} \
- dnsquery.${CMD_SRC_EXT} \
- dnskeygen.${CMD_SRC_EXT}
-CMD_OUT = dig.${CMD_OUT_EXT} \
- host.${CMD_OUT_EXT} \
- dnsquery.${CMD_OUT_EXT} \
- dnskeygen.${CMD_OUT_EXT}
-
-#
-# named manual entries
-#
-NAMED_BASE = named ndc
-SYS_OPS_SRC_EXT = 8
-NAMED_SRC = named.${SYS_OPS_SRC_EXT} ndc.${SYS_OPS_SRC_EXT}
-NAMED_OUT = named.${SYS_OPS_OUT_EXT} ndc.${SYS_OPS_OUT_EXT}
-
-#
-# named-xfer manual entry
-#
-NAMED_XFER_BASE = named-xfer
-NAMED_XFER_SRC = named-xfer.${SYS_OPS_SRC_EXT}
-NAMED_XFER_OUT = named-xfer.${SYS_OPS_OUT_EXT}
-
-#
-# named-bootconf manual entry
-#
-NAMED_BOOTCONF_BASE = named-bootconf
-NAMED_BOOTCONF_SRC = named-bootconf.${SYS_OPS_SRC_EXT}
-NAMED_BOOTCONF_OUT = named-bootconf.${SYS_OPS_OUT_EXT}
-
-#
-# nslookup manual entry
-#
-NSLOOKUP_BASE = nslookup
-NSLOOKUP_SRC = nslookup.${SYS_OPS_SRC_EXT}
-NSLOOKUP_OUT = nslookup.${SYS_OPS_OUT_EXT}
-
-#
-# nsupdate manual entry
-#
-NSUPDATE_BASE = nsupdate
-NSUPDATE_SRC = nsupdate.${SYS_OPS_SRC_EXT}
-NSUPDATE_OUT = nsupdate.${SYS_OPS_OUT_EXT}
-
-#
-# Network library routines manual entries
-#
-LIB_NETWORK_BASE = gethostbyname inet_cidr resolver hesiod getnetent \
- tsig getaddrinfo inet_cidr getipnodebyname
-LIB_NETWORK_SRC_EXT = 3
-LIB_NETWORK_SRC = gethostbyname.${LIB_NETWORK_SRC_EXT} \
- inet_cidr.${LIB_NETWORK_SRC_EXT} \
- resolver.${LIB_NETWORK_SRC_EXT} \
- hesiod.${LIB_NETWORK_SRC_EXT} \
- getnetent.${LIB_NETWORK_SRC_EXT} \
- tsig.${LIB_NETWORK_SRC_EXT} \
- getaddrinfo.${LIB_NETWORK_SRC_EXT} \
- getnameinfo.${LIB_NETWORK_SRC_EXT} \
- getipnodebyname.${LIB_NETWORK_SRC_EXT}
-LIB_NETWORK_OUT = gethostbyname.${LIB_NETWORK_OUT_EXT} \
- inet_cidr.${LIB_NETWORK_OUT_EXT} \
- resolver.${LIB_NETWORK_OUT_EXT} \
- hesiod.${LIB_NETWORK_OUT_EXT} \
- getnetent.${LIB_NETWORK_OUT_EXT} \
- tsig.${LIB_NETWORK_OUT_EXT} \
- getaddrinfo.${LIB_NETWORK_OUT_EXT} \
- getnameinfo.${LIB_NETWORK_OUT_EXT} \
- getipnodebyname.${LIB_NETWORK_OUT_EXT}
-
-#
-# File format manual entries
-#
-FORMAT_BASE = resolver irs.conf named.conf
-FORMAT_SRC_EXT = 5
-FORMAT_SRC = resolver.${FORMAT_SRC_EXT} \
- irs.conf.${FORMAT_SRC_EXT} \
- named.conf.${FORMAT_SRC_EXT}
-FORMAT_OUT = resolver.${FORMAT_OUT_EXT} \
- irs.conf.${FORMAT_OUT_EXT} \
- named.conf.${FORMAT_OUT_EXT}
-
-#
-# Feature Description manual entries
-#
-DESC_BASE = hostname mailaddr
-DESC_SRC_EXT = 7
-DESC_SRC = hostname.${DESC_SRC_EXT} mailaddr.${DESC_SRC_EXT}
-DESC_OUT = hostname.${DESC_OUT_EXT} mailaddr.${DESC_OUT_EXT}
-
-.SUFFIXES: .${CMD_SRC_EXT} .${CMD_OUT_EXT} \
- .${SYS_OPS_SRC_EXT} .${SYS_OPS_OUT_EXT} \
- .${LIB_NETWORK_SRC_EXT} .${LIB_NETWORK_OUT_EXT} \
- .${FORMAT_SRC_EXT} .${FORMAT_OUT_EXT} \
- .${DESC_SRC_EXT} .${DESC_OUT_EXT}
-
-.${CMD_SRC_EXT}.${CMD_OUT_EXT}:
- @echo "$*.${CMD_SRC_EXT} -> $*.${CMD_OUT_EXT}"
- @${MK_MANFILE} <$*.${CMD_SRC_EXT} >$*.${CMD_OUT_EXT}
-
-.${SYS_OPS_SRC_EXT}.${SYS_OPS_OUT_EXT}:
- @echo "$*.${SYS_OPS_SRC_EXT} -> $*.${SYS_OPS_OUT_EXT}"
- @${MK_MANFILE} <$*.${SYS_OPS_SRC_EXT} >$*.${SYS_OPS_OUT_EXT}
-
-.${LIB_NETWORK_SRC_EXT}.${LIB_NETWORK_OUT_EXT}:
- @echo "$*.${LIB_NETWORK_SRC_EXT} -> $*.${LIB_NETWORK_OUT_EXT}"
- @${MK_MANFILE} <$*.${LIB_NETWORK_SRC_EXT} >$*.${LIB_NETWORK_OUT_EXT}
-
-.${FORMAT_SRC_EXT}.${FORMAT_OUT_EXT}:
- @echo "$*.${FORMAT_SRC_EXT} -> $*.${FORMAT_OUT_EXT}"
- @${MK_MANFILE} <$*.${FORMAT_SRC_EXT} >$*.${FORMAT_OUT_EXT}
-
-.${DESC_SRC_EXT}.${DESC_OUT_EXT}:
- @echo "$*.${DESC_SRC_EXT} -> $*.${DESC_OUT_EXT}"
- @${MK_MANFILE} <$*.${DESC_SRC_EXT} >$*.${DESC_OUT_EXT}
-
-OUTFILES = ${CMD_OUT} ${NAMED_OUT} ${NAMED_XFER_OUT} ${NSLOOKUP_OUT} \
- ${NSUPDATE_OUT} ${LIB_NETWORK_OUT} ${FORMAT_OUT} ${DESC_OUT} \
- ${NAMED_BOOTCONF_OUT}
-
-all: ${OUTFILES}
-
-install: ${OUTFILES} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}
- @set -x; N=${CMD_EXT}; for f in ${CMD_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${CMD_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR}/$${f}.${CATEXT}; \
- done
- @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${SYS_OPS_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${INDOT}$${f}.${CATEXT}; \
- done
- @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_XFER_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${SYS_OPS_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${XFER_INDOT}$${f}.${CATEXT}; \
- done
- @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_BOOTCONF_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${SYS_OPS_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${XFER_INDOT}$${f}.${CATEXT}; \
- done
- @set -x; N=${SYS_OPS_EXT}; for f in ${NSLOOKUP_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${SYS_OPS_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/$${f}.${CATEXT}; \
- done
- @set -x; N=${SYS_OPS_EXT}; for f in ${NSUPDATE_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${SYS_OPS_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/$${f}.${CATEXT}; \
- done
- @set -x; N=${LIB_NETWORK_EXT}; for f in ${LIB_NETWORK_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${LIB_NETWORK_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR}/$${f}.${CATEXT}; \
- done
- @set -x; N=${FORMAT_EXT}; for f in ${FORMAT_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${FORMAT_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR}/$${f}.${CATEXT}; \
- done
- @set -x; N=${DESC_EXT}; for f in ${DESC_BASE}; do \
- ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \
- $${f}.${DESC_OUT_EXT} \
- ${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}/$${f}.${CATEXT}; \
- done
-
-${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \
-${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \
-${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \
-${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \
-${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}:
- mkdir $@
-
-links: FRC
- @set -ex; ln -s SRC/*.[0-9] .
-
-depend:
-
-clean:
- rm -f *~ *.BAK *.CKP *.orig
- rm -f ${OUTFILES}
-
-FRC:
diff --git a/contrib/bind/doc/man/dig.1 b/contrib/bind/doc/man/dig.1
deleted file mode 100644
index 47284c2d2833f..0000000000000
--- a/contrib/bind/doc/man/dig.1
+++ /dev/null
@@ -1,683 +0,0 @@
-.\" $Id: dig.1,v 8.4 1999/10/15 21:29:58 vixie Exp $
-.\"
-.\" ++Copyright++ 1993
-.\" -
-.\" Copyright (c) 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" Distributed with 'dig' version 2.0 from University of Southern
-.\" California Information Sciences Institute (USC-ISI).
-.\"
-.\" dig.1 2.0 (USC-ISI) 8/30/90
-.\"
-.Dd August 30, 1990
-.Dt DIG @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm dig
-.Nd send domain name query packets to name servers
-.Sh SYNOPSIS
-.Nm dig
-.Op Ic @ Ns Ar server
-.Ar domain
-.Op Aq Ar query-type
-.Op Aq Ar query-class
-.Op Ic + Ns Aq Ar query-option
-.Op Fl Aq Ar dig-option
-.Op Ar %comment
-.Sh DESCRIPTION
-.Ic Dig
-(domain information groper) is a flexible command line tool
-which can be used to gather information from the Domain
-Name System servers.
-.Ic Dig
-has two modes: simple interactive mode
-for a single query, and batch mode which executes a query for
-each in a list of several query lines. All query options are
-accessible from the command line.
-.Pp
-The usual simple use of
-.Ic dig
-will take the form:
-.Pp
-.Bd -ragged -offset indent-two
-.Ic dig @ Ns Ar server domain query-type query-class
-.Ed
-.Pp
-where:
-.Bl -tag -width Fl
-.It Ar server
-may be either a domain name or a dot-notation
-Internet address. If this optional field is omitted,
-.Ic dig
-will attempt to use the default name server for your machine.
-.sp 1
-.Em Note:
-If a domain name is specified, this will be resolved
-using the domain name system resolver (i.e., BIND). If your
-system does not support DNS, you may
-.Em have
-to specify a
-dot-notation address. Alternatively, if there is a server
-at your disposal somewhere, all that is required is that
-.Pa /etc/resolv.conf
-be present and indicate where the default
-name servers reside, so that
-.Ar server
-itself can be resolved. See
-.Xr resolver @FORMAT_EXT@
-for information on
-.Pa /etc/resolv.conf .
-.Sy WARNING:
-Changing
-.Pa /etc/resolv.conf
-will affect both the standard resolver library and
-.Pq potentially
-several programs which use it.
-As an option, the user may set the
-environment variable
-.Ev LOCALRES
-to name a file which is to
-be used instead of
-.Pa /etc/resolv.conf
-.Po Ns Ev LOCALRES
-is specific to the
-.Ic dig
-resolver and is not referenced by the standard resolver
-.Pc .
-If the
-.Ev LOCALRES
-variable is not set or the specified file
-is not readable, then
-.Pa /etc/resolv.conf
-will be used.
-.It Ar domain
-is the domain name for which you are requesting information.
-See the
-.Fl x
-option (documented in the
-.Sx OTHER OPTIONS
-subsection of this section) for convenient way to specify inverse address
-query.
-.It Ar query-type
-is the type of information (DNS query type) that
-you are requesting. If omitted, the default is
-.Dq Ar a
-.Pq Dv T_A = Ar address .
-The following types are recognized:
-.Pp
-.Bl -hang -width "hinfo T_HINFO " -compact
-.It Ar a\ \ \ \ \ \ Dv T_A
-network address
-.It Ar any\ \ \ \ Dv T_ANY
-all/any information about specified domain
-.It Ar mx\ \ \ \ \ Dv T_MX
-mail exchanger for the domain
-.It Ar ns\ \ \ \ \ Dv T_NS
-name servers
-.It Ar soa\ \ \ \ Dv T_SOA
-zone of authority record
-.It Ar hinfo\ \ Dv T_HINFO
-host information
-.It Ar axfr\ \ \ Dv T_AXFR
-zone transfer (must ask an authoritative server)
-.It Ar txt\ \ \ \ Dv T_TXT
-arbitrary number of strings
-.El
-.Pp
-(See RFC 1035 for the complete list.)
-.It Ar query-class
-is the network class requested in the query. If
-omitted, the default is
-.Dq Ar in
-.Pq Dv C_IN = Ar Internet .
-The following classes are recognized:
-.Pp
-.Bl -tag -width "hinfo T_HINFO " -compact
-.It Ar in\ \ \ \ \ Dv C_IN
-Internet class domain
-.It Ar any\ \ \ \ Dv C_ANY
-all/any class information
-.El
-.Pp
-(See RFC 1035 for the complete list.)
-.Pp
-.Em Note:
-.Dq Ar Any
-can be used to specify a
-.Em class
-and/or a
-.Em type
-of query.
-.Ic Dig
-will parse the first occurrence of
-.Dq Ar any
-to mean
-.Ar query-type = Dv T_ANY .
-To specify
-.Ar query-class = Dv C_ANY ,
-you must either specify
-.Dq any
-twice, or set
-.Ar query-class
-using the
-.Fl c
-option (see below).
-.El
-.Ss OTHER OPTIONS
-.Bl -tag -width Fl
-.It % Ns Ar ignored-comment
-.Dq %
-is used to included an argument that is simply not
-parsed. This may be useful if running
-.Ic dig
-in batch
-mode. Instead of resolving every
-.Ar @server-domain-name
-in a list of queries, you can avoid the overhead of doing
-so, and still have the domain name on the command line
-as a reference. Example:
-.Pp
-.Bd -ragged -offset indent-two
-.Ic dig @128.9.0.32 %venera.isi.edu mx isi.edu
-.Ed
-.Pp
-.It Fl Aq Ar dig option
-.Dq Fl
-is used to specify an option which affects the operation of
-.Ic dig .
-The following options are currently
-available (although not guaranteed to be useful):
-.Bl -tag -width Fl
-.It Fl x Ar dot-notation-address
-Convenient form to specify inverse address mapping.
-Instead of
-.Dq Ic dig 32.0.9.128.in-addr.arpa ,
-one can simply
-.Dq Ic dig -x 128.9.0.32 .
-.It Fl f Ar file
-File for
-.Ic dig
-batch mode. The file contains a list
-of query specifications
-(
-.Ns Ic dig
-command lines) which are to be executed successively. Lines beginning with
-.Sq \&; ,
-.Sq # ,
-or
-.Sq \en
-are ignored. Other options
-may still appear on command line, and will be in
-effect for each batch query.
-.It Fl T Ar time
-Time in seconds between start of successive
-queries when running in batch mode. Can be used
-to keep two or more batch
-.Ic dig
-commands running
-roughly in sync. Default is zero.
-.It Fl p Ar port
-Port number. Query a name server listening to a
-non-standard port number. Default is 53.
-.It Fl P Ns Bq Ar ping-string
-After query returns, execute a
-.Xr ping @SYS_OPS_EXT@
-command for response time comparison. This rather
-unelegantly makes a call to the shell. The last
-three lines of statistics is printed for the
-command:
-.Pp
-.Bd -ragged -offset indent-two
-.Ic ping Fl s server_name 56 3
-.Ed
-.Pp
-If the optional
-.Dq Ar ping_string
-is present, it
-replaces
-.Dq Ic ping Fl s
-in the shell command.
-.It Fl t Ar query-type
-Specify type of query. May specify either an
-integer value to be included in the type field
-or use the abbreviated mnemonic as discussed
-above (i.e.,
-.Ar mx = Dv T_MX ) .
-.It Fl c Ar query-class
-Specify class of query. May specify either an
-integer value to be included in the class field
-or use the abbreviated mnemonic as discussed
-above (i.e., in = C_IN).
-.It Fl k Ar keydir:keyname
-Sign the query with the TSIG key named keyname
-that is in the directory keydir.
-.It Fl envsav
-This flag specifies that the
-.Ic dig
-environment
-(defaults, print options, etc.), after
-all of the arguments are parsed, should be saved
-to a file to become the default environment.
-This is useful if you do not like the standard set of
-defaults and do not desire to include a
-large number of options each time
-.Ic dig
-is used. The environment consists of resolver state
-variable flags, timeout, and retries as well as the flags detailing
-.Ic dig
-output (see below).
-If the shell environment variable
-.Ev LOCALDEF
-is set to the name of a file, this is where the default
-.Ic dig
-environment is saved. If not, the file
-.Dq Pa DiG.env
-is created in the current working directory.
-.Pp
-.Em Note:
-.Ev LOCALDEF
-is specific to the
-.Ic dig
-resolver,
-and will not affect operation of the standard
-resolver library.
-.Pp
-Each time
-.Ic dig
-is executed, it looks for
-.Dq Pa ./DiG.env
-or the file specified by the shell environment variable
-.Ev LOCALDEF .
-If such file exists and is readable, then the
-environment is restored from this file before any arguments are parsed.
-.It Fl envset
-This flag only affects batch query runs. When
-.Dq Fl envset
-is specified on a line in a
-.Ic dig
-batch file, the
-.Ic dig
-environment after the arguments are parsed
-becomes the default environment for the duration of
-the batch file, or until the next line which specifies
-.Dq Fl envset .
-.It Xo
-.Fl Op Cm no
-.Ns Cm stick
-.Xc
-This flag only affects batch query runs.
-It specifies that the
-.Ic dig
-environment (as read initially
-or set by
-.Dq Fl envset
-switch) is to be restored before each query (line) in a
-.Ic dig
-batch file.
-The default
-.Dq Fl nostick
-means that the
-.Ic dig
-environment does not stick, hence options specified on a single line
-in a
-.Ic dig
-batch file will remain in effect for
-subsequent lines (i.e. they are not restored to the
-.Dq sticky
-default).
-.El
-.It Ic + Ns Aq Ar query-option
-.Dq +
-is used to specify an option to be changed in the query packet or to change
-.Ic dig
-output specifics. Many of these are the same parameters accepted by
-.Xr nslookup @SYS_OPS_EXT@ .
-If an option requires a parameter, the form is as follows:
-.Pp
-.Bd -ragged -offset indent-two
-.Ic +
-.Ns Ar keyword
-.Ns Op = Ns Ar value
-.Ed
-.Pp
-Most keywords can be abbreviated. Parsing of the
-.Dq +
-options is very simplistic \(em a value must not be
-separated from its keyword by white space. The following
-keywords are currently available:
-.Pp
-Keyword Abbrev. Meaning [default]
-.Pp
-.Bl -tag -width "[no]primary (ret) " -compact
-.It Xo
-.Op Cm no
-.Ns Cm debug\ \ \ \
-.Pq Cm deb
-.Xc
-turn on/off debugging mode
-.Bq Cm deb
-.It Xo
-.Op Cm no
-.Ns Cm d2\ \ \ \ \ \ \ \ \ \
-.Xc
-turn on/off extra debugging mode
-.Bq Cm nod2
-.It Xo
-.Op Cm no
-.Ns Cm recurse\ \
-.Pq Cm rec
-.Xc
-use/don't use recursive lookup
-.Bq Cm rec
-.It Xo
-.Cm retry= Ns Ar #
-.Cm \ \ \ \ \
-.Pq Cm ret
-.Xc
-set number of retries to #
-.Bq 4
-.It Xo
-.Cm time= Ns Ar #
-.Cm \ \ \ \ \ \
-.Pq Cm ti
-.Xc
-set timeout length to # seconds
-.Bq 4
-.It Xo
-.Op Cm no
-.Ns Cm ko
-.Xc
-keep open option (implies vc)
-.Bq Cm noko
-.It Xo
-.Op Cm no
-.Ns Cm vc
-.Xc
-use/don't use virtual circuit
-.Bq Cm novc
-.It Xo
-.Op Cm no
-.Ns Cm defname\ \
-.Pq Cm def
-.Xc
-use/don't use default domain name
-.Bq Cm def
-.It Xo
-.Op Cm no
-.Ns Cm search\ \ \
-.Pq Cm sea
-.Xc
-use/don't use domain search list
-.Bq Cm sea
-.It Xo
-.Cm domain= Ns Ar NAME\ \
-.Pq Cm do
-.Xc
-set default domain name to
-.Ar NAME
-.It Xo
-.Op Cm no
-.Ns Cm ignore\ \ \
-.Pq Cm i
-.Xc
-ignore/don't ignore trunc. errors
-.Bq Cm noi
-.It Xo
-.Op Cm no
-.Ns Cm primary\ \
-.Pq Cm pr
-.Xc
-use/don't use primary server
-.Bq Cm nopr
-.It Xo
-.Op Cm no
-.Ns Cm aaonly\ \ \
-.Pq Cm aa
-.Xc
-authoritative query only flag
-.Bq Cm noaa
-.It Xo
-.Op Cm no
-.Ns Cm cmd
-.Xc
-echo parsed arguments
-.Bq Cm cmd
-.It Xo
-.Op Cm no
-.Ns Cm stats\ \ \ \
-.Pq Cm st
-.Xc
-print query statistics
-.Bq Cm st
-.It Xo
-.Op Cm no
-.Ns Cm Header\ \ \
-.Pq Cm H
-.Xc
-print basic header
-.Bq Cm H
-.It Xo
-.Op Cm no
-.Ns Cm header\ \ \
-.Pq Cm he
-.Xc
-print header flags
-.Bq Cm he
-.It Xo
-.Op Cm no
-.Ns Cm ttlid\ \ \ \
-.Pq Cm tt
-.Xc
-print TTLs
-.Bq Cm tt
-.It Xo
-.Op Cm no
-.Ns Cm cl
-.Xc
-print class info
-.Bq Cm nocl
-.It Xo
-.Op Cm no
-.Ns Cm qr
-.Xc
-print outgoing query
-.Bq Cm noqr
-.It Xo
-.Op Cm no
-.Ns Cm reply\ \ \ \
-.Pq Cm rep
-.Xc
-print reply
-.Bq Cm rep
-.It Xo
-.Op Cm no
-.Ns Cm ques\ \ \ \ \
-.Pq Cm qu
-.Xc
-print question section
-.Bq Cm qu
-.It Xo
-.Op Cm no
-.Ns Cm answer\ \ \
-.Pq Cm an
-.Xc
-print answer section
-.Bq Cm an
-.It Xo
-.Op Cm no
-.Ns Cm author\ \ \
-.Pq Cm au
-.Xc
-print authoritative section
-.Bq Cm au
-.It Xo
-.Op Cm no
-.Ns Cm addit\ \ \ \
-.Pq Cm ad
-.Xc
-print additional section
-.Bq Cm ad
-.It Cm pfdef
-set to default print flags
-.It Cm pfmin
-set to minimal default print flags
-.It Cm pfset= Ns Ar #
-set print flags to #
-(# can be hex/octal/decimal)
-.It Cm pfand= Ns Ar #
-bitwise and print flags with #
-.It Cm pfor= Ns Ar #
-bitwise or print flags with #
-.El
-.Pp
-The
-.Cm retry
-and
-.Cm time
-options affect the retransmission strategy used by the resolver
-library when sending datagram queries. The algorithm is as follows:
-.Pp
-.Bd -literal -offset indent
-for i = 0 to retry - 1
- for j = 1 to num_servers
- send_query
- wait((time * (2**i)) / num_servers)
- end
-end
-.Ed
-.Pp
-(Note:
-.Ic dig
-always uses a value of 1 for
-.Dq Li num_servers . )
-.El
-.Ss DETAILS
-.Ic Dig
-once required a slightly modified version of the BIND
-.Xr resolver @LIB_NETWORK_EXT@
-library. As of BIND 4.9, BIND's resolver has been augmented to work
-properly with
-.Ic dig .
-Essentially,
-.Ic dig
-is a straight-forward
-(albeit not pretty) effort of parsing arguments and setting appropriate
-parameters.
-.Ic Dig
-uses
-.Xr resolver @LIB_NETWORK_EXT@
-routines
-.Fn res_init ,
-.Fn res_mkquery ,
-.Fn res_send
-as well as accessing the
-.Ft _res
-structure.
-.Sh ENVIRONMENT
-.Bl -tag -width "LOCALRES " -compact
-.It Ev LOCALRES
-file to use in place of Pa /etc/resolv.conf
-.It Ev LOCALDEF
-default environment file
-.El
-.Pp
-See also the explanation of the
-.Fl envsav ,
-.Fl envset ,
-and
-.Xo
-.Fl Op Cm no
-.Ns Cm stick
-.Xc
-options, above.
-.Sh FILES
-.Bl -tag -width "/etc/resolv.conf " -compact
-.It Pa /etc/resolv.conf
-initial domain name and name server addresses
-.It Pa \./DiG.env
-default save file for default options
-.El
-.Sh SEE ALSO
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ,
-.Xr nslookup @SYS_OPS_EXT@ .
-.Sh STANDARDS
-RFC 1035.
-.Sh AUTHOR
-Steve Hotz
-hotz@isi.edu
-.Sh ACKNOWLEDGMENTS
-.Ic Dig
-uses functions from
-.Xr nslookup @SYS_OPS_EXT@
-authored by Andrew Cherenson.
-.Sh BUGS
-.Ic Dig
-has a serious case of "creeping featurism" -- the result of
-considering several potential uses during it's development. It would
-probably benefit from a rigorous diet. Similarly, the print flags
-and granularity of the items they specify make evident their
-rather ad hoc genesis.
-.Pp
-.Ic Dig
-does not consistently exit nicely (with appropriate status)
-when a problem occurs somewhere in the resolver
-.Po Sy NOTE:
-most of the common exit cases are handled
-.Pc .
-This is particularly annoying when running in
-batch mode. If it exits abnormally (and is not caught), the entire
-batch aborts; when such an event is trapped,
-.Ic dig
-simply
-continues with the next query.
diff --git a/contrib/bind/doc/man/dnskeygen.1 b/contrib/bind/doc/man/dnskeygen.1
deleted file mode 100644
index 4b3c4069bab9a..0000000000000
--- a/contrib/bind/doc/man/dnskeygen.1
+++ /dev/null
@@ -1,132 +0,0 @@
-.\" Copyright (c) 1996,1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.\" $Id: dnskeygen.1,v 8.5 1999/02/23 05:20:18 vixie Exp $
-.\"
-.Dd December 2, 1998
-.Dt DNSKEYGEN @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm dnskeygen
-.Nd generate public, private, and shared secret keys for DNS Security
-.Sh SYNOPSIS
-.Nm dnskeygen
-.Oo Fl
-.Op Cm DHR
-.Ar size
-.Oc
-.Op Fl F
-.Fl Op Cm zhu
-.Op Cm Fl a
-.Op Cm Fl c
-.Op Cm Fl p Ar num
-.Op Cm Fl s Ar num
-.Fl n Ar name
-.Sh DESCRIPTION
-.Ic Dnskeygen
-(DNS Key Generator) is a tool to generate and maintain keys for DNS Security
-within the DNS (Domain Name System).
-.Nm Dnskeygen
-can generate public and private keys to authenticate zone data, and shared
-secret keys to be used for Request/Transaction signatures.
-.Bl -tag -width Fl
-.It Fl D
-Dnskeygen will generate a
-.Ic DSA/DSS
-key.
-.Dq size
-must be one of [512, 576, 640, 704, 768, 832, 896, 960, 1024].
-.It Fl H
-Dnskeygen will generate an
-.Ic HMAC-MD5
-key.
-.Dq size
-must be between 128 and 504.
-.It Fl R
-Dnskeygen will generate an
-.Ic RSA
-key.
-.Dq size
-must be between 512 and 4096.
-.It Fl F
-.Ic (RSA only)
-Use a large exponent for key generation.
-.It Fl z Fl h Fl u
-These flags define the type of key being generated: Zone (DNS validation) key,
-Host (host or service) key or User (e.g. email) key, respectively.
-Each key is only allowed to be one of these.
-.It Fl a
-Indicates that the key
-.Ic CANNOT
-be used for authentication.
-.It Fl c
-Indicates that the key
-.Ic CANNOT
-be used for encryption.
-.It Fl p Ar num
-Sets the key's protocol field to
-.Ar num
-; the default is
-.Ic 3
-(DNSSEC) if
-.Dq Fl z
-or
-.Dq Fl h
-is specified and
-.Ic 2
-(EMAIL) otherwise. Other accepted values are
-.Ic 1
-(TLS),
-.Ic 4
-(IPSEC), and
-.Ic 255
-(ANY).
-.It Fl s Ar num
-Sets the key's strength field to
-.Ar num;
-the default is
-.Sy 0.
-.It Fl n Ar name
-Sets the key's name to
-.Ar name.
-.El
-.Ss DETAILS
-.Ic Dnskeygen
-stores each key in two files:
-.Pa K<name>+<alg>+<footprint>.private
-and
-.Pa K<name>+<alg>+<footprint>.key
-The file
-.Pa K<name>+<alg>+<footprint>.private
-contains the private key in a portable format. The file
-.Pa K<name>+<alg>+<footprint>.key
-contains the public key in the DNS zone file format:
-.Pp
-.D1 Ar <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus>
-.Pp
-.Sh ENVIRONMENT
-No environmental variables are used.
-.Sh SEE ALSO
-.Em RFC 2065
-on secure DNS and the
-.Em TSIG
-Internet Draft.
-.Sh AUTHOR
-Olafur Gudmundsson (ogud@tis.com).
-.Sh ACKNOWLEDGMENTS
-The underlying cryptographic math is done by the DNSSAFE and/or Foundation
-Toolkit libraries.
-.Sh BUGS
-None are known at this time
diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1
deleted file mode 100644
index 2662ab40170ca..0000000000000
--- a/contrib/bind/doc/man/dnsquery.1
+++ /dev/null
@@ -1,178 +0,0 @@
-.\" $Id: dnsquery.1,v 8.3 1999/01/08 18:54:21 vixie Exp $
-.\"
-.\"Copyright (c) 1995,1996,1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.\"
-.Dd March 10, 1990
-.Dt DNSQUERY @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm dnsquery
-.Nd query domain name servers using resolver
-.Sh SYNOPSIS
-.Nm dnsquery
-.Op Fl n Ar nameserver
-.Op Fl t Ar type
-.Op Fl c Ar class
-.Op Fl r Ar retry
-.Op Fl p Ar period
-.Op Fl d
-.Op Fl s
-.Op Fl v
-.Ar host
-.Sh DESCRIPTION
-The
-.Ic dnsquery
-program is a general interface to nameservers via
-BIND resolver library calls. The program supports
-queries to the nameserver with an opcode of QUERY.
-This program is intended to be a replacement or
-supplement to programs like nstest, nsquery and
-nslookup. All arguments except for
-.Ar host
-and
-.Ar nameserver
-are treated without case-sensitivity.
-.Sh OPTIONS
-.Bl -tag -width Fl
-.It Fl n Ar nameserver
-The nameserver to be used in the query. Nameservers can appear as either
-Internet addresses of the form
-.Ar w.x.y.z
-or can appear as domain names.
-(Default: as specified in
-.Pa /etc/resolv.conf . )
-.It Fl t Ar type
-The type of resource record of interest. Types include:
-.Bl -tag -width "AFSDB " -compact -offset indent
-.It Ar A
-address
-.It Ar NS
-nameserver
-.It Ar CNAME
-canonical name
-.It Ar PTR
-domain name pointer
-.It Ar SOA
-start of authority
-.It Ar WKS
-well-known service
-.It Ar HINFO
-host information
-.It Ar MINFO
-mailbox information
-.It Ar MX
-mail exchange
-.It Ar RP
-responsible person
-.It Ar MG
-mail group member
-.It Ar AFSDB
-DCE or AFS server
-.It Ar ANY
-wildcard
-.El
-.Pp
-Note that any case may be used. (Default:
-.Ar ANY . )
-.It Fl c Ar class
-The class of resource records of interest.
-Classes include:
-.Bl -tag -width "CHAOS " -compact -offset indent
-.It Ar IN
-Internet
-.It Ar HS
-Hesiod
-.It Ar CHAOS
-Chaos
-.It Ar ANY
-wildcard
-.El
-.Pp
-Note that any case may be used. (Default:
-.Ar IN . )
-.It Fl r Ar retry
-The number of times to retry if the nameserver is
-not responding. (Default: 4.)
-.It Fl p Ar period
-Period to wait before timing out. (Default:
-.Dv RES_TIMEOUT . )
-.It Fl d
-Turn on debugging. This sets the
-.Dv RES_DEBUG
-bit of the resolver's
-.Ft options
-field. (Default: no debugging.)
-.It Fl s
-Use a
-.Em stream
-rather than a packet. This uses a TCP stream connection with
-the nameserver rather than a UDP datagram. This sets the
-.Dv RES_USEVC
-bit of the resolver's
-.Ft options
-field. (Default: UDP datagram.)
-.It Fl v
-Synonym for the
-.Dq Fl s
-flag.
-.It Ar host
-The name of the host (or domain) of interest.
-.El
-.Sh FILES
-.Bl -tag -width "<arpa/nameser.h> " -compact
-.It Pa /etc/resolv.conf
-to get the default ns and search lists
-.It Pa <arpa/nameser.h>
-list of usable RR types and classes
-.It Pa <resolv.h>
-list of resolver flags
-.El
-.Sh DIAGNOSTICS
-If the resolver fails to answer the query and debugging has not been
-turned on,
-.Ic dnsquery
-will simply print a message like:
-.Dl Query failed (rc = 1) : Unknown host
-.Pp
-The value of the return code is supplied by
-.Ft h_errno .
-.Sh SEE ALSO
-.Xr nslookup @SYS_OPS_EXT@ ,
-.Xr nstest @CMD_EXT@ ,
-.Xr nsquery @CMD_EXT@ ,
-.Xr named @SYS_OPS_EXT@ ,
-.Xr resolver @FORMAT_EXT@ .
-.Sh AUTHOR
-Bryan Beecher
-.Sh BUGS
-Queries of a class other than
-.Ar IN
-can have interesting results
-since ordinarily a nameserver only has a list of root nameservers
-for class
-.Ar IN
-resource records.
-.Pp
-.Ic Dnsquery
-uses a call to
-.Fn inet_addr
-to determine if the argument
-for the
-.Dq Fl n
-option is a valid Internet address. Unfortunately,
-.Fn inet_addr
-seems to cause a segmentation fault with some (bad)
-IP addresses (e.g., 1.2.3.4.5).
diff --git a/contrib/bind/doc/man/dnssigner.1 b/contrib/bind/doc/man/dnssigner.1
deleted file mode 100644
index 1fb4ce4623c23..0000000000000
--- a/contrib/bind/doc/man/dnssigner.1
+++ /dev/null
@@ -1,213 +0,0 @@
-.\" Copyright (c) 1996 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.\" $Id: dnssigner.1,v 8.2 1997/03/14 02:29:42 vixie Exp $
-.\"
-.Dd October 25, 1996
-.Dt DNSSIGNER @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm dnssigner
-.Nd add signatures to DNS zone files
-.Sh SYNOPSIS
-.Nm dnssigner
-.Op Cm signer-name Ar default_signer
-.Op Cm boot-file Ar file
-.Op Cm debug-file Ar file
-.Op Cm out-dir Ar directory
-.Op Cm seq-no Ar number
-.Oo
-.Cm expiration-time
-.Oo Po Cm +
-.Ns \&|
-.Ns Cm =
-.Pc Oc
-.Ns Ar time
-.Oc
-.Op Cm hide
-.Op Cm noaxfr
-.Op Cm nosign
-.Op Cm verify
-.Op Cm update-zonekey
-.Op Fl d Ns Ar level
-.Sh DESCRIPTION
-.Ic Dnssigner
-(Sign DNS zone database) is a tool to generate signatures
-for DNS (Domain Name System) resource records. It also generates
-NXT records for each zone.
-.Pp
-.Bl -tag -width Fl
-.It Cm signer-name Ar default_signer
-Specifies a name of the key to use if no signer is defined using the
-.Em Li $SIGNER
-directive in the boot files.
-.It Cm boot-file Ar file
-Specifies the control file for
-.Ic dnssigner ,
-which is in the same format as the BIND-4
-.Pa named.boot
-file.
-.It Cm debug-file Ar file
-Redirect debug output to the specified
-.Ar file ;
-default is
-.Pa signer_out
-in the current directory.
-.It Cm out-dir Ar directory
-Write signed files to thie specified
-.Ar directory ;
-default is to use
-.Pa /tmp .
-.Pp
-.Sy NOTE :
-Specify the full path to this directory; relative paths may not work.
-.It Xo Cm expiration-time
-.Oo Po Cm +
-.Ns \&|
-.Ns Cm =
-.Pc Oc
-.Ns Ar time
-.Xc
-Time when the signature records are to
-expire. Using either
-.Dq Cm =
-or
-.Em no
-sign before the
-.Ar time
-argument
-.Po i.e.,
-.Do Op Cm =
-.Ns Ar time
-.Dc
-.Pc ,
-the
-.Ar time
-is interpreted as an absolute time in seconds when the records will expire.
-.Po Sy NOTE :
- All such times are interpreted as Universal Times.
-.Pc
-With
-.Dq Cm +
-specified
-.Pq i.e., Dq Cm + Ns Ar time ,
-the
-.Ar time
-time is interpreted as an offset into the future.
-.Pp
-If not specified on the command line, the default
-.Cm expiration-time
-is 3600*24*30 sec (30 days).
-.It Cm seq-no Ar number
-Force the serial number in the SOA records to the specified value.
-If this parameter is not set, the serial number will be set to a value
-based on the current time.
-.It Cm hide
-This flag will cause NXT records in zones with wildcard
-records to point to
-.Li *.<zone>
-as the next host. The purpose of this
-flag is to hide all information about valid names in a zone.
-.It Cm noaxfr
-Turn of generation of zone transfer signature records,
-which validate the transfer of an entire zone.
-.It Cm nosign
-When this flag is specified, the boot files are read, NXT
-records are generated and zone file is written to the output
-directory. No SIG records are generated. This flag is useful for
-quickly checking the format of the data in the boot files, and to
-have boot files sorted into DNSSEC order.
-.It Cm verify
-When this flag is present,
-.Ic dnssigner
-will verify all
-signed records and print out a confirmation message for each SIG
-verified. The main use of this flag is to see how long it takes to
-generate each signature.
-.It Cm update-zonekey
-If this flag is specified, then the zonekeys used
-to sign files will be updated with new records. Specify this flag if
-one or more of the keys have been updated. If there are no zonekeys
-specified in the boot files, this flag will insert them. Omitting
-zonekeys will cause primary nameservers to reject the zone.
-.It Fl d Ns Ar level
-Debug level to use for running
-.Ic dnssigner ;
-these levels are the same as those used by
-.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@
-.El
-.Ss DETAILS
-.Ic Dnssigner
-reads BIND-4
-.Pa named.boot
-and zone files, adds SIG and NXT
-records and writes out the records (to one file per zone, regardless of
-how many include files the original zone was in). The files generated by
-.Ic dnssigner
-are ordinary textual zone files and are then normally
-loaded by
-.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@
-to serve the zone.
-.Ic Dnssigner
-\fBrequires that the PRIVATE key(s) reside in the input directory\fP.
-.Pp
-Making manual changes to the output files is hazardous, because most
-changes will invalidate one or more signatures contained therein. This
-will cause the zone to fail to load into
-.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ ,
-or will cause subsequent
-failures in retrieving records from the zone. It is far better to make
-changes in
-.Ic dnssigner's
-input files, and rerun
-.Ic dnssigner .
-.Pp
-When
-.Ic dnssigner
-detects a delegation point, it creates a special file
-.Pa <zone_name>.PARENT
-which contains the RR's the parent zone signs for the
-child zone (NS, KEY, NXT). The intent is that the child will include this
-file when loading primary nameservers. Similarly, each zone file ends
-with the
-.Dq Li #include <zone_name>.PARENT
-command. The records
-in the
-.Pa .PARENT
-files are omitted from the SIG(AXFR) calculations as these
-records usualy are on a different signing cycle.
-.Pp
-The
-.Em Li Dq $SIGNER Op Ar keyname
-directive can be used to change signers in a
-zone. If
-.Ar keyname
-is omitted, signing is turned off. Keys are loaded the
-first time the keys are accessed. Only records that are signed by the
-zone signer (the key that signs the SOA) are included in the SIG(AXFR)
-calculation. It is not generally recommended that multiple keys sign
-records in the same zone, unless this is useful for dynamic updates.
-.Sh ENVIRONMENT
-No environmental variables are used.
-.Sh SEE ALSO
-.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ ,
-RSAREF documentation,
-Internet-Draft
-.Em draft-ietf-dnssec-secext-10.txt
-on Secure DNS, or its successor.
-.Sh AUTHOR
-Olafur Gudmundsson (ogud@tis.com)
-.Sh ACKNOWLEDGMENTS
-The underlying crypto math is done by the RSAREF or BSAFE libraries.
diff --git a/contrib/bind/doc/man/getaddrinfo.3 b/contrib/bind/doc/man/getaddrinfo.3
deleted file mode 100644
index a906c5d1738c5..0000000000000
--- a/contrib/bind/doc/man/getaddrinfo.3
+++ /dev/null
@@ -1,361 +0,0 @@
-.\" Copyright (c) 1983, 1987, 1991, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95
-.\" $Id: getaddrinfo.3,v 8.1 1999/01/11 21:30:51 vixie Exp $
-.\"
-.Dd May 25, 1995
-.Dt GETADDRINFO @LIB_NETWORK_EXT@
-.Os KAME
-.Sh NAME
-.Nm getaddrinfo
-.Nm freeaddrinfo ,
-.Nm gai_strerror
-.Nd nodename-to-address translation in protocol-independent manner
-.Sh SYNOPSIS
-.Fd #include <sys/socket.h>
-.Fd #include <netdb.h>
-.Ft int
-.Fn getaddrinfo "const char *nodename" "const char *servname" \
-"const struct addrinfo *hints" "struct addrinfo **res"
-.Ft void
-.Fn freeaddrinfo "struct addrinfo *ai"
-.Ft "char *"
-.Fn gai_strerror "int ecode"
-.Sh DESCRIPTION
-The
-.Fn getaddrinfo
-function is defined for protocol-independent nodename-to-address translation.
-It performs functionality of
-.Xr gethostbyname @LIB_NETWORK_EXT@
-and
-.Xr getservbyname @LIB_NETWORK_EXT@ ,
-in more sophisticated manner.
-.Pp
-The addrinfo structure is defined as a result of including the
-.Li <netdb.h>
-header:
-.Bd -literal -offset
-struct addrinfo { *
- int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */
- int ai_family; /* PF_xxx */
- int ai_socktype; /* SOCK_xxx */
- int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
- size_t ai_addrlen; /* length of ai_addr */
- char *ai_canonname; /* canonical name for nodename */
- struct sockaddr *ai_addr; /* binary address */
- struct addrinfo *ai_next; /* next structure in linked list */
-};
-.Ed
-.Pp
-The
-.Fa nodename
-and
-.Fa servname
-arguments are pointers to null-terminated strings or
-.Dv NULL .
-One or both of these two arguments must be a
-.Pf non Dv -NULL
-pointer.
-In the normal client scenario, both the
-.Fa nodename
-and
-.Fa servname
-are specified.
-In the normal server scenario, only the
-.Fa servname
-is specified.
-A
-.Pf non Dv -NULL
-.Fa nodename
-string can be either a node name or a numeric host address string
-.Po
-i.e., a dotted-decimal IPv4 address or an IPv6 hex address
-.Pc .
-A
-.Pf non Dv -NULL
-.Fa servname
-string can be either a service name or a decimal port number.
-.Pp
-The caller can optionally pass an
-.Li addrinfo
-structure, pointed to by the third argument,
-to provide hints concerning the type of socket that the caller supports.
-In this
-.Fa hints
-structure all members other than
-.Fa ai_flags ,
-.Fa ai_family ,
-.Fa ai_socktype ,
-and
-.Fa ai_protocol
-must be zero or a
-.Dv NULL
-pointer.
-A value of
-.Dv PF_UNSPEC
-for
-.Fa ai_family
-means the caller will accept any protocol family.
-A value of 0 for
-.Fa ai_socktype
-means the caller will accept any socket type.
-A value of 0 for
-.Fa ai_protocol
-means the caller will accept any protocol.
-For example, if the caller handles only TCP and not UDP, then the
-.Fa ai_socktype
-member of the hints structure should be set to
-.Dv SOCK_STREAM
-when
-.Fn getaddrinfo
-is called.
-If the caller handles only IPv4 and not IPv6, then the
-.Fa ai_family
-member of the
-.Fa hints
-structure should be set to
-.Dv PF_INET
-when
-.Fn getaddrinfo
-is called.
-If the third argument to
-.Fn getaddrinfo
-is a
-.Dv NULL
-pointer, this is the same as if the caller had filled in an
-.Li addrinfo
-structure initialized to zero with
-.Fa ai_family
-set to PF_UNSPEC.
-.Pp
-Upon successful return a pointer to a linked list of one or more
-.Li addrinfo
-structures is returned through the final argument.
-The caller can process each
-.Li addrinfo
-structure in this list by following the
-.Fa ai_next
-pointer, until a
-.Dv NULL
-pointer is encountered.
-In each returned
-.Li addrinfo
-structure the three members
-.Fa ai_family ,
-.Fa ai_socktype ,
-and
-.Fa ai_protocol
-are the corresponding arguments for a call to the
-.Fn socket
-function.
-In each
-.Li addrinfo
-structure the
-.Fa ai_addr
-member points to a filled-in socket address structure whose length is
-specified by the
-.Fa ai_addrlen
-member.
-.Pp
-If the
-.Dv AI_PASSIVE
-bit is set in the
-.Fa ai_flags
-member of the
-.Fa hints
-structure, then the caller plans to use the returned socket address
-structure in a call to
-.Fn bind .
-In this case, if the
-.Fa nodename
-argument is a
-.Dv NULL
-pointer, then the IP address portion of the socket
-address structure will be set to
-.Dv INADDR_ANY
-for an IPv4 address or
-.Dv IN6ADDR_ANY_INIT
-for an IPv6 address.
-.Pp
-If the
-.Dv AI_PASSIVE
-bit is not set in the
-.Fa ai_flags
-member of the
-.Fa hints
-structure, then the returned socket address structure will be ready for a
-call to
-.Fn connect
-.Pq for a connection-oriented protocol
-or either
-.Fn connect ,
-.Fn sendto , or
-.Fn sendmsg
-.Pq for a connectionless protocol .
-In this case, if the
-.Fa nodename
-argument is a
-.Dv NULL
-pointer, then the IP address portion of the
-socket address structure will be set to the loopback address.
-.Pp
-If the
-.Dv AI_CANONNAME
-bit is set in the
-.Fa ai_flags
-member of the
-.Fa hints
-structure, then upon successful return the
-.Fa ai_canonname
-member of the first
-.Li addrinfo
-structure in the linked list will point to a null-terminated string
-containing the canonical name of the specified
-.Fa nodename .
-.Pp
-If the
-.Dv AI_NUMERICHOST
-bit is set in the
-.Fa ai_flags
-member of the
-.Fa hints
-structure, then a
-.Pf non Dv -NULL
-.Fa nodename
-string must be a numeric host address string.
-Otherwise an error of
-.Dv EAI_NONAME
-is returned.
-This flag prevents any type of name resolution service (e.g., the DNS)
-from being called.
-.Pp
-All of the information returned by
-.Fn getaddrinfo
-is dynamically allocated:
-the
-.Li addrinfo
-structures, and the socket address structures and canonical node name
-strings pointed to by the addrinfo structures.
-To return this information to the system the function
-Fn freeaddrinfo
-is called.
-The
-.Fa addrinfo
-structure pointed to by the
-.Fa ai argument
-is freed, along with any dynamic storage pointed to by the structure.
-This operation is repeated until a
-.Dv NULL
-.Fa ai_next
-pointer is encountered.
-.Pp
-To aid applications in printing error messages based on the
-.Dv EAI_xxx
-codes returned by
-.Fn getaddrinfo ,
-.Fn gai_strerror
-is defined.
-The argument is one of the
-.Dv EAI_xxx
-values defined earlier and the return value points to a string describing
-the error.
-If the argument is not one of the
-.Dv EAI_xxx
-values, the function still returns a pointer to a string whose contents
-indicate an unknown error.
-.Sh FILES
-.Bl -tag -width /etc/resolv.conf -compact
-.It Pa /etc/hosts
-.It Pa /etc/host.conf
-.It Pa /etc/resolv.conf
-.El
-.Sh DIAGNOSTICS
-Error return status from
-.Fn getaddrinfo
-is zero on success and non-zero on errors.
-Non-zero error codes are defined in
-.Li <netdb.h> ,
-and as follows:
-.Pp
-.Bl -tag -width EAI_ADDRFAMILY -compact
-.It Dv EAI_ADDRFAMILY
-address family for nodename not supported
-.It Dv EAI_AGAIN
-temporary failure in name resolution
-.It Dv EAI_BADFLAGS
-invalid value for ai_flags
-.It Dv EAI_FAIL
-non-recoverable failure in name resolution
-.It Dv EAI_FAMILY
-ai_family not supported
-.It Dv EAI_MEMORY
-memory allocation failure
-.It Dv EAI_NODATA
-no address associated with nodename
-.It Dv EAI_NONAME
-nodename nor servname provided, or not known
-.It Dv EAI_SERVICE
-servname not supported for ai_socktype
-.It Dv EAI_SOCKTYPE
-ai_socktype not supported
-.It Dv EAI_SYSTEM
-system error returned in errno
-.El
-.Pp
-If called with proper argument,
-.Fn gai_strerror
-returns a pointer to a string describing the given error code.
-If the argument is not one of the
-.Dv EAI_xxx
-values, the function still returns a pointer to a string whose contents
-indicate an unknown error.
-.Sh SEE ALSO
-.Xr getnameinfo @LIB_NETWORK_EXT@ ,
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr getservbyname @LIB_NETWORK_EXT@ ,
-.Xr hosts @FORMAT_EXT@ ,
-.Xr services @FORMAT_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr named @SYS_OPS_EXT@
-.Pp
-R. Gilligan, S. Thomson, J. Bound, and W. Stevens,
-``Basic Socket Interface Extensions for IPv6,'' RFC2133, April 1997.
-.Sh HISTORY
-The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit.
-.Sh STANDARDS
-The
-.Fn getaddrinfo
-function is defined IEEE POSIX 1003.1g draft specification,
-and documented in ``Basic Socket Interface Extensions for IPv6''
-.Pq RFC2133 .
-.Sh BUGS
-The text was shamelessly copied from RFC2133.
diff --git a/contrib/bind/doc/man/gethostbyname.3 b/contrib/bind/doc/man/gethostbyname.3
deleted file mode 100644
index 0498bd8b59553..0000000000000
--- a/contrib/bind/doc/man/gethostbyname.3
+++ /dev/null
@@ -1,246 +0,0 @@
-.\" Copyright (c) 1983, 1987 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted provided
-.\" that: (1) source distributions retain this entire copyright notice and
-.\" comment, and (2) distributions including binaries display the following
-.\" acknowledgement: ``This product includes software developed by the
-.\" University of California, Berkeley and its contributors'' in the
-.\" documentation or other materials provided with the distribution and in
-.\" all advertising materials mentioning features or use of this software.
-.\" Neither the name of the University nor the names of its contributors may
-.\" be used to endorse or promote products derived from this software without
-.\" specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)gethostbyname.3 6.12 (Berkeley) 6/23/90
-.\"
-.Dd June 23, 1990
-.Dt GETHOSTBYNAME @LIB_NETWORK_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm gethostbyname ,
-.Nm gethostbyaddr ,
-.Nm gethostent ,
-.Nm sethostent ,
-.Nm endhostent ,
-.Nm herror
-.Nd get network host entry
-.Sh SYNOPSIS
-.Fd #include <netdb.h>
-.Ft extern int
-.Fa h_errno;
-.Pp
-.Ft struct hostent *
-.Fn gethostbyname "char *name";
-.Ft struct hostent *
-.Fn gethostbyname2 "char *name" "int af";
-.Ft struct hostent *
-.Fn gethostbyaddr "char *addr" "int len, type";
-.Ft struct hostent *
-.Fn gethostent
-.Fn sethostent "int stayopen";
-.Fn endhostent
-.Fn herror "char *string";
-.Sh DESCRIPTION
-.Fn Gethostbyname ,
-.Fn gethostbyname2 ,
-and
-.Fn gethostbyaddr
-each return a pointer to a
-.Ft hostent
-structure (see below) describing an internet host
-referenced by name or by address, as the function names indicate.
-This structure contains either the information obtained from the name server,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-or broken-out fields from a line in
-.Pa /etc/hosts .
-If the local name server is not running, these routines do a lookup in
-.Pa /etc/hosts .
-.Bd -literal -offset indent
-struct hostent {
- char *h_name; /* official name of host */
- char **h_aliases; /* alias list */
- int h_addrtype; /* host address type */
- int h_length; /* length of address */
- char **h_addr_list; /* list of addresses from name server */
-};
-
-#define h_addr h_addr_list[0] /* address, for backward compatibility */
-.Ed
-.Pp
-The members of this structure are:
-.Bl -tag -width "h_addr_list"
-.It h_name
-Official name of the host.
-.It h_aliases
-A zero-terminated array of alternate names for the host.
-.It h_addrtype
-The type of address being returned; usually
-.Dv AF_INET .
-.It h_length
-The length, in bytes, of the address.
-.It h_addr_list
-A zero-terminated array of network addresses for the host.
-Host addresses are returned in network byte order.
-.It h_addr
-The first address in
-.Li h_addr_list ;
-this is for backward compatibility.
-.El
-.Pp
-When using the nameserver,
-.Fn gethostbyname
-will search for the named host in each parent domain given in the
-.Dq Li search
-directive of
-.Xr resolv.conf @FORMAT_EXT@
-unless the name contains a dot
-.Pq Dq \&. .
-If the name contains no dot, and if the environment variable
-.Ev HOSTALIASES
-contains the name of an alias file, the alias file will first be searched
-for an alias matching the input name.
-See
-.Xr hostname @DESC_EXT@
-for the domain search procedure and the alias file format.
-.Pp
-.Fn Gethostbyname2
-is an evolution of
-.Fn gethostbyname
-intended to allow lookups in address families other than
-.Dv AF_INET ,
-for example,
-.Dv AF_INET6 .
-Currently, the
-.Fa af
-argument must be specified as
-.Dv AF_INET
-else the function will return
-.Dv NULL
-after having set
-.Ft h_errno
-to
-.Dv NETDB_INTERNAL .
-.Pp
-.Fn Sethostent
-may be used to request the use of a connected TCP socket for queries.
-If the
-.Fa stayopen
-flag is non-zero,
-this sets the option to send all queries to the name server using TCP
-and to retain the connection after each call to
-.Fn gethostbyname
-or
-.Fn gethostbyaddr .
-Otherwise, queries are performed using UDP datagrams.
-.Pp
-.Fn Endhostent
-closes the TCP connection.
-.Sh ENVIRONMENT
-.Bl -tag -width "HOSTALIASES " -compress
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh FILES
-.Bl -tag -width "HOSTALIASES " -compress
-.It Pa /etc/hosts
-See
-.Xr hosts @FORMAT_EXT@ .
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh DIAGNOSTICS
-.Pp
-Error return status from
-.Fn gethostbyname
-and
-.Fn gethostbyaddr
-is indicated by return of a null pointer.
-The external integer
-.Ft h_errno
-may then be checked to see whether this is a temporary failure
-or an invalid or unknown host.
-The routine
-.Fn herror
-can be used to print an error message describing the failure.
-If its argument
-.Fa string
-is non-NULL, it is printed, followed by a colon and a space.
-The error message is printed with a trailing newline.
-.Pp
-.Ft h_errno
-can have the following values:
-.Bl -tag -width "HOST_NOT_FOUND " -offset indent
-.It Dv NETDB_INTERNAL
-This indicates an internal error in the library, unrelated to the network
-or name service.
-.Ft errno
-will be valid in this case; see
-.Xr perror @SYSCALL_EXT@ .
-.It Dv HOST_NOT_FOUND
-No such host is known.
-.It Dv TRY_AGAIN
-This is usually a temporary error
-and means that the local server did not receive
-a response from an authoritative server.
-A retry at some later time may succeed.
-.It Dv NO_RECOVERY
-Some unexpected server failure was encountered.
-This is a non-recoverable error, as one might expect.
-.It Dv NO_DATA
-The requested name is valid but does not have an IP address;
-this is not a temporary error.
-This means that the name is known to the name server but there is no address
-associated with this name.
-Another type of request to the name server using this domain name
-will result in an answer;
-for example, a mail-forwarder may be registered for this domain.
-.El
-.Sh SEE ALSO
-.Xr hosts @FORMAT_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ .
-.Sh CAVEAT
-.Pp
-.Fn Gethostent
-is defined, and
-.Fn sethostent
-and
-.Fn endhostent
-are redefined,
-when
-.Pa libc
-is built to use only the routines to lookup in
-.Pa /etc/hosts
-and not the name server:
-.Bd -filled -offset indent
-.Pp
-.Fn Gethostent
-reads the next line of
-.Pa /etc/hosts ,
-opening the file if necessary.
-.Pp
-.Fn Sethostent
-is redefined to open and rewind the file. If the
-.Fa stayopen
-argument is non-zero,
-the hosts data base will not be closed after each call to
-.Fn gethostbyname
-or
-.Fn gethostbyaddr .
-.Pp
-.Fn Endhostent
-is redefined to close the file.
-.Ed
-.Sh BUGS
-All information is contained in a static area so it must be copied if it is
-to be saved. Only the Internet address format is currently understood.
diff --git a/contrib/bind/doc/man/getipnodebyname.3 b/contrib/bind/doc/man/getipnodebyname.3
deleted file mode 100644
index 3396c3a2bcf5a..0000000000000
--- a/contrib/bind/doc/man/getipnodebyname.3
+++ /dev/null
@@ -1,231 +0,0 @@
-.\" Copyright (c) 1996,1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.\" Copyright (c) 1983, 1987 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted provided
-.\" that: (1) source distributions retain this entire copyright notice and
-.\" comment, and (2) distributions including binaries display the following
-.\" acknowledgement: ``This product includes software developed by the
-.\" University of California, Berkeley and its contributors'' in the
-.\" documentation or other materials provided with the distribution and in
-.\" all advertising materials mentioning features or use of this software.
-.\" Neither the name of the University nor the names of its contributors may
-.\" be used to endorse or promote products derived from this software without
-.\" specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.Dd September 17, 1999
-.Dt GETIPNODEBYNAME @LIB_NETWORK_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm getipnodebyname ,
-.Nm getipnodebyaddr
-.Nd get network host entry
-.br
-.Nm freehostent
-.Nd free network host entry
-.Sh SYNOPSIS
-.Fd #include <netdb.h>
-.Pp
-.Ft struct hostent *
-.Fn getipnodebyname "const char *name" "int af" "int flags" "int *error";
-.Ft struct hostent *
-.Fn getipnodebyaddr "const void *addr" "size_t len" "int af" "int *error";
-.Ft void
-.Fn freehostent "struct hostent *he";
-.Sh DESCRIPTION
-.Fn Getipnodebyname ,
-and
-.Fn getipnodebyaddr
-each return a pointer to a
-.Ft hostent
-structure (see below) describing an internet host
-referenced by name or by address, as the function names indicate.
-This structure contains either the information obtained from the name server,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-or broken-out fields from a line in
-.Pa /etc/hosts .
-If the local name server is not running, these routines do a lookup in
-.Pa /etc/hosts .
-.Bd -literal -offset indent
-struct hostent {
- char *h_name; /* official name of host */
- char **h_aliases; /* alias list */
- int h_addrtype; /* host address type */
- int h_length; /* length of address */
- char **h_addr_list; /* list of addresses from name server */
-};
-
-#define h_addr h_addr_list[0] /* address, for backward compatibility */
-.Ed
-.Pp
-The members of this structure are:
-.Bl -tag -width "h_addr_list"
-.It h_name
-Official name of the host.
-.It h_aliases
-A zero-terminated array of alternate names for the host.
-.It h_addrtype
-The type of address being returned.
-.It h_length
-The length, in bytes, of the address.
-.It h_addr_list
-A zero-terminated array of network addresses for the host.
-Host addresses are returned in network byte order.
-.It h_addr
-The first address in
-.Li h_addr_list ;
-this is for backward compatibility.
-.El
-.Pp
-This structure should be freed after use by calling
-.Fn freehostent .
-.Pp
-When using the nameserver,
-.Fn getiphostbyaddr
-will search for the named host in each parent domain given in the
-.Dq Li search
-directive of
-.Xr resolv.conf @FORMAT_EXT@
-unless the name contains a dot
-.Pq Dq \&. .
-If the name contains no dot, and if the environment variable
-.Ev HOSTALIASES
-contains the name of an alias file, the alias file will first be searched
-for an alias matching the input name.
-See
-.Xr hostname @DESC_EXT@
-for the domain search procedure and the alias file format.
-.Pp
-.Fn Getiphostbyaddr
-can be told to look for IPv4 addresses, IPv6 addresses or both IPv4 and IPv6.
-If IPv4 addresses only are to be looked up then
-.Fa af
-should be set to
-.Dv AF_INET ,
-otherwise it should be set to
-.Dv AF_INET6 .
-.Pp
-There are three flags that can be set
-.Bl -tag -width "AI_ADDRCONFIG"
-.It Dv AI_V4MAPPED
-Return IPv4 addresses if no IPv6 addresses are found.
-This flag is ignored unless
-.Fa af
-is
-.Dv AF_INET6 .
-.It Dv AI_ALL
-Return IPv4 addresses as well IPv6 addresses if
-.Dv AI_V4MAPPED
-is set.
-This flag is ignored unless
-.Fa af
-is
-.Dv AF_INET6 .
-.It Dv AI_ADDRCONFIG
-Only return addresses of a given type if the system has an active interface
-with that type.
-.El
-.Pp
-Also
-.Dv AI_DEFAULT
-is defined to be
-.Dv (AI_V4MAPPED|AI_ADDRCONFIG) .
-.Pp
-.Fn Getipnodebyaddr
-will lookup IPv4 mapped and compatible addresses in the IPv4 name
-space and IPv6 name space
-.Pp
-.Fn Freehostent
-frees the hostent structure allocated be
-.Fn getipnodebyname
-and
-.Fn getipnodebyaddr .
-The structures returned by
-.Fn gethostbyname ,
-.Fn gethostbyname2 ,
-.Fn gethostbyaddr
-and
-.Fn gethostent
-should not be passed to
-.Fn freehostent
-as they are pointers to static areas.
-.Sh ENVIRONMENT
-.Bl -tag -width "HOSTALIASES " -compress
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh FILES
-.Bl -tag -width "HOSTALIASES " -compress
-.It Pa /etc/hosts
-See
-.Xr hosts @FORMAT_EXT@ .
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh DIAGNOSTICS
-.Pp
-Error return status from
-.Fn getipnodebyname
-and
-.Fn getipnodebyaddr
-is indicated by return of a null pointer.
-In this case
-.Ft error
-may then be checked to see whether this is a temporary failure
-or an invalid or unknown host.
-.Ft errno
-can have the following values:
-.Bl -tag -width "HOST_NOT_FOUND " -offset indent
-.It Dv NETDB_INTERNAL
-This indicates an internal error in the library, unrelated to the network
-or name service.
-.Ft errno
-will be valid in this case; see
-.Xr perror @SYSCALL_EXT@ .
-.It Dv HOST_NOT_FOUND
-No such host is known.
-.It Dv TRY_AGAIN
-This is usually a temporary error
-and means that the local server did not receive
-a response from an authoritative server.
-A retry at some later time may succeed.
-.It Dv NO_RECOVERY
-Some unexpected server failure was encountered.
-This is a non-recoverable error, as one might expect.
-.It Dv NO_ADDRESS
-The requested name is valid but does not have an IP address;
-this is not a temporary error.
-This means that the name is known to the name server but there is no address
-associated with this name.
-Another type of request to the name server using this domain name
-will result in an answer;
-for example, a mail-forwarder may be registered for this domain.
-.El
-.Sh SEE ALSO
-.Xr hosts @FORMAT_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ,
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr RFC2553 .
diff --git a/contrib/bind/doc/man/getnameinfo.3 b/contrib/bind/doc/man/getnameinfo.3
deleted file mode 100644
index 02548c0845bde..0000000000000
--- a/contrib/bind/doc/man/getnameinfo.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" $Id: getnameinfo.3,v 8.1 1999/01/11 21:30:51 vixie Exp $
-.\"
-.\"Copyright (c) 1998,1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.\"
-.Dd January 11, 1999
-.Dt GETRNAMEINFO @LIB_NETWORK_EXT@
-.Sh NAME
-.Nm getnameinfo
-.Nd address-to-name translation in protocol-independent manner
-.Sh SYNOPSIS
-.Fd #include <sys/socket.h>
-.Fd #include <netdb.h>
-.Ft int
-.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" \
-"char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags"
-.Sh DESCRIPTION
-The
-.Fn getnameinfo
-function is defined for protocol-independent address-to-nodename translation.
-It performs functionality of
-.Xr gethostbyaddr @LIB_NETWORK_EXT@
-and
-.Xr getservbyport @LIB_NETWORK_EXT@
-in more sophisticated manner.
-.Pp
-The
-.Fa sa
-arguement is a pointer to a generic socket address structure of size
-.Fa salen .
-The arguements
-.Fa host
-and
-.Fa serv
-are pointers to buffers to hold the return values.
-Their sizes are specified by
-.Fa hostlen
-and
-.Fa servlen
-repectively.
-Either
-.Fa host
-or
-.Fa serv
-may be
-.Dv NULL
-if the hostname or service name is not required.
-.Pp
-The
-.Fa flags
-arguement modifies the behaviour of
-.Fn getnameinfo
-as follows:
-.Pp
-If
-.Dv NI_NOFQDN
-is set only the unqualified hostname is returned for local fully
-qualified names.
-.Pp
-If
-.Dv NI_NUMERICHOST
-is set then the numeric form of the hostname is returned.
-.Pp
-If
-.Dv NI_NAMEREQD
-is set, then a error is returned if the hostname cannot be looked up.
-.Pp
-If
-.Dv NI_NUMERICSERV
-is set then the service is returned in numeric form.
-.Pp
-If
-.Dv NI_DGRAM
-is set then the service is UDP based rather than TCP based.
-.Sh SEE ALSO
-.Xr getaddrinfo @LIB_NETWORK_EXT@ ,
-.Xr gethostbyaddr @LIB_NETWORK_EXT@ ,
-.Xr getservbyport @LIB_NETWORK_EXT@ ,
-.Xr hosts @FORMAT_EXT@ ,
-.Xr services @FORMAT_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr named @SYS_OPS_EXT@
-.Pp
-R. Gilligan, S. Thomson, J. Bound, and W. Stevens,
-``Basic Socket Interface Extensions for IPv6,'' RFC2133, April 1997.
-.Sh STANDARDS
-The
-.Fn getaddrinfo
-function is defined IEEE POSIX 1003.1g draft specification,
-and documented in ``Basic Socket Interface Extensions for IPv6''
-.Pq RFC2133 .
diff --git a/contrib/bind/doc/man/getnetent.3 b/contrib/bind/doc/man/getnetent.3
deleted file mode 100644
index 4f600e0007c68..0000000000000
--- a/contrib/bind/doc/man/getnetent.3
+++ /dev/null
@@ -1,153 +0,0 @@
-.\" $Id: getnetent.3,v 8.4 1999/01/08 18:54:23 vixie Exp $
-.\"
-.\"Copyright (c) 1995,1996,1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.\"
-.Dd May 20, 1996
-.Dt GETNETENT @LIB_NETWORK_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm getnetent ,
-.Nm getnetbyaddr ,
-.Nm getnetbyname ,
-.Nm setnetent ,
-.Nm endnetent
-.Nd get networks entry
-.Sh SYNOPSIS
-.Fd #include <netdb.h>
-.Ft struct netent *
-.Fn getnetent
-.Ft struct netent *
-.Fn getnetbyname "char name";
-.Ft struct netent *
-.Fn getnetbyaddr "unsigned long net" "int type";
-.Ft void
-.Fn setnetent "int stayopen";
-.Ft void
-.Fn endnetent
-.Sh DESCRIPTION
-The
-.Fn getnetent ,
-.Fn getnetbyname ,
-and
-.Fn getnetbyaddr
-subroutines
-each return a pointer to an object with the following structure
-containing the broken-out fields of a line in the
-.Pa networks
-database.
-.Bd -literal -offset indent
-struct netent {
- char *n_name; /* official name of net */
- char **n_aliases; /* alias list */
- int n_addrtype; /* net number type */
- long n_net; /* net number */
-};
-.Ed
-.Pp
-The members of this structure are:
-.Bl -tag -width "n_addrtype"
-.It n_name
-The official name of the network.
-.It n_aliases
-A zero-terminated list of alternate names for the network.
-.It n_addrtype
-The type of the network number returned:
-.Dv AF_INET .
-.It n_net
-The network number. Network numbers are returned in machine byte
-order.
-.El
-.Pp
-If the
-.Fa stayopen
-flag on a
-.Fn setnetent
-subroutine is NULL, the
-.Pa networks
-database is opened. Otherwise, the
-.Fn setnetent
-has the effect of rewinding the
-.Pa networks
-database.
-The
-.Fn endnetent
-subroutine may be called to
-close the
-.Pa networks
-database when processing is complete.
-.Pp
-The
-.Fn getnetent
-subroutine simply reads the next
-line while
-.Fn getnetbyname
-and
-.Fn getnetbyaddr
-search until a matching
-.Fa name
-or
-.Fa net
-number is found
-(or until
-.Dv EOF
-is encountered). The
-.Fa type must be
-.Dv AF_INET .
-The
-.Fn getnetent
-subroutine keeps a pointer in the database, allowing
-successive calls to be used to search the entire file.
-.Pp
-Before a
-.Ic while
-loop using
-.Fn getnetent ,
-a call to
-.Fn setnetent
-must be made
-in order to perform initialization; a call to
-.Fn endnetent
-must be used after the loop. Both
-.Fn getnetbyname
-and
-.Fn getnetbyaddr
-make calls to
-.Fn setnetent
-and
-.Fn endnetent .
-.Sh FILES
-.Pa /etc/networks
-.Sh DIAGNOSTICS
-Null pointer (0) returned on
-.Dv EOF
-or error.
-.Sh SEE ALSO
-.Xr networks @FORMAT_EXT@ ,
-RFC 1101.
-.Sh HISTORY
-The
-.Fn "getnetent" ,
-.Fn "getnetbyaddr" ,
-.Fn "getnetbyname" ,
-.Fn "setnetent" ,
-and
-.Fn "endnetent"
-functions appeared in 4.2BSD.
-.Sh BUGS
-The data space used by these functions is static; if future use requires the
-data, it should be copied before any subsequent calls to these functions
-overwrite it. Only Internet network numbers are currently understood.
-Expecting network numbers to fit in no more than 32 bits is probably naive.
diff --git a/contrib/bind/doc/man/hesiod.3 b/contrib/bind/doc/man/hesiod.3
deleted file mode 100644
index 284b8f4f71788..0000000000000
--- a/contrib/bind/doc/man/hesiod.3
+++ /dev/null
@@ -1,129 +0,0 @@
-.\" $Id: hesiod.3,v 8.1 1999/04/12 02:47:00 vixie Exp $
-.\"
-.\" Copyright 1988, 1996 by the Massachusetts Institute of Technology.
-.\"
-.\" Permission to use, copy, modify, and distribute this
-.\" software and its documentation for any purpose and without
-.\" fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright
-.\" notice and this permission notice appear in supporting
-.\" documentation, and that the name of M.I.T. not be used in
-.\" advertising or publicity pertaining to distribution of the
-.\" software without specific, written prior permission.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is"
-.\" without express or implied warranty.
-.\"
-.TH HESIOD 3 "30 November 1996"
-.SH NAME
-hesiod, hesiod_init, hesiod_resolve, hesiod_free_list, hesiod_to_bind, hesiod_end \- Hesiod name server interface library
-.SH SYNOPSIS
-.nf
-.B #include <hesiod.h>
-.PP
-.B int hesiod_init(void **\fIcontext\fP)
-.B char **hesiod_resolve(void *\fIcontext\fP, const char *\fIname\fP,
-.B const char *\fItype\fP)
-.B void hesiod_free_list(void *\fIcontext\fP, char **\fIlist\fP);
-.B char *hesiod_to_bind(void *\fIcontext\fP, const char *\fIname\fP,
-.B const char *\fItype\fP)
-.B void hesiod_end(void *\fIcontext\fP)
-.fi
-.SH DESCRIPTION
-This family of functions allows you to perform lookups of Hesiod
-information, which is stored as text records in the Domain Name
-Service. To perform lookups, you must first initialize a
-.IR context ,
-an opaque object which stores information used internally by the
-library between calls.
-.I hesiod_init
-initializes a context, storing a pointer to the context in the
-location pointed to by the
-.I context
-argument.
-.I hesiod_end
-frees the resources used by a context.
-.PP
-.I hesiod_resolve
-is the primary interface to the library. If successful, it returns a
-list of one or more strings giving the records matching
-.I name
-and
-.IR type .
-The last element of the list is followed by a NULL pointer. It is the
-caller's responsibility to call
-.I hesiod_free_list
-to free the resources used by the returned list.
-.PP
-.I hesiod_to_bind
-converts
-.I name
-and
-.I type
-into the DNS name used by
-.IR hesiod_resolve .
-It is the caller's responsibility to free the returned string using
-.IR free .
-.SH RETURN VALUES
-If successful,
-.I hesiod_init
-returns 0; otherwise it returns \-1 and sets
-.I errno
-to indicate the error. On failure,
-.I hesiod_resolve
-and
-.I hesiod_to_bind
-return NULL and set the global variable
-.I errno
-to indicate the error.
-.SH ENVIRONMENT
-If the environment variable
-.B HES_DOMAIN
-is set, it will override the domain in the Hesiod configuration file.
-If the environment variable
-.B HESIOD_CONFIG
-is set, it specifies the location of the Hesiod configuration file.
-.SH SEE ALSO
-`Hesiod - Project Athena Technical Plan -- Name Service', named(8),
-hesiod.conf(5)
-.SH ERRORS
-Hesiod calls may fail because of:
-.IP ENOMEM
-Insufficient memory was available to carry out the requested
-operation.
-.IP ENOEXEC
-.I hesiod_init
-failed because the Hesiod configuration file was invalid.
-.IP ECONNREFUSED
-.I hesiod_resolve
-failed because no name server could be contacted to answer the query.
-.IP EMSGSIZE
-.I hesiod_resolve
-failed because the query or response was too big to fit into the
-packet buffers.
-.IP ENOENT
-.I hesiod_resolve
-failed because the name server had no text records matching
-.I name
-and
-.IR type ,
-or
-.I hesiod_to_bind
-failed because the
-.I name
-argument had a domain extension which could not be resolved with type
-``rhs-extension'' in the local Hesiod domain.
-.SH AUTHOR
-Steve Dyer, IBM/Project Athena
-.br
-Greg Hudson, MIT Team Athena
-.br
-Copyright 1987, 1988, 1995, 1996 by the Massachusetts Institute of Technology.
-.SH BUGS
-The strings corresponding to the
-.I errno
-values set by the Hesiod functions are not particularly indicative of
-what went wrong, especially for
-.I ENOEXEC
-and
-.IR ENOENT .
diff --git a/contrib/bind/doc/man/host.1 b/contrib/bind/doc/man/host.1
deleted file mode 100644
index 017d0829845d6..0000000000000
--- a/contrib/bind/doc/man/host.1
+++ /dev/null
@@ -1,316 +0,0 @@
-.\" ++Copyright++ 1993
-.\" -
-.\" Copyright (c) 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\" $Id: host.1,v 8.2 1997/03/14 02:29:44 vixie Exp $
-.Dd December 15, 1994
-.Dt HOST @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm host
-.Nd look up host names using domain server
-.Sh SYNOPSIS
-.Nm host
-.Op Fl l
-.Op Fl v
-.Op Fl w
-.Op Fl r
-.Op Fl d
-.Op Fl t Ar querytype
-.Op Fl a
-.Ar host
-.Op Ar server
-.Sh DESCRIPTION
-.Ic Host
-looks for information about Internet hosts. It gets this information
-from a set of interconnected servers that are spread across the
-country. By default, it simply converts between host names and
-Internet addresses. However, with the
-.Dq Fl t
-or
-.Dq Fl a
-options, it can be used
-to find all of the information about this host that is maintained
-by the domain server.
-.Pp
-The arguments can be either host names or host numbers. The program
-first attempts to interpret them as host numbers. If this fails,
-it will treat them as host names. A host number consists of
-first decimal numbers separated by dots, e.g. 128.6.4.194
-A host name consists of names separated by dots, e.g. topaz.rutgers.edu.
-Unless the name ends in a dot, the local domain
-is automatically tacked on the end. Thus, a Rutgers user can say
-.Pp
-.D1 Ic host topaz
-.Pp
-and it will actually look up "topaz.rutgers.edu".
-If this fails, the name is tried unchanged (in this case, "topaz").
-This same convention is used for mail and other network utilities.
-The actual suffix to tack on the end is obtained
-by looking at the results of a
-.Xr hostname @CMD_EXT@
-call, and using everything
-starting at the first dot. (See below for a description of
-.Sx CUSTOMIZING HOST NAME LOOKUP . )
-.Pp
-The first argument is the host name you want to look up.
-If this is a number, an
-.Dq inverse query
-is done, i.e. the domain
-system looks in a separate set of databases used to convert numbers
-to names.
-.Pp
-The second argument is optional. It
-allows you to specify a particular server to query. If you don't
-specify this argument, the default server (normally the local machine)
-is used.
-.Pp
-If a name is specified, you may see output of three different kinds.
-Here is an example that shows all of them:
-.Pp
-.D1 Ic % host sun4
-.Dl sun4.rutgers.edu is a nickname for ATHOS.RUTGERS.EDU
-.Dl ATHOS.RUTGERS.EDU has address 128.6.5.46
-.Dl ATHOS.RUTGERS.EDU has address 128.6.4.4
-.Dl ATHOS.RUTGERS.EDU mail is handled by ARAMIS.RUTGERS.EDU
-.Pp
-The user has typed the command
-.Dq Ic host sun4 .
-The first line indicates that the name
-.Dq Li sun4.rutgers.edu
-is actually a nickname. The official host name is
-.Dq Li ATHOS.RUTGERS.EDU .
-The next two lines show the
-address. If a system has more than one network interface, there
-will be a separate address for each. The last line indicates
-that
-.Li ATHOS.RUTGERS.EDU
-does not receive its own mail. Mail for
-it is taken by
-.Li ARAMIS.RUTGERS.EDU .
-There may be more than one
-such line, since some systems have more than one other system
-that will handle mail for them. Technically, every system that
-can receive mail is supposed to have an entry of this kind. If
-the system receives its own mail, there should be an entry
-the mentions the system itself; for example,
-.Pp
-.D1 Li XXX mail is handled by XXX
-.Pp
-However, many systems that receive
-their own mail do not bother to mention that fact. If a system
-has a
-.Dq Li mail is handled by
-entry, but no address, this indicates
-that it is not really part of the Internet, but a system that is
-on the network will forward mail to it. Systems on Usenet, Bitnet,
-and a number of other networks have entries of this kind.
-.Sh OPTIONS
-There are a number of options that can be used before the
-host name. Most of these options are meaningful only to the
-staff who have to maintain the domain database.
-.Bl -tag -width Fl
-.It Fl w
-This causes
-.Ic host
-to wait forever for a response. Normally
-it will time out after approximate one minute.
-.It Fl v
-Use "verbose" format for printout. This
-is the official domain master file format, which is documented
-in the man page for
-.Xr @INDOT@named @SYS_OPS_EXT@ .
-Without this option, output still follows
-this format in general terms, but some attempt is made to make it
-more intelligible to normal users. Without
-.Dq Fl v ,
-any "a", "mx", and "cname" records
-are written out as "has address", "mail is handled by", and
-"is a nickname for" (respectively), and TTL and class fields are not shown.
-.It Fl r
-Turn off recursion in the request.
-This means that the name server will return only data it has in
-its own database. It will not ask other servers for more
-information.
-.It Fl d
-Turn on debugging. Network transactions are shown in detail.
-.It Fl t Ar querytype
-Allows you to specify a particular
-.Ar querytype
-of information
-to be looked up. The arguments are defined in the man page for
-.Xr @INDOT@named @SYS_OPS_EXT@ .
-Currently-supported types include:
-.Dq Cm a ,
-.Dq Cm ns ,
-.Dq Cm md ,
-.Dq Cm mf ,
-.Dq Cm cname ,
-.Dq Cm soa ,
-.Dq Cm mb ,
-.Dq Cm mg ,
-.Dq Cm mr ,
-.Dq Cm null ,
-.Dq Cm wks ,
-.Dq Cm ptr ,
-.Dq Cm hinfo ,
-.Dq Cm minfo ,
-.Dq Cm mx ,
-.Dq Cm uinfo ,
-.Dq Cm uid ,
-.Dq Cm gid ,
-.Dq Cm unspec .
-Additionally, the wildcard, which may be written
-as either
-.Dq Cm any
-or
-.Dq Cm * ,
-can be used to specify any (all) of the above types.
-Types must be given in lower case.
-Note that the default is to look first for
-.Dq Cm a ,
-and then
-.Dq Cm mx ,
-except that if the verbose option is turned on, the default is only
-.Dq Cm a .
-The
-.Dq Fl t
-option is particularly useful for filtering information returned by
-.Ic host ;
-see the explanation of the
-.Dq Fl l
-option, below, for more information.
-.It Fl a
-.Dq all ;
-this is equivalent to
-.Dq Fl v Fl t Cm any .
-.It Fl l
-List a complete domain; e.g.:
-.Pp
-.D1 Ic host -l rutgers.edu
-.Pp
-will give a listing of all hosts in the rutgers.edu domain. The
-.Dq Fl t
-option is used to filter what information is presented, as you
-would expect. The default is address information, which also
-include PTR and NS records. The command
-.Pp
-.D1 Ic host -l -v -t any rutgers.edu
-.Pp
-will give a complete download of the zone data for rutgers.edu,
-in the official master file format. (However the SOA record is
-listed twice, for arcane reasons.)
-.Pp
-.Sy NOTE:
-.Dq Fl l
-is implemented by
-doing a complete zone transfer and then filtering out the information
-the you have asked for. This command should be used only if it
-is absolutely necessary.
-.Sh CUSTOMIZING HOST NAME LOOKUP
-In general, if the name supplied by the user does not
-have any dots in it, a default domain is appended to the end.
-This domain can be defined in
-.Pa /etc/resolv.conf ,
-but is normally derived
-by taking the local hostname after its first dot. The user can override
-this, and specify a different default domain, using the environment
-variable
-.Ev LOCALDOMAIN .
-In addition, the user can supply his own abbreviations for host names.
-They should be in a file consisting of one line per abbreviation.
-Each line contains an abbreviation, a space, and then the full
-host name. The name file must be contained in the
-.Ev HOSTALIASES
-environment variable.
-.Sh ENVIRONMENT
-.Bl -tag -width "/etc/resolv.conf " -compress
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh FILES
-.Bl -tag -width "/etc/resolv.conf " -compress
-.It Pa /etc/resolv.conf
-See
-.Xr resolver @FORMAT_EXT@ .
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh SEE ALSO
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @FORMAT_EXT@ .
-.Sh BUGS
-Unexpected effects can happen when you type a name that is not
-part of the local domain. Please always keep in mind the
-fact that the local domain name is tacked onto the end of every
-name, unless it ends in a dot. Only if this fails is the name
-used unchanged.
-.Pp
-The
-.Dq Fl l
-option only tries the first name server listed for the
-domain that you have requested. If this server is dead, you
-may need to specify a server manually. E.g., to get a listing
-of foo.edu, you could try
-.Pp
-.D1 Ic host -t ns foo.edu
-.Pp
-to get a list of all the name servers for foo.edu, and then try
-.Pp
-.D1 Ic host -l foo.edu xxx
-.Pp
-for all
-.Dq Ic xxx
-on the list of name servers, until you find one that works.
diff --git a/contrib/bind/doc/man/hostname.7 b/contrib/bind/doc/man/hostname.7
deleted file mode 100644
index 6a92d642d4e22..0000000000000
--- a/contrib/bind/doc/man/hostname.7
+++ /dev/null
@@ -1,171 +0,0 @@
-.\" Copyright (c) 1987 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)hostname.7 6.4 (Berkeley) 1/16/90
-.\"
-.Dd February 16, 1994
-.Dt HOSTNAME @DESC_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm hostname
-.Nd host name resolution description
-.Sh DESCRIPTION
-Hostnames are domains. A domain is a hierarchical, dot-separated list
-of subdomains. For example, the machine
-.Dq Li monet ,
-in the
-.Dq Li Berkeley
-subdomain of the
-.Dq Li EDU
-subdomain of the Internet Domain Name System would be represented as
-.Pp
-.Dl monet.Berkeley.EDU
-.Pp
-(with no trailing dot).
-.Pp
-Hostnames are often used with network client and server programs,
-which must generally translate the name to an address for use.
-(This task is usually performed by the library routine
-.Xr gethostbyname @LIB_NETWORK_EXT@ . )
-The default method for resolving hostnames by the Internet name resolver is
-to follow RFC 1535's security recommendations. Actions can be taken
-by the administrator to override these recommendations and to have the
-resolver behave the same as earlier, non-RFC 1535
-resolvers.
-.Pp
-The default method (using RFC 1535 guidelines) follows:
-.Pp
-If the name consists of a single component, i.e. contains no dot, and if the
-environment variable
-.Dq Ev HOSTALIASES
-is set to the name of a file,
-that file is searched for a string matching the input hostname. The file
-should consist of lines made up of two strings separated by white-space, the
-first of which is the hostname alias, and the second of which is the complete
-hostname to be substituted for that alias. If a case-insensitive match is
-found between the hostname to be resolved and the first field of a line in
-the file, the substituted name is looked up with no further processing.
-.Pp
-If there is at least one dot in the name, then the name is first tried
-.Dq as-is .
-The number of dots to cause this action is configurable by setting the
-threshold using the
-.Dq Li ndots
-option in
-.Pa /etc/resolv.conf
-(default: 1). If the name ends with a dot, the trailing dot is
-removed, and the remaining name is looked up (regardless of the setting of
-the
-.Li ndots
-option), without further processing.
-.Pp
-If the input name does not end with a trailing dot, it is looked up by
-searching through a list of domains until a match is found. If neither the
-search option in the
-.Pa /etc/resolv.conf
-file or the
-.Dq Ev LOCALDOMAIN
-environment variable is used, then the
-search list of domains contains only the full domain specified by the
-.Li domain
-option (in
-.Pa /etc/resolv.conf )
-or the domain used in the local hostname (see
-.Xr hostname @CMD_EXT@
-and
-.Xr resolver @FORMAT_EXT@ ) .
-For example, if the
-.Dq Li domain
-option is set to
-.Li CS.Berkeley.EDU ,
-then only
-.Li CS.Berkeley.EDU
-will be in the search list, and this will be the only
-domain appended to the partial hostname. For example, if
-.Dq Li lithium
-is the name to be resolved, this would make
-.Li lithium.CS.Berkeley.EDU
-the only name to be tried using the search list.
-.Pp
-If the
-.Li search
-option is used in
-.Pa /etc/resolv.conf
-or the environment variable
-.Dq Ev LOCALDOMAIN
-is set by the user, then
-the search list will include what is set by these methods. For
-example, if the
-.Dq Li search
-option contained
-.Pp
-.Dl CS.Berkeley.EDU CChem.Berkeley.EDU Berkeley.EDU
-.Pp
-then the partial hostname (e.g.,
-.Dq Li lithium )
-will be tried with
-.Em each
-domain name appended (in the same order specified); the resulting hostnames
-that would be tried are:
-.Bd -literal -offset indent
-lithium.CS.Berkeley.EDU
-lithium.CChem.Berkeley.EDU
-lithium.Berkeley.EDU
-.Ed
-.Pp
-The environment variable
-.Dq Ev LOCALDOMAIN
-overrides the
-.Dq Li search
-and
-.Dq Li domain
-options, and if both
-.Li search
-and
-.Li domain
-options are present in the resolver configuration file, then only the
-.Em last
-one listed is used (see
-.Xr resolver @FORMAT_EXT@ ) .
-.Pp
-If the name was not previously tried
-.Dq as-is
-(i.e., it fell below the
-.Dq Li ndots
-threshold or did not contain a dot), then the name as
-originally provided is attempted.
-.Sh ENVIRONMENT
-.Bl -tag -width "/etc/resolv.conf " -compress
-.It Ev LOCALDOMAIN
-Affects domains appended to partial hostnames.
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.El
-.Sh FILES
-.Bl -tag -width "/etc/resolv.conf " -compress
-.It Pa /etc/resolv.conf
-See
-.Xr resolve @FORMAT_EXT@ .
-.It Ev HOSTALIASES
-Name of file containing
-.Pq Ar host alias , full hostname
-pairs.
-.Sh SEE ALSO
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ,
-.Xr mailaddr @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ .
diff --git a/contrib/bind/doc/man/inet_cidr.3 b/contrib/bind/doc/man/inet_cidr.3
deleted file mode 100644
index 9aeb1026f1da6..0000000000000
--- a/contrib/bind/doc/man/inet_cidr.3
+++ /dev/null
@@ -1,94 +0,0 @@
-.\" $Id: inet_cidr.3,v 8.2 1999/01/08 18:54:24 vixie Exp $
-.\"
-.\"Copyright (c) 1998,1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.\"
-.Dd October 19, 1998
-.Dt INET_CIDR @LIB_NETWORK_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm inet_cidr_ntop ,
-.Nm inet_cidr_pton
-.Nd network translation routines
-.Sh SYNOPSIS
-.Fd #include <sys/types.h>
-.Fd #include <sys/socket.h>
-.Fd #include <netinet/in.h>
-.Fd #include <arpa/inet.h>
-.Fn inet_cidr_ntop "int af" "const void *src" "int bits" "char *dst" "size_t size"
-.Fn inet_cidr_pton "int af" "const char *src" "void *dst" "int *bits"
-.Sh DESCRIPTION
-These routines are used for converting addresses to and from network and
-presentation forms with CIDR (Classless Inter-Domain Routing) representation,
-embedded net mask.
-.Pp
-.Bd -literal
- 130.155.16.1/20
-.Ed
-.\" ::ffff:130.155.16.1/116
-.Pp
-.Fn inet_cidr_ntop
-converts an address from network to presentation format.
-.Pp
-.Ft af
-describes the type of address that is being passed in
-.Ft src.
-.\"Currently defined types are AF_INET and AF_INET6.
-Currently only AF_INET is supported.
-.Pp
-.Ft src
-is an address in network byte order, its length is determined from
-.Ft af.
-.Pp
-.Ft bits
-specifies the number of bits in the netmask unless it is -1 in which case
-the CIDR representation is omitted.
-.Pp
-.Ft dst
-is a caller supplied buffer of at least
-.Ft size
-bytes.
-.Pp
-.Fn inet_cidr_ntop
-returns
-.Ft dst
-on success or NULL.
-Check errno for reason.
-.Pp
-.Fn inet_cidr_pton
-converts and address from presentation format, with optional CIDR
-reperesentation, to network format.
-The resulting address is zero filled if there were insufficint bits in
-.Ft src.
-.Pp
-.Ft af
-describes the type of address that is being passed in via
-.Ft src
-and determines the size of
-.Ft dst.
-.Pp
-.Ft src
-is an address in presentation format.
-.Pp
-.Ft bits
-returns the number of bits in the netmask or -1 if a CIDR representation was
-not supplied.
-.Pp
-.Fn inet_cidr_pton
-returns 0 on succces or -1 on error.
-Check errno for reason.
-ENOENT indicates an invalid netmask.
-.Sh SEE ALSO
-.Xr intro 2
diff --git a/contrib/bind/doc/man/irs.conf.5 b/contrib/bind/doc/man/irs.conf.5
deleted file mode 100644
index 9ee5882f01c44..0000000000000
--- a/contrib/bind/doc/man/irs.conf.5
+++ /dev/null
@@ -1,201 +0,0 @@
-.\" Copyright (c) 1996,1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.\" Copyright (c) 1986, 1991, 1993
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $Id: irs.conf.5,v 8.4 1999/01/18 07:46:45 vixie Exp $
-.\"
-.Dd November 16, 1997
-.Dt IRS.CONF 5
-.Os BIND 8.1
-.Sh NAME
-.Nm irs.conf
-.Nd Information Retrieval System configuration file
-.Sh SYNOPSIS
-.Nm irs.conf
-.Sh DESCRIPTION
-The
-.Xr irs 3
-functions are a set of routines in the C library which provide access to
-various system maps.
-The maps that irs currently controls are the following: passwd, group,
-services, protocols, hosts, networks and netgroup.
-When a program first calls a function that accesses one of these maps,
-the irs configuration file is read,
-and the source of each map is determined for the life of the process.
-.Pp
-If this file does not exist,
-the irs routines default to using local sources for all information,
-with the exception of the host and networks maps,
-which use the Domain Name System (DNS).
-.Pp
-Each record in the file consists of one line.
-A record consists of a map-name, an access-method and possibly a (comma
-delimited) set of options,
-separated by tabs or spaces.
-Blank lines, and text between a # and a newline are ignored.
-.Pp
-Available maps:
-.Bd -literal -offset indent
-Map name Information in map
-========= ==================================
-passwd User authentication information
-group User group membership information
-services Network services directory
-protocols Network protocols directory
-hosts Network hosts directory
-networks Network "network names" directory
-netgroup Network "host groups" directory
-.Ed
-.Pp
-Available access methods:
-.Bd -literal -offset indent
-Access method Description
-============= =================================================
-local Use a local file, usually in /etc
-dns Use the domain name service (includes hesiod)
-nis Use the Sun-compatible Network Information Service
-irp Use the IRP daemon on the localhost.
-.Ed
-.Pp
-Available options:
-.Bd -literal -offset indent
-Option Description
-======== ================================================
-continue don't stop searching if you can't find something
-merge don't stop searching if you CAN find something
-.Ed
-.Pp
-The continue option creates
-.Dq "union namespaces"
-whereby subsequent access methods of the same map type can be tried
-if a name cannot be found using earlier access methods.
-This can be quite confusing in the case of host names,
-since the name to address and address to name mappings can be visibly
-asymmetric even though the data used by any given access method is
-entirely consistent. This behavior is, therefore, not the default.
-.Pp
-The merge option only affects lookups in the groups map.
-If set, subsequent access methods will be tried in order to cause
-local users to appear in NIS (or other remote) groups in addition
-to the local groups.
-.Sh EXAMPLE
-.Bd -literal -offset indent
-# Get password entries from local file, or failing that, NIS
-passwd local continue
-passwd nis
-
-# Build group membership from both local file, and NIS.
-group local continue,merge
-group nis
-
-# Services comes from just the local file.
-services local
-
-protocols local
-
-# Hosts comes first from DNS, failing that, the local file
-hosts dns continue
-hosts local
-
-# Networks comes first from the local file, and failing
-# that the, irp daemon
-networks local continue
-networks irp
-
-netgroup local
-.Ed
-.Sh NOTES
-If a local user needs to be in the local host's
-.Dq wheel
-group but not in every host's
-.Dq wheel
-group, put them in the local host's
-.Pa /etc/group
-.Dq wheel
-entry and set up the
-.Dq groups
-portion of your
-.Pa /etc/irs.conf
-file as:
-.Bd -literal -offset indent
-group local continue,merge
-group nis
-.Ed
-.Pp
-NIS takes a long time to time out.
-Especially for hosts if you use the
-.Fl d
-option to your server's
-.Dq ypserv
-daemon.
-.Pp
-It is important that the
-.Pa irs.conf
-file contain an entry for each map.
-If a map is not mentioned in the
-.Pa irs.conf
-file, all queries to that map will fail.
-.Pp
-The classic NIS mechanism for specifying union namespaces is to add an entry
-to a local map file whose name is ``+''. In IRS, this is done via ``continue''
-and/or ``merge'' map options. While this results in a small incompatibility
-when local map files are imported from non-IRS systems to IRS systems, there
-are compensating advantages in security and configurability.
-.Sh FILES
-.Bl -tag -width /etc/irs.confXXXX -compact
-.It Pa /etc/irs.conf
-The file
-.Nm irs.conf
-resides in
-.Pa /etc .
-.El
-.Sh SEE ALSO
-.Xr groups 5 ,
-.Xr hosts 5 ,
-.Xr netgroup 5 ,
-.Xr networks 5 ,
-.Xr passwd 5 ,
-.Xr protocols 5 ,
-.Xr services 5
diff --git a/contrib/bind/doc/man/mailaddr.7 b/contrib/bind/doc/man/mailaddr.7
deleted file mode 100644
index 270fe9c9d9b10..0000000000000
--- a/contrib/bind/doc/man/mailaddr.7
+++ /dev/null
@@ -1,179 +0,0 @@
-.\" Copyright (c) 1983, 1987 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)mailaddr.7 6.5 (Berkeley) 2/14/89
-.\"
-.Dd February 14, 1989
-.Dt MAILADDR @DESC_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm mailaddr
-.Nd mail addressing description
-.Sh DESCRIPTION
-Mail addresses are based on the ARPANET protocol listed at the end of this
-manual page. These addresses are in the general format
-.Pp
-.Bd -ragged -offset indent-two
-.Li user@domain
-.Ed
-.Pp
-where a domain is a hierarchical, dot-separated list of subdomains. For
-example, the address
-.Pp
-.Bd -ragged -offset indent-two
-.Li eric@monet.berkeley.edu
-.Ed
-.Pp
-is normally interpreted from right to left: the message should go to the
-ARPA name tables (which do not correspond exactly to the physical ARPANET),
-then to the Berkeley gateway, after which it should go to the local host
-.Dq Li monet .
-When the message reaches
-.Li monet ,
-it is delivered to the user
-.Dq Li eric .
-.Pp
-Unlike some other forms of addressing, this does not imply any routing.
-Thus, although this address is specified as an ARPA address, it might
-travel by an alternate route if that were more convenient or efficient.
-For example, at Berkeley, the associated message would probably go directly
-to
-.Li monet
-over the Ethernet rather than going via the Berkeley ARPANET gateway.
-.Ss Abbreviation
-.Pp
-Under certain circumstances, it may not be necessary to type the entire
-domain name. In general, anything following the first dot may be omitted
-if it is the same as the domain from which you are sending the message.
-For example, a user on
-.Dq Li calder.berkeley.edu
-could send to
-.Dq Li eric@monet
-without adding the
-.Dq Li berkeley.edu
-since it is the same on both sending and receiving hosts.
-.Pp
-Certain other abbreviations may be permitted as special cases. For
-example, at Berkeley, ARPANET hosts may be referenced without adding the
-.Dq Li berkeley.edu
-as long as their names do not conflict with a local host name.
-.Ss Compatibility
-.Pp
-Certain old address formats are converted to the new format to provide
-compatibility with the previous mail system. In particular,
-.Bd -ragged -offset indent-two
-.Li user@host.ARPA
-.Ed
-.Pp
-is allowed and
-.Bd -ragged -offset indent-two
-.Li host:user
-.Ed
-.Pp
-is converted to
-.Bd -ragged -offset indent-two
-.Li user@host
-.Ed
-.Pp
-in order to be consistent with the
-.Xr rcp @CMD_EXT@
-command.
-.Pp
-Also, the syntax
-.Bd -ragged -offset indent-two
-.Li host!user
-.Ed
-.Pp
-is converted to:
-.Bd -ragged -offset indent-two
-.Li user@host.UUCP
-.Ed
-.Pp
-This is normally converted back to the
-.Dq Li host!user
-form before being sent on, for compatibility with older UUCP hosts.
-.Pp
-The current implementation is not able to route messages automatically through
-the UUCP network. Until that time you must explicitly tell the mail system
-which hosts to send your message through to get to your final destination.
-.Ss Case Distinctions
-.Pp
-Domain names (i.e., anything after the
-.Dq Li @
-sign) may be given in any mixture
-of upper and lower case with the exception of UUCP hostnames. Most hosts
-accept any combination of case in user names, with the notable exception of
-MULTICS sites.
-.Ss Route-addrs.
-.Pp
-Under some circumstances it may be necessary to route a message through
-several hosts to get it to the final destination. Normally this routing
-is done automatically, but sometimes it is desirable to route the message
-manually. Addresses which show these relays are termed
-.Dq route-addrs.
-These use the syntax:
-.Bd -ragged -offset indent-two
-.Li <@hosta,@hostb:user@hostc>
-.Ed
-.Pp
-This specifies that the message should be sent to
-.Li hosta ,
-from there to
-.Li hostb ,
-and finally to
-.Li hostc .
-This path is forced even if there is a more efficient path to
-.Li hostc .
-.Pp
-Route-addrs occur frequently on return addresses, since these are generally
-augmented by the software at each host. It is generally possible to ignore
-all but the
-.Dq Li user@domain
-part of the address to determine the actual sender.
-.Ss Postmaster
-.Pp
-Every site is required to have a user or user alias designated
-.Dq Li postmaster
-to which problems with the mail system may be addressed.
-.Ss Other Networks
-.Pp
-Some other networks can be reached by giving the name of the network as the
-last component of the domain.
-.Em This is not a standard feature
-and may
-.Em not
-be supported at all sites. For example, messages to CSNET or BITNET sites
-can often be sent to
-.Dq Li user@host.CSNET
-or
-.Dq Li user@host.BITNET ,
-respectively.
-.Sh BUGS
-The RFC822 group syntax
-.Pq Dq Li group:user1,user2,user3;
-is not supported except in the special case of
-.Dq LI group:;
-because of a conflict with old berknet-style addresses.
-.Pp
-Route-Address syntax is grotty.
-.Pp
-UUCP- and ARPANET-style addresses do not coexist politely.
-.Sh SEE ALSO
-.Xr mail @CMD_EXT@ ,
-.Xr sendmail @SYS_OPS_EXT@ ;
-Crocker, D. H., RFC822,
-.Do
-Standard for the Format of Arpa Internet Text Messages
-.Dc .
diff --git a/contrib/bind/doc/man/mkdep.1 b/contrib/bind/doc/man/mkdep.1
deleted file mode 100644
index 177ab1afe692d..0000000000000
--- a/contrib/bind/doc/man/mkdep.1
+++ /dev/null
@@ -1,84 +0,0 @@
-.\" Copyright (c) 1987 Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)mkdep.1 5.8 (Berkeley) 10/24/88
-.\"
-.Dd October 24, 1988
-.Dt MKDEP @CMD_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm mkdep
-.Nd construct Makefile dependency list
-.Sh SYNOPSIS
-.Nm mkdep
-.Op Fl ap
-.Op Fl f Ar depend_file
-.Op Ar flags
-.Ar file ...
-.Sh DESCRIPTION
-.Ic Mkdep
-takes a set of flags for the C compiler and a list
-of C source files as arguments and constructs a set of
-.Li include
-file dependencies which are written into the file
-.Pa depend_file ,
-or
-.Dq Pa .depend
-by default. An example of its use in a
-.Pa Makefile
-might be:
-.Bd -literal -offset indent
-CFLAGS= -O -DDEBUG -I../include -I.
-SRCS= file1.c file2.c
-
-depend:
- mkdep ${CFLAGS} ${SRCS}
-.Ed
-.Pp
-where the macro
-.Dq Li SRCS
-is the list of C source files and the macro
-.Dq Li CFLAGS
-is the list of flags for the C compiler.
-.Pp
-If the
-.Dq Fl p
-option is provided,
-.Ic mkdep
-produces dependencies
-of the form
-.Dq Li program: program.c
-so that subsequent calls to
-.Xr make @CMD_EXT@
-will produce
-.Dq Pa program
-directly from its C module rather than using an intermediate
-.Dq Pa \&.o
-module. This is useful in directories which
-contain many programs, each of whose source is contained in a single
-C module.
-.Pp
-The
-.Dq Fl a
-option causes appending to the output file, so that multiple
-.Xo Ic mkdep
-.Ns 's
-.Xc
-may be run from a single
-.Pa Makefile .
-.Sh SEE ALSO
-.Xr cc @CMD_EXT@ ,
-.Xr cpp @CMD_EXT@ ,
-.Xr make @CMD_EXT@ .
diff --git a/contrib/bind/doc/man/named-bootconf.8 b/contrib/bind/doc/man/named-bootconf.8
deleted file mode 100644
index 2a0d39d708cf4..0000000000000
--- a/contrib/bind/doc/man/named-bootconf.8
+++ /dev/null
@@ -1,70 +0,0 @@
-.\" $NetBSD: named-bootconf.8,v 1.1 1998/11/19 21:11:45 tron Exp $
-.\"
-.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
-.\" All rights reserved.
-.\"
-.\" This documentation is derived from software contributed to The NetBSD
-.\" Foundation by Matthias Scheler.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the NetBSD
-.\" Foundation, Inc. and its contributors.
-.\" 4. Neither the name of The NetBSD Foundation nor the names of its
-.\" contributors may be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-.\" POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" Copyright (c) 1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-
-.Dd November 19, 1998
-.Dt NAMED-BOOTCONF 8
-.Os NetBSD
-.Sh NAME
-.Nm named-bootconf
-.Nd convert name server configuration files
-.Sh SYNOPSIS
-.Nm
-.Sh DESCRIPTION
-.Nm
-converts named configuration files from BIND 4 format to BIND 8 format.
-.Sh EXAMPLES
-named-bootconf < named.boot > named.conf
-.Sh BUGS
-Comments from the source file will not always appear at the appropriate place
-in the target file.
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr named.conf 5
diff --git a/contrib/bind/doc/man/named-xfer.8 b/contrib/bind/doc/man/named-xfer.8
deleted file mode 100644
index e7b2cf38c5377..0000000000000
--- a/contrib/bind/doc/man/named-xfer.8
+++ /dev/null
@@ -1,185 +0,0 @@
-.\" ++Copyright++ 1985
-.\" -
-.\" Copyright (c) 1985
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" Portions Copyright (c) 1999 by Check Point Software Technologies, Inc.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Check Point Software Technologies Incorporated not be used
-.\" in advertising or publicity pertaining to distribution of the document
-.\" or software without specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES
-.\" INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
-.\" INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
-.\" IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED
-.\" BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR
-.\" ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
-.\" IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" --Copyright--
-.\"
-.\" from named.8 6.6 (Berkeley) 2/14/89
-.\"
-.Dd June 26, 1993
-.Dt @XFER_INDOT_U@NAMED-XFER @SYS_OPS_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm @XFER_INDOT@named-xfer
-.Nd ancillary agent for inbound zone transfers
-.Sh SYNOPSIS
-.Nm named-xfer
-.Fl z Ar zone_to_transfer
-.Fl f Ar db_file
-.Fl s Ar serial_no
-.Op Fl d Ar debuglevel
-.Op Fl l Ar debug_log_file
-.Op Fl i Ar ixfr_file
-.Op Fl t Ar trace_file
-.Op Fl p Ar port#
-.Op Fl S
-.Ar nameserver
-.Op Ar [ Sy axfr
-|
-.Op Sy ixfr ]
-.Sh DESCRIPTION
-.Ic Named-xfer
-is an ancillary program executed by
-.Xr @INDOT@named @SYS_OPS_EXT@
-to perform an inbound zone transfer. It is rarely executed directly, and then
-only by system administrators who are trying to debug a zone transfer problem.
-See RFC's 1033, 1034, and 1035 for more information on the Internet
-name-domain system.
-.Pp
-Options are:
-.Bl -tag -width Fl
-.It Fl z Ar zone_to_transfer
-specifies the name of the zone to be transferred.
-.It Fl f Ar db_file
-specifies the name of the
-.Ar db_file
-into which the zone should be dumped
-when it is received from the primary server.
-.It Fl s Ar serial_no
-specifies the serial number of our current copy of this zone. If the
-.Sy SOA RR
-we get from the primary server does not have a serial
-number higher than this, the transfer will be aborted.
-.It Fl d Ar debuglevel
-Print debugging information.
-The
-.Ar debuglevel
-is a number determines the level of messages printed.
-.It Fl l Ar debug_log_file
-Specifies a log file for debugging messages. The default is system-
-dependent but is usually in
-.Pa /var/tmp
-or
-.Pa /usr/tmp .
-Note that this only applies if
-.Dq Fl d
-is also specified.
-.It Fl i Ar ixfr_file
-Specifies the name of the
-.Ar ixfr_file
-into which the zone changes from Incremental Zone Transfer (IXFR)
-should be dumped when it is received from the primary server.
-.It Fl t Ar trace_file
-Specifies a
-.Ar trace_file
-which will contain a protocol trace of the zone
-transfer. This is probably only of interest to people debugging the name
-server itself.
-.It Fl p Ar port#
-Use a different port number. The default is the standard port number
-as returned by
-.Xr getservbyname @LIB_NETWORK_EXT@
-for the service
-.Dq Li domain .
-.It Fl S
-Perform a restricted transfer of only the SOA, NS records and glue A records
-for the zone. The SOA record will not be loaded by
-.Xr @INDOT@named @SYS_OPS_EXT@
-but will be used to
-determine when to verify the NS records. See the
-.Dq Li stubs
-directive in
-.Xr @INDOT@named @SYS_OPS_EXT@
-for more information.
-.El
-.Pp
-Additional arguments are taken as name server addresses in so-called
-.Dq dotted-quad
-syntax
-.Em only;
-no host name are allowed here. At least one address must be specified.
-Any additional addresses will be tried, in order, if the first one fails
-to transfer to us successfully.
-The
-.Sy axfr
-or
-.Sy ixfr
-after name server address designates the type of zone transfer to perform.
-Use
-.Sy axfr
-for a full zone transfer or
-.Sy ixfr
-for an incremental zone transfer.
-.Sh SEE ALSO
-.Xr hostname @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ,
-RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035,
-RFC 1123, RFC 1995
-.Dq Name Server Operations Guide for Sy BIND .
diff --git a/contrib/bind/doc/man/named.8 b/contrib/bind/doc/man/named.8
deleted file mode 100644
index c0e73df9ae36d..0000000000000
--- a/contrib/bind/doc/man/named.8
+++ /dev/null
@@ -1,441 +0,0 @@
-.\" ++Copyright++ 1985, 1996
-.\" -
-.\" Copyright (c) 1985, 1996
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)named.8 6.6 (Berkeley) 2/14/89
-.\"
-.Dd February 1, 1996
-.Dt @INDOT_U@NAMED @SYS_OPS_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm @INDOT@named
-.Nd Internet domain name server (DNS)
-.Sh SYNOPSIS
-.Nm @INDOT@NAMED
-.Op Fl d Ar debuglevel
-.Op Fl p Ar port#
-.Oo Fl Po
-.Cm b Ns \&| Ns Cm c
-.Pc
-.Ar config_file
-.Oc
-.Op Fl f q r v
-.Op Fl u Ar user_name
-.Op Fl g Ar group_name
-.Op Fl t Ar directory
-.Op Fl w Ar directory
-.Op Ar config_file
-.Sh DESCRIPTION
-.Ic Named
-is the Internet domain name server.
-See RFC's 1033, 1034, and 1035 for more information on the Internet
-name-domain system. Without any arguments,
-.Ic named
-will read the default configuration file
-.Pa /etc/named.conf ,
-read any initial data, and listen for queries. A
-.Ar config_file
-argument given at the end of the command line will override any
-.Ar config_file
-specified by using the
-.Dq Fl b
-or
-.Dq Fl c
-flags.
-.Pp
-.Sy NOTE:
-Several of
-.Nm named Ns 's
-options, and much more of its behaviour, can be controlled in the configuration
-file. Please refer to the configuration file guide included with this
-.Sy BIND
-distribution for further information.
-.Pp
-Options are:
-.Bl -tag -width Fl
-.It Fl d Ar debuglevel
-Print debugging information.
-The
-.Ar debuglevel
-is a number determines the level of messages printed. If negative,
-.Ar debuglevel
-is set to
-.Dq 1 .
-.Pp
-.Sy NOTE:
-The new debugging framework is considerably more sophisticated than it
-was in older versions of
-.Nm @INDOT@NAMED .
-The configuration file's
-.Dq Li logging
-statement allows for multiple, distinct levels of debugging for each of
-a large set of categories of events (such as queries, transfers in or out,
-etc.). Please refer to the configuration file guide included with this
-.Sy BIND
-distribution for further information about these extensive new capabilities.
-.It Fl p Ar port#
-Use the specified remote port number; this is the port number to which
-.Nm @INDOT@NAMED
-will send queries. The default value is the standard port number, i.e.,
-the port number returned by
-.Xr getservbyname @LIB_NETWORK_EXT@
-for service
-.Dq Li domain .
-.Pp
-.Sy NOTE:
-Previously, the syntax
-.Dq Fl p Ar port# Ns Op Ar \&/localport#
-was supported; the first port was that used when contacting
-.Em remote
-servers, and the second one was the service port bound by the
-.Em local
-instance of
-.Nm @INDOT_U@NAMED .
-The current usage is equivalent to the old usage without the
-.Ar localport#
-specified; this functionality can be specified with the
-.Dq Li listen-on
-clause of the configuration file's
-.Dq Li options
-statement.
-.It Xo Fl Po
-.Cm b Ns \&| Ns Cm c
-.Pc Ar config_file
-.Xc
-Use an alternate
-.Ar config_file ;
-this argument is overridden by any
-.Ar config_file
-which is specified at the end of the command line.
-The default value is
-.Pa /etc/named.conf .
-.It Fl f
-Run this process in the foreground; don't
-.Xr fork @SYSCALL_EXT@
-and daemonize. (The default is to daemonize.)
-.It Fl q
-Trace all incoming queries if
-.Nm @INDOT_U@NAMED
-has been compiled with
-.Li QRYLOG
-defined.
-.Pp
-.Sy NOTE:
-This option is deprecated in favor of the
-.Dq Li queries
-.Em logging category
-of the configuration file's
-.Dq Li logging
-statement; for more information, please refer to the configuration file guide
-included with this distribution of
-.Sy BIND .
-.It Fl r
-Turns recursion off in the server. Answers can come only from local
-(primary or secondary) zones. This can be used on root servers.
-The default is to use recursion.
-.Pp
-.Sy NOTE:
-This option can be overridden by and is deprecated in favor of the
-.Dq Li recursion
-clause of the configuration file's
-.Dq Li options
-statement.
-.It Fl v
-Report the version and exit.
-.It Fl u Ar user_name
-Specifies the user the server should run as after it initializes. The value
-specified may be either a username or a numeric user id. If the
-.Dq Fl g
-flag is not specified, then the group id used will be the primary group of
-the user specified (initgroups() is called, so all of the user's groups will
-be available to the server).
-.Pp
-.It Fl g Ar group_name
-Specifies the group the server should run as after it initializes. The value
-specified may be either a groupname or a numeric group id.
-.Pp
-.It Fl t Ar directory
-Specifies the directory the server should chroot() into as soon as it is
-finshed processing command line arguments.
-.Pp
-.It Fl w Ar directory
-Sets the working directory of the server. The
-.Dq Li directory
-clause of the configuration file's
-.Dq Li options
-statement overrides any value specified on the command line.
-The default working directory is the current directory
-.Pq Dq \&. .
-.El
-.Pp
-Any additional argument is taken as the name of the configuration file, for
-compatibility with older implementations; as noted above, this argument
-overrides any
-.Ar config_file
-specified by the use of the
-.Dq Fl b
-or
-.Dq Fl c
-flags. If no further argument is given, then the default configuration file
-is used
-.Pq Pa /etc/named.conf .
-.Ss Master File Format
-The master file consists of control information and a list of resource
-records for objects in the zone of the forms:
-.Bd -literal -offset indent
-$INCLUDE <filename> <opt_domain>
-$ORIGIN <domain>
-$TTL <ttl>
-<domain> <opt_ttl> <opt_class> <type> <resource_record_data>
-.Ed
-.Pp
-where:
-.Bl -tag -width "opt_domain "
-.It Ar domain
-is
-.Dq Li \&.
-for root,
-.Dq Li @
-for the current origin, or a standard domain name. If
-.Ar domain
-is a standard domain name that does
-.Em not
-end with
-.Dq Li \&. ,
-the current origin is appended to the domain. Domain names ending with
-.Dq Li \&.
-are unmodified.
-.It Ar opt_domain
-This field is used to define an origin for the data in an included file.
-It is equivalent to placing an
-.Li $ORIGIN
-statement before the first line of the included file. The field is optional.
-Neither the
-.Ar opt_domain
-field nor
-.Li $ORIGIN
-statements in the included file modify the current origin for this file.
-.It Ar ttl
-A integer number that sets the default time-to-live for future records without
-an explicit ttl.
-.It Ar opt_ttl
-An optional integer number for the time-to-live field.
-If not set the ttl is taken from the last $TTL statement.
-If no $TTL statement has occured then the SOA minimum value is used and a
-warning is generated.
-.It Ar opt_class
-The object address type; currently only one type is supported,
-.Dv IN ,
-for objects connected to the DARPA Internet.
-.It Ar type
-This field contains one of the following tokens; the data expected in the
-.Ar resource_record_data
-field is in parentheses:
-.Bl -tag -width "HINFO " -offset indent
-.It Dv A
-a host address (dotted-quad IP address)
-.It Dv NS
-an authoritative name server (domain)
-.It Dv MX
-a mail exchanger (domain), preceded by a preference value (0..32767),
-with lower numeric values representing higher logical preferences.
-.It Dv CNAME
-the canonical name for an alias (domain)
-.It Dv SOA
-marks the start of a zone of authority (domain of originating host,
-domain address of maintainer, a serial number and the following
-parameters in seconds: refresh, retry, expire and minimum TTL (see RFC 883
-and RFC 2308)).
-.It Dv NULL
-a null resource record (no format or data)
-.It Dv RP
-a Responsible Person for some domain name (mailbox, TXT-referral)
-.It Dv PTR
-a domain name pointer (domain)
-.It Dv HINFO
-host information (cpu_type OS_type)
-.El
-.El
-.Pp
-Resource records normally end at the end of a line,
-but may be continued across lines between opening and closing parentheses.
-Comments are introduced by semicolons and continue to the end of the line.
-.Pp
-.Sy NOTE:
-There are other resource record types not shown here. You should
-consult the
-.Sy BIND
-Operations Guide
-.Pq Dq BOG
-for the complete
-list. Some resource record types may have been standardized in newer RFC's
-but not yet implemented in this version of
-.Sy BIND .
-.Ss SOA Record Format
-Each master zone file should begin with an SOA record for the zone.
-An example SOA record is as follows:
-.Bd -literal
-@ IN SOA ucbvax.Berkeley.EDU. rwh.ucbvax.Berkeley.EDU. (
- 1989020501 ; serial
- 10800 ; refresh
- 3600 ; retry
- 3600000 ; expire
- 86400 ) ; minimum
-.Ed
-.Pp
-The SOA specifies a serial number, which should be changed each time the
-master file is changed. Note that the serial number can be given as a
-dotted number, but this is a
-.Em very
-unwise thing to do since the
-translation to normal integers is via concatenation rather than
-multiplication and addition. You can spell out the year, month, day of
-month, and 0..99 version number and still fit inside the unsigned 32-bit
-size of this field. (It's true that we will have to rethink this strategy in
-the year 4294, but we're not worried about it.)
-.Pp
-Secondary servers
-check the serial number at intervals specified by the refresh time in
-seconds; if the serial number changes, a zone transfer will be done to load
-the new data. If a master server cannot be contacted when a refresh is due,
-the retry time specifies the interval at which refreshes should be attempted.
-If a master server cannot be contacted within the interval given by the
-expire time, all data from the zone is discarded by secondary servers. The
-minimum value is the cache time-to-live for negative answers (RFC 2308).
-.Sh NOTES
-The boot file directives
-.Dq Li domain
-and
-.Dq Li suffixes
-have been
-obsoleted by a more useful, resolver-based implementation of
-suffixing for partially-qualified domain names. The prior mechanisms
-could fail under a number of situations, especially when then local
-nameserver did not have complete information.
-.Pp
-The following signals have the specified effect when sent to the
-server process using the
-.Xr kill @CMD_EXT@
-command:
-.Pp
-.Bl -tag -width "SIGWINCH"
-.It Dv SIGHUP
-Causes server to read
-.Pa named.conf
-and reload the database. If the server
-is built with the
-.Li FORCED_RELOAD
-compile-time option, then
-.Dv SIGHUP
-will
-also cause the server to check the serial number on all secondary zones;
-normally, the serial numbers are only checked at the SOA-specified intervals.
-.It Dv SIGINT
-Dumps the current data base and cache to
-.Dq Pa /var/tmp/named_dump.db
-or the value of
-.Dv _PATH_DUMPFILE .
-.It Dv SIGILL
-Dumps statistics data into
-.Pa named.stats
-if the server is compiled with
-.Li -DSTATS .
-Statistics data is appended to the file.
-.It Dv SIGSYS
-Dumps the profiling data in
-.Pa /var/tmp
-if the server is compiled with profiling (server forks, chdirs and exits).
-.It Dv SIGTERM
-Saves any modified dynamic zones to the file system, and shuts down the server.
-.It Dv SIGUSR1
-Turns on debugging; each
-.Dv SIGUSR1
-increments debug level.
-.Po Dv SIGEMT
-on older systems without
-.Dv SIGUSR1 .
-.Pc
-.It Dv SIGUSR2
-Turns off debugging completely.
-.Po Dv SIGFPE
-on older systems without
-.Dv SIGUSR2 .
-.Pc
-.It Dv SIGWINCH
-Toggles logging of all incoming queries via
-.Xr syslog @SYS_OPS_EXT@
-(requires server to have been built with the
-.Li QRYLOG
-option).
-.Sh FILES
-.Bl -tag -width "/var/tmp/named_dump.db (_PATH_DUMPFILE) " -compact
-.It Pa /etc/named.conf
-default name server configuration file
-.It Pa /var/run/named.pid Pq Dv _PATH_PIDFILE
-the process id
-.It Pa /var/tmp/named_dump.db Pq Dv _PATH_DUMPFILE
-dump of the name server database
-.It Pa /var/tmp/named.run Pq file: Dv _PATH_DEBUG
-debug output
-.It Pa /var/tmp/named.stats Pq file: Dv _PATH_STATS
-nameserver statistics data
-.El
-.Sh SEE ALSO
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr kill @CMD_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ,
-.Xr signal @SYSCALL_EXT@ ,
-RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035, RFC 1123,
-RFC 2308
-.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5
deleted file mode 100644
index 44f1ec9da4dc3..0000000000000
--- a/contrib/bind/doc/man/named.conf.5
+++ /dev/null
@@ -1,2355 +0,0 @@
-.\" Copyright (c) 1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-
-.Dd January 7, 1999
-.Dt NAMED.CONF 5
-.Os BSD 4
-
-.Sh NAME
-.Nm named.conf
-.Nd configuration file for
-.Xr named 8
-
-.Sh OVERVIEW
-
-BIND 8 is much more configurable than previous release of BIND. There
-are entirely new areas of configuration, such as access control lists
-and categorized logging. Many options that previously applied to all
-zones can now be used selectively. These features, plus a
-consideration of future configuration needs led to the creation of a
-new configuration file format.
-
-.Ss General Syntax
-
-A BIND 8 configuration consists of two general features, statements
-and comments. All statements end with a semicolon. Many statements
-can contain substatements, which are each also terminated with a
-semicolon.
-
-.Pp
-The following statements are supported:
-.Bl -tag -width 1
-.It Ic logging
-specifies what the server logs, and where the log messages are sent
-
-.It Ic options
-controls global server configuration options and sets defaults for other
-statements
-
-.It Ic zone
-defines a zone
-
-.It Ic acl
-defines a named IP address matching list, for access control and other uses
-
-.It Ic key
-specifies key information for use in authentication and authorization
-
-.It Ic trusted-keys
-defines DNSSEC keys that are preconfigured into the server and implicitly
-trusted
-
-.It Ic server
-sets certain configuration options for individual remote servers
-
-.It Ic controls
-declares control channels to be used by the
-.Nm ndc
-utility
-
-.It Ic include
-includes another file
-
-.El
-
-The
-.Ic logging
-and
-.Ic options
-statements may only occur once per configuration, while the rest may
-appear numerous times. Further detail on each statement is provided
-in individual sections below.
-
-Comments may appear anywhere that whitespace may appear in a BIND
-configuration file. To appeal to programmers of all kinds, they can
-be written in C, C++, or shell/perl constructs.
-
-C-style comments start with the two characters
-.Li /*
-(slash, star) and end with
-.Li */
-(star, slash).
-Because they are completely delimited with these characters,
-they can be used to comment only a portion of a line or to span
-multiple lines.
-
-C-style comments cannot be nested. For example, the following is
-not valid because the entire comment ends with the first
-.Li */ :
-
-.Bd -literal -offset indent
-/* This is the start of a comment.
- This is still part of the comment.
-/* This is an incorrect attempt at nesting a comment. */
- This is no longer in any comment. */
-.Ed
-
-C++-style comments start with the two characters
-.Li //
-(slash, slash) and continue to the end of the physical line.
-They cannot be continued across multiple physical lines; to have
-one logical comment span multiple lines, each line must use the
-.Li //
-pair. For example:
-
-.Bd -literal -offset indent
-// This is the start of a comment. The next line
-// is a new comment, even though it is logically
-// part of the previous comment.
-.Ed
-
-Shell-style (or perl-style, if you prefer) comments start with the
-character
-.Li #
-(hash or pound or number or octothorpe or whatever) and continue to
-the end of the physical line, like C++ comments. For example:
-
-.Bd -literal -offset indent
-# This is the start of a comment. The next line
-# is a new comment, even though it is logically
-# part of the previous comment.
-.Ed
-
-.Em WARNING:
-you cannot use the
-.Li ;
-(semicolon) character to start a comment such as you would in a zone
-file. The semicolon indicates the end of a configuration statement,
-so whatever follows it will be interpreted as the start of the next
-statement.
-
-.Ss Converting from BIND 4.9.x
-
-.Pp
-BIND 4.9.x configuration files can be converted to the new format
-by using
-.Pa src/bin/named/named-bootconf ,
-a shell script that is part of the BIND 8.2.x source kit.
-
-.Sh DOCUMENTATION DEFINITIONS
-
-Described below are elements used throughout the BIND configuration
-file documentation. Elements which are only associated with one
-statement are described only in the section describing that statement.
-
-.Bl -tag -width 1
-.It Va acl_name
-The name of an
-.Va address_match_list
-as defined by the
-.Ic acl
-statement.
-
-.It Va address_match_list
-A list of one or more
-.Va ip_addr ,
-.Va ip_prefix ,
-.Va key_id ,
-or
-.Va acl_name
-elements, as described in the
-.Sx ADDRESS MATCH LISTS
-section.
-
-.It Va dotted-decimal
-One or more integers valued 0 through 255 separated only by dots
-(``.''), such as
-.Li 123 ,
-.Li 45.67
-or
-.Li 89.123.45.67 .
-
-.It Va domain_name
-A quoted string which will be used as a DNS name, for example
-.Qq Li my.test.domain .
-
-.It Va path_name
-A quoted string which will be used as a pathname, such as
-.Qq Li zones/master/my.test.domain .
-
-.It Va ip_addr
-An IP address in with exactly four elements in
-.Va dotted-decimal
-notation.
-
-.It Va ip_port
-An IP port
-.Va number .
-.Va number is limited to
-.Li 0
-through
-.Li 65535 ,
-with values below 1024 typically restricted to
-root-owned processes. In some cases an asterisk (``*'') character
-can be used as a placeholder to select a random high-numbered port.
-
-.It Va ip_prefix
-An IP network specified in
-.Va dotted-decimal
-form, followed by ``/''
-and then the number of bits in the netmask. E.g.
-.Li 127/8
-is
-the network
-.Li 127.0.0.0
-with netmask
-.Li 255.0.0.0 .
-.Li 1.2.3.0/28
-is network
-.Li 1.2.3.0
-with netmask
-.Li 255.255.255.240.
-
-.It Va key_name
-A string representing the name of a shared key, to be used for transaction
-security.
-
-.It Va number
-A non-negative integer with an entire range limited by the range of a
-C language signed integer (2,147,483,647 on a machine with 32 bit
-integers). Its acceptable value might further be limited by the
-context in which it is used.
-
-.It Va size_spec
-A
-.Va number ,
-the word
-.Li unlimited ,
-or the word
-.Li default .
-
-.Pp
-The maximum value of
-.Va size_spec
-is that of unsigned long integers on the machine.
-.Li unlimited
-requests unlimited use, or the maximum available amount.
-.Li default
-uses the limit that was in force when the server was started.
-
-.Pp
-A
-.Va number
-can optionally be followed by a scaling factor:
-.Li K
-or
-.Li k
-for kilobytes,
-.Li M
-or
-.Li m
-for megabytes, and
-.Li G
-or
-.Li g
-for gigabytes, which scale by 1024, 1024*1024, and 1024*1024*1024
-respectively.
-
-.Pp
-Integer storage overflow is currently silently ignored during
-conversion of scaled values, resulting in values less than intended,
-possibly even negative. Using
-.Li unlimited
-is the best way to safely set a really large number.
-
-.It Va yes_or_no
-Either
-.Li yes
-or
-.Li no .
-The words
-.Li true
-and
-.Li false
-are also accepted, as are the numbers
-.Li 1 and
-.Li 0 .
-
-.El
-
-.Sh ADDRESS MATCH LISTS
-.Ss Syntax
-
-.Bd -literal
-\fIaddress_match_list\fR = 1\&*\fIaddress_match_element\fR
-
-\fIaddress_match_element\fR = [ \&"!\&" ] ( \fIaddress_match_list\fR /
- \fIip_address\fR / \fIip_prefix\fR /
- \fIacl_name\fR / \&"key \&" \fIkey_id\fR ) \&";\&"
-.Ed
-
-.Ss Definition and Usage
-
-Address match lists are primarily used to determine access control for
-various server operations. They are also used to define priorities
-for querying other nameservers and to set the addresses on which
-.Nm named
-will listen for queries.
-The elements which constitute an address match list can be any
-of the following:
-
-.Bl -bullet
-.It
-an
-.Va ip-address
-(in
-.Va dotted-decimal
-notation,
-.It
-an
-.Va ip-prefix
-(in the '/'-notation),
-.It
-A
-.Va key_id ,
-as defined by the
-.Ic key
-statement,
-.It
-the name of an address match list previously defined with
-the
-.Ic acl
-statement, or
-.It
-another
-.Va address_match_list .
-.El
-
-.Pp
-Elements can be negated with a leading exclamation mark (``!''), and
-the match list names
-.Li any ,
-.Li none ,
-.Li localhost
-and
-.Li localnets
-are predefined. More information on those names can be found in the
-description of the
-.Ic acl
-statement.
-
-.Pp
-The addition of the
-.Ic key
-clause made the name of this syntactic element something of a
-misnomer, since security keys can be used to validate access without
-regard to a host or network address. Nonetheless, the term ``address
-match list'' is still used throughout the documentation.
-
-.Pp
-When a given IP address or prefix is compared to an address match
-list, the list is traversed in order until an element matches. The
-interpretation of a match depends on whether the list is being used
-for access control, defining
-.Ic listen-on
-ports, or as a topology, and whether the element was
-negated.
-
-.Pp
-When used as an access control list, a non-negated match allows access
-and a negated match denies access. If there is no match at all in the
-list, access is denied. The clauses
-.Ic allow-query ,
-.Ic allow-transfer ,
-.Ic allow-update ,
-.Ic allow-recursion ,
-and
-.Ic blackhole
-all use address match lists like this. Similarly, the
-.Ic listen-on
-option will cause the server to not accept queries on any of the
-machine's addresses which do not match the list.
-
-.Pp
-When used with the
-.Ic topology
-option, a non-negated match returns a distance based on its position on
-the list (the closer the match is to the start of the list, the
-shorter the distance is between it and the server). A negated match
-will be assigned the maximum distance from the server. If there is no
-match, the address will get a distance which is further than any
-non-negated list element, and closer than any negated element.
-
-.Pp
-Because of the first-match aspect of the algorithm, an element that
-defines a subset of another element in the list should come before the
-broader element, regardless of whether either is negated. For
-example, in
-.Dl 1.2.3/24; !1.2.3.13
-the 1.2.3.13 element is completely useless, because the algorithm will
-match any lookup for 1.2.3.13 to the 1.2.3/24 element. Using
-.Dl !1.2.3.13; 1.2.3/24
-fixes that problem by having 1.2.3.13 blocked by the negation but all
-other 1.2.3.* hosts fall through.
-
-.Sh THE LOGGING STATEMENT
-.Ss Syntax
-
-.Bd -literal
-logging {
- [ channel \fIchannel_name\fR {
- ( file \fIpath_name\fR
- [ versions ( \fInumber\fR | unlimited ) ]
- [ size \fIsize_spec\fR ]
- | syslog ( kern | user | mail | daemon | auth | syslog | lpr |
- news | uucp | cron | authpriv | ftp |
- local0 | local1 | local2 | local3 |
- local4 | local5 | local6 | local7 )
- | null );
-
- [ severity ( critical | error | warning | notice |
- info | debug [ \fIlevel\fR ] | dynamic ); ]
- [ print-category \fIyes_or_no\fR; ]
- [ print-severity \fIyes_or_no\fR; ]
- [ print-time \fIyes_or_no\fR; ]
- }; ]
-
- [ category \fIcategory_name\fR {
- \fIchannel_name\fR; [ \fIchannel_name\fR; ... ]
- }; ]
- ...
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic logging
-statement configures a wide variety of logging options for the nameserver.
-Its
-.Ic channel
-phrase associates output methods, format options and
-severity levels with a name that can then be used with the
-.Ic category
-phrase to select how various classes of messages are logged.
-
-.Pp
-Only one
-.Ic logging
-statement is used to define as many channels and categories as are wanted.
-If there are multiple logging statements in a configuration, the first
-defined determines the logging, and warnings are issued for the
-others. If there is no logging statement, the logging configuration
-will be:
-
-.Bd -literal
- logging {
- category default { default_syslog; default_debug; };
- category panic { default_syslog; default_stderr; };
- category packet { default_debug; };
- category eventlib { default_debug; };
- };
-.Ed
-
-The logging configuration is established as soon as the
-.Ic logging
-statement is parsed. If you want to redirect
-messages about processing of the entire configuration file, the
-.Ic logging
-statement must appear first. Even if you do not
-redirect configuration file parsing messages, we recommend
-always putting the
-.Ic logging
-statement first so that this rule need not be consciously recalled if
-you ever do need want the parser's messages relocated.
-
-.Ss The channel phrase
-
-All log output goes to one or more ``channels''; you can make as many
-of them as you want.
-
-.Pp
-Every channel definition must include a clause that says whether
-messages selected for the channel go to a file, to a particular syslog
-facility, or are discarded. It can optionally also limit the message
-severity level that will be accepted by the channel (default is
-.Li info ) ,
-and whether to include a time stamp generated by
-.Nm named ,
-the category name, or severity level. The default is not to include
-any of those three.
-
-.Pp
-The word
-.Li null
-as the destination option for the
-channel will cause all messages sent to it to be discarded; other
-options for the channel are meaningless.
-
-.Pp
-The
-.Ic file
-clause can include limitations both on how
-large the file is allowed to become, and how many versions of the file
-will be saved each time the file is opened.
-
-.Pp
-The
-.Ic size
-option for files is simply a hard ceiling on
-log growth. If the file ever exceeds the size, then
-.Nm named
-will just not write anything more to it until the file is reopened;
-exceeding the size does not automatically trigger a reopen. The
-default behavior is to not limit the size of the file.
-
-.Pp
-If you use the
-.Ic version
-logfile option, then
-.Nm named
-will retain that many backup versions of the file
-by renaming them when opening. For example, if you choose to keep 3
-old versions of the file lamers.log then just before it is opened
-lamers.log.1 is renamed to lames.log.2, lamers.log.0 is renamed to
-lamers.log.1, and lamers.log is renamed to lamers.log.0. No rolled
-versions are kept by default; any existing log file is simply appended.
-The
-.Li unlimited
-keyword is synonymous with
-.Li 99
-in current BIND releases. Example usage of size and versions options:
-
-.Bd -literal
- channel an_example_level {
- file "lamers.log" versions 3 size 20m;
- print-time yes;
- print-category yes;
- };
-.Ed
-
-.Pp
-The argument for the
-.Ic syslog
-clause is a syslog facility as described in the
-.Xr syslog 3
-manual page. How
-.Nm syslogd
-will handle messages sent to this facility is described in the
-.Xr syslog.conf 5
-manual page. If you have a system which uses a very old version of
-syslog that only uses two arguments to the
-.Fn openlog()
-function, then this clause is silently ignored.
-
-.Pp
-The
-.Ic severity
-clause works like syslog's ``priorities'', except that they can also be
-used if you are writing straight to a file rather than using
-syslog. Messages which are not at least of the severity level given
-will not be selected for the channel; messages of higher severity
-levels will be accepted.
-
-.Pp
-If you are using syslog, then the
-.Pa syslog.conf
-priorities will also determine what eventually passes through.
-For example, defining a channel facility and severity as
-.Li daemon
-and
-.Li debug
-but only logging
-.Li daemon.warning
-via
-.Pa syslog.conf
-will cause messages of severity
-.Li info
-and
-.Li notice
-to be dropped. If the situation were reversed, with
-.Nm named
-writing messages of only
-.Li warning
-or higher, then
-.Nm syslogd
-would print all messages it received from the channel.
-
-.Pp
-The server can supply extensive debugging information when it is in
-debugging mode. If the server's global debug level is greater than
-zero, then debugging mode will be active. The global debug level is
-set either by starting the
-.Nm named
-server with the
-.Fl d
-flag followed by a positive integer, or by sending the running server the
-.Dv SIGUSR1
-signal (for example, by using
-.Ic ndc trace ) .
-The global debug level can be set to
-zero, and debugging mode turned off, by sending the server the
-.Dv SIGUSR2
-signal (as with
-.Ic ndc notrace ) .
-All debugging messages in the server have a
-debug level, and higher debug levels give more more detailed output.
-Channels that specify a specific debug severity, e.g.
-
-.Bd -literal
- channel specific_debug_level {
- file \&"foo\&";
- severity debug 3;
- };
-.Ed
-
-will get debugging output of level 3 or less any time the
-server is in debugging mode, regardless of the global debugging level.
-Channels with
-.Li dynamic
-severity use the server's global level to determine what messages to
-print.
-
-.Pp
-If
-.Ic print-time
-has been turned on, then the date and time will be logged.
-.Ic print-time
-may be specified for a syslog channel, but is usually pointless since
-syslog also prints the date and time.
-If
-.Ic print-category
-is requested, then the category of the message will be logged as well.
-Finally, if
-.Ic print-severity
-is on, then the severity level of the message will be logged. The
-.Ic print-
-options may be used
-in any combination, and will always be printed in the following order:
-time, category, severity. Here is an example where all three
-.Ic print-
-options are on:
-
-.Bd -literal
- 28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries.
-.Ed
-
-.Pp
-There are four predefined channels that are used for
-.Nm named 's
-default logging as follows. How they are used
-used is described in the next section,
-.Sx The category phrase.
-
-.Bd -literal
- channel default_syslog {
- syslog daemon; # send to syslog's daemon facility
- severity info; # only send priority info and higher
- };
-
- channel default_debug {
- file \&"named.run\&"; # write to named.run in the working directory
- # Note: stderr is used instead of \&"named.run\&"
- # if the server is started with the -f option.
- severity dynamic; # log at the server's current debug level
- };
-
- channel default_stderr { # writes to stderr
- file \&"<stderr>\&"; # this is illustrative only; there's currently
- # no way of specifying an internal file
- # descriptor in the configuration language.
- severity info; # only send priority info and higher
- };
-
- channel null {
- null; # toss anything sent to this channel
- };
-.Ed
-
-Once a channel is defined, it cannot be redefined. Thus you cannot
-alter the built-in channels directly, but you can modify the default
-logging by pointing categories at channels you have defined.
-
-.Ss The category phrase
-
-There are many categories, so you can send the logs you want to see
-wherever you want, without seeing logs you don't want. If you don't
-specify a list of channels for a category, then log messages in that
-category will be sent to the
-.Li default
-category instead.
-If you don't specify a default category, the following ``default
-default'' is used:
-
-.Bd -literal
- category default { default_syslog; default_debug; };
-.Ed
-
-As an example, let's say you want to log security events to a file,
-but you also want keep the default logging behavior. You'd specify
-the following:
-
-.Bd -literal
- channel my_security_channel {
- file \&"my_security_file\&";
- severity info;
- };
- category security { my_security_channel;
- default_syslog; default_debug; };
-.Ed
-
-To discard all messages in a category, specify the
-.Li null
-channel:
-
-.Bd -literal
- category lame-servers { null; };
- category cname { null; };
-.Ed
-
-The following categories are available:
-
-.Bl -tag -width 1
-.It Ic default
-The catch-all. Many things still aren't classified into categories,
-and they all end up here. Also, if you don't specify any channels for
-a category, the default category is used instead. If you do not
-define the default category, the following definition is used:
-.Dl category default { default_syslog; default_debug; };
-
-.It Ic config
-High-level configuration file processing.
-
-.It Ic parser
-Low-level configuration file processing.
-
-.It Ic queries
-A short log message is generated for every query the server receives.
-
-.It Ic lame-servers
-Messages like ``Lame server on ...''
-
-.It Ic statistics
-Statistics.
-
-.It Ic panic
-If the server has to shut itself down due to an internal problem, it
-will log the problem in this category as well as in the problem's native
-category. If you do not define the panic category, the following definition
-is used:
-.Dl category panic { default_syslog; default_stderr; };
-
-.It Ic update
-Dynamic updates.
-
-.It Ic ncache
-Negative caching.
-
-.It Ic xfer-in
-Zone transfers the server is receiving.
-
-.It Ic xfer-out
-Zone transfers the server is sending.
-
-.It Ic db
-All database operations.
-
-.It Ic eventlib
-Debugging info from the event system. Only one channel may be specified for
-this category, and it must be a file channel. If you do not define the
-eventlib category, the following definition is used:
-.Dl category eventlib { default_debug; };
-
-.It Ic packet
-Dumps of packets received and sent. Only one channel may be specified for
-this category, and it must be a file channel. If you do not define the
-packet category, the following definition is used:
-.Dl category packet { default_debug; };
-
-.It Ic notify
-The NOTIFY protocol.
-
-.It Ic cname
-Messages like ``... points to a CNAME''.
-
-.It Ic security
-Approved/unapproved requests.
-
-.It Ic os
-Operating system problems.
-
-.It Ic insist
-Internal consistency check failures.
-
-.It Ic maintenance
-Periodic maintenance events.
-
-.It Ic load
-Zone loading messages.
-
-.It Ic response-checks
-Messages arising from response checking, such as
-``Malformed response ...'', ``wrong ans. name ...'',
-``unrelated additional info ...'', ``invalid RR type ...'',
-and ``bad referral ...''.
-
-.El
-
-.Sh THE OPTIONS STATEMENT
-.Ss Syntax
-
-.Bd -literal
-options {
- [ version \fIversion_string\fR; ]
- [ directory \fIpath_name\fR; ]
- [ named-xfer \fIpath_name\fR; ]
- [ dump-file \fIpath_name\fR; ]
- [ memstatistics-file \fIpath_name\fR; ]
- [ pid-file \fIpath_name\fR; ]
- [ statistics-file \fIpath_name\fR; ]
- [ auth-nxdomain \fIyes_or_no\fR; ]
- [ deallocate-on-exit \fIyes_or_no\fR; ]
- [ dialup \fIyes_or_no\fR; ]
- [ fake-iquery \fIyes_or_no\fR; ]
- [ fetch-glue \fIyes_or_no\fR; ]
- [ has-old-clients \fIyes_or_no\fR; ]
- [ host-statistics \fIyes_or_no\fR; ]
- [ multiple-cnames \fIyes_or_no\fR; ]
- [ notify \fIyes_or_no\fR; ]
- [ recursion \fIyes_or_no\fR; ]
- [ rfc2308-type1 \fIyes_or_no\fR; ]
- [ use-id-pool \fIyes_or_no\fR; ]
- [ treat-cr-as-space \fIyes_or_no\fR; ]
- [ also-notify \fIyes_or_no\fR; ]
- [ forward ( only | first ); ]
- [ forwarders { [ \fIin_addr\fR ; [ \fIin_addr\fR ; ... ] ] }; ]
- [ check-names ( master | slave | response ) ( warn | fail | ignore); ]
- [ allow-query { \fIaddress_match_list\fR }; ]
- [ allow-recursion { \fIaddress_match_list\fR }; ]
- [ allow-transfer { \fIaddress_match_list\fR }; ]
- [ blackhole { \fIaddress_match_list\fR }; ]
- [ listen-on [ port \fIip_port\fR ] { \fIaddress_match_list\fR }; ]
- [ query-source [ address ( \fIip_addr\fR | * ) ]
- [ port ( \fIip_port\fR | * ) ] ; ]
- [ lame-ttl \fInumber\fR; ]
- [ max-transfer-time-in \fInumber\fR; ]
- [ max-ncache-ttl \fInumber\fR; ]
- [ min-roots \fInumber\fR; ]
- [ serial-queries \fInumber\fR; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ transfers-in \fInumber\fR; ]
- [ transfers-out \fInumber\fR; ]
- [ transfers-per-ns \fInumber\fR; ]
- [ transfer-source \fIip_addr\fR; ]
- [ maintain-ixfr-base \fIyes_or_no\fR; ]
- [ max-ixfr-log-size \fInumber\fR; ]
- [ coresize \fIsize_spec\fR ; ]
- [ datasize \fIsize_spec\fR ; ]
- [ files \fIsize_spec\fR ; ]
- [ stacksize \fIsize_spec\fR ; ]
- [ cleaning-interval \fInumber\fR; ]
- [ heartbeat-interval \fInumber\fR; ]
- [ interface-interval \fInumber\fR; ]
- [ statistics-interval \fInumber\fR; ]
- [ topology { \fIaddress_match_list\fR }; ]
- [ sortlist { \fIaddress_match_list|fR }; ]
- [ rrset-order { \fIorder_spec\fR ; [ \fIorder_spec\fR ; ... [ [ };
-};
-.Ed
-
-.Ss Definition and Usage
-
-The options statement sets up global options to be used by
-BIND. This statement may appear at only once in a
-configuration file; if more than one occurrence is found, the
-first occurrence determines the actual options used,
-and a warning will be generated. If there is no options statement,
-an options block with each option set to its default will be used.
-
-.Ss Pathnames
-
-.Bl -tag -width 1
-
-.It Ic version
-The version the server should report via the ndc command or via a query of
-name
-.Pa version.bind
-in class chaos. The default is the real version number of ths server,
-but some server operators prefer the string (
-.Ic surely you must be joking
-).
-
-.It Ic directory
-The working directory of the server. Any non-absolute
-pathnames in the configuration file will be taken as relative to this
-directory. The default location for most server output files
-(e.g.
-.Pa named.run )
-is this directory. If a directory is not
-specified, the working directory defaults to
-.Pa . ,
-the directory from which the
-server was started. The directory specified should be an absolute path.
-
-.It Ic named-xfer
-The pathname to the named-xfer program that the server uses for
-inbound zone transfers. If not specified, the default is
-system dependent (e.g.
-.Pa /usr/sbin/named-xfer
-).
-
-.It Ic dump-file
-The pathname of the file the server dumps the database to when it
-receives
-.Dv SIGINT
-signal (as sent by
-.Ic ndc dumpdb
-). If not specified, the default is
-.Pa named_dump.db .
-
-.It Ic memstatistics-file
-The pathname of the file the server writes memory usage statistics to
-on exit, if
-.Ic deallocate-on-exit
-is
-.Li yes .
-If not specified, the default is
-.Pa named.memstats .
-
-.It Ic pid-file
-The pathname of the file the server writes its process ID in. If not
-specified, the default is operating system dependent, but is usually
-.Pa /var/run/named.pid
-or
-.Pa /etc/named.pid .
-The pid-file is used by programs like
-.Nm ndc
-that want to send signals to the running nameserver.
-
-.It Ic statistics-file
-The pathname of the file the server appends statistics to when it
-receives
-.Dv SIGILL
-signal (from
-.Ic ndc stats ) .
-If not specified, the default is
-.Pa named.stats .
-.El
-
-.Ss Boolean Options
-
-.Bl -tag -width 1
-.It Ic auth-nxdomain
-If
-.Li yes ,
-then the
-.Li AA
-bit is always set on
-.Dv NXDOMAIN
-responses, even if the server is not actually authoritative.
-The default is
-.Li yes .
-Do not turn off
-.Ic auth-nxdomain
-unless you are sure you know what you are
-doing, as some older software won't like it.
-
-.It Ic deallocate-on-exit
-If
-.Li yes ,
-then when the server exits it will painstakingly deallocate every
-object it allocated, and then write a memory usage report to the
-.Ic memstatistics-file .
-The default is
-.Li no ,
-because it is faster to let the operating system clean up.
-.Ic deallocate-on-exit
-is handy for detecting memory leaks.
-
-.It Ic dialup
-If
-.Li yes ,
-then the server treats all zones as if they are doing zone transfers
-across a dial on demand dialup link, which can be brought up by
-traffic originating from this server. This has different effects
-according to zone type and concentrates the zone maintenance so that
-it all happens in a short interval, once every
-.Ic heartbeat-interval
-and hopefully during the one call.
-It also suppresses some of the normal zone maintenance traffic.
-The default is
-.Li no .
-The
-.Ic dialup
-option may also be specified in the
-.Ic zone
-statement, in which
-case it overrides the
-.Ic options dialup
-statement.
-
-.Pp
-If the zone is a
-.Ic master
-then the server will send out
-.Dv NOTIFY
-request to all the slaves.
-This will trigger the zone up to date checking in the slave (providing
-it supports
-.Dv NOTIFY )
-allowing the slave
-to verify the zone while the call us up.
-
-.Pp
-If the zone is a
-.Ic slave
-or
-.Ic stub
-then the server will suppress the zone regular zone up to date queries
-and only perform the when the
-.Ic heartbeat-interval
-expires.
-
-.It Ic fake-iquery
-If
-.Li yes ,
-the server will simulate the obsolete DNS query type
-.Dv IQUERY .
-The default is
-.Li no .
-
-.It Ic fetch-glue
-If
-.Li yes
-(the default), the server will fetch ``glue'' resource
-records it doesn't have when constructing the additional data section of
-a response.
-.Ic fetch-glue no
-can be used in conjunction with
-.Ic recursion no
-to prevent the server's cache from growing or
-becoming corrupted (at the cost of requiring more work from the client).
-
-.It Ic has-old-clients
-Setting the option to
-.Li yes ,
-is equivalent to setting the following three options:
-.Ic auth-nxdomain yes ;,
-.Ic maintain-ixfr-base yes ;,
-and
-.Ic rfc2308-type1 no ;
-. The use of
-.Ic has-old-clients
-with
-.Ic auth-nxdomain ,
-.Ic maintain-ixfr-base ,
-and
-.Ic rfc2308-type1
-is order dependant.
-
-.It Ic host-statistics
-If
-.Li yes ,
-then statistics are kept for every host that the the nameserver
-interacts with. The default is
-.Li no .
-.Em Note:
-turning on
-.Ic host-statistics
-can consume huge amounts of memory.
-
-.It Ic maintain-ixfr-base
-If
-.Li yes ,
-statistics are kept for every host that the nameserver interacts with. The default is
-.Li no .
-.Em Note:
-turning on
-.Li host-statistics
-can consume huge amounts of memory.
-
-.It Ic multiple-cnames
-If
-.Li yes ,
-then multiple CNAME resource records will be
-allowed for a domain name. The default is
-.Li no .
-Allowing multiple CNAME records is against standards and is not recommended.
-Multiple CNAME support is available because previous versions of BIND
-allowed multiple CNAME records, and these records have been used for load
-balancing by a number of sites.
-
-.It Ic notify
-If
-.Li yes
-(the default), DNS NOTIFY messages are sent when a
-zone the server is authoritative for changes. The use of NOTIFY
-speeds convergence between the master and its slaves. Slave servers
-that receive a NOTIFY message and understand it will contact the
-master server for the zone and see if they need to do a zone transfer, and
-if they do, they will initiate it immediately. The
-.Ic notify
-option may also be specified in the
-.Ic zone
-statement, in which case it overrides the
-.Ic options notify
-statement.
-
-.It Ic recursion
-If
-.Li yes ,
-and a DNS query requests recursion, then the
-server will attempt to do all the work required to answer the query.
-If recursion is not on, the server will return a referral to the
-client if it doesn't know the answer. The default is
-.Li yes .
-See also
-.Ic fetch-glue
-above.
-
-.It Ic rfc2308-type1
-If
-.Li yes,
-the server will send NS records along with the SOA record for negative
-answers. You need to set this to no if you have an old BIND server using
-you as a forwarder that does not understand negative answers which contain
-both SOA and NS records or you have an old version of sendmail. The correct
-fix is to upgrade the broken server or sendmail. The default is
-.Li no .
-
-.It Ic use-id-pool
-If
-.Li yes,
-the server will keep track of its own outstanding query ID's to avoid duplication
-and increase randomness. This will result in 128KB more memory being consumed
-by the server. The default is
-.Li no .
-
-.It Ic treat-cr-as-space
-If
-.Li yes,
-the server will treat CR characters the same way it treats a space
-or tab. This may be necessary when loading zone files on a UNIX system
-that were generated on an NT or DOS machine. The default is
-.Li no .
-
-
-.El
-
-.Ss Also-Notify
-
-.Ic also-notify
-
-Defines a global list of IP addresses that also get sent NOTIFY messages
-whenever a fresh copy of the zone is loaded. This helps to ensure that copies of
-the zones will quickly converge on ``stealth'' servers. If an
-.Ic also-notify
-list is given in a
-.Ic zone
-statement, it will override the
-.Ic options also-notify
-statement. When a
-.Ic zone notify
-statement is set to
-.Ic no ,
-the IP addresses in
-the global
-.Ic also-notify
-list will not get sent NOTIFY messages for that zone.
-The default is the empty list (no global notification list).
-
-.Ss Forwarding
-
-.Pp
-The forwarding facility can be used to create a large site-wide
-cache on a few servers, reducing traffic over links to external
-nameservers. It can also be used to allow queries by servers that do
-not have direct access to the Internet, but wish to look up exterior
-names anyway. Forwarding occurs only on those queries for which the
-server is not authoritative and does not have the answer in its cache.
-
-.Bl -tag -width 1
-.It Ic forward
-This option is only meaningful if the
-.Ic forwarders
-list is
-not empty. A value of
-.Li first ,
-the default, causes the
-server to query the forwarders first, and if that doesn't answer the
-question the server will then look for the answer itself. If
-.Li only
-is specified, the server will only query the forwarders.
-
-.It Ic forwarders
-Specifies the IP addresses to be used for forwarding. The default is the
-empty list (no forwarding).
-.El
-
-.Pp
-Forwarding can also be configured on a per-zone basis, allowing for
-the global forwarding options to be overridden in a variety of ways.
-You can set particular zones to use different forwarders, or have
-different
-.Ic forward only/first
-behavior, or to not forward
-at all. See
-.Sx THE ZONE STATEMENT
-section for more information.
-
-.Pp
-Future versions of BIND 8 will provide a more powerful forwarding
-system. The syntax described above will continue to be supported.
-
-.Ss Name Checking
-
-The server can check domain names based upon their expected client contexts.
-For example, a domain name used as a hostname can be checked for compliance
-with the RFCs defining valid hostnames.
-
-.Pp
-Three checking methods are available:
-
-.Bl -tag -width 1
-.It Ic ignore
-No checking is done.
-
-.It Ic warn
-Names are checked against their expected client contexts. Invalid names are
-logged, but processing continues normally.
-
-.It Ic fail
-Names are checked against their expected client contexts. Invalid names are
-logged, and the offending data is rejected.
-.El
-
-.Pp
-The server can check names three areas: master zone files, slave
-zone files, and in responses to queries the server has initiated. If
-.Ic check-names response fail
-has been specified, and
-answering the client's question would require sending an invalid name
-to the client, the server will send a
-.Dv REFUSED
-response code to the client.
-
-.Pp
-The defaults are:
-
-.Bd -literal
- check-names master fail;
- check-names slave warn;
- check-names response ignore;
-.Ed
-
-.Pp
-.Ic check-names
-may also be specified in the
-.Ic zone
-statement, in which case it overrides the
-.Ic options check-names
-statement. When used in a
-.Ic zone
-statement, the area is not specified (because it can be deduced from
-the zone type).
-
-.Ss Access Control
-
-.Pp
-Access to the server can be restricted based on the IP address of the
-requesting system or via shared secret keys. See
-.Sx ADDRESS MATCH LISTS
-for details on how to specify access criteria.
-
-.Bl -tag -width 1
-.It Ic allow-query
-Specifies which hosts are allowed to ask ordinary questions.
-.Ic allow-query
-may also be specified in the
-.Ic zone
-statement, in which case it overrides the
-.Ic options allow-query
-statement. If not specified, the default is
-
-.Bl -tag -width 1
-.It Ic allow-recursion
-Specifies which hosts are allowed to ask recursive questions.
-.Ic allow-recursion
-may also be specified in the
-.Ic zone
-statement, in which case it overrides the
-.Ic options allow-recursion
-statement. If not specified, the default is to allow recursive queries
-from all hosts.
-
-.It Ic allow-transfer
-Specifies which hosts are allowed to receive zone transfers from the
-server.
-.Ic allow-transfer
-may also be specified in the
-.Ic zone
-statement, in which case it overrides the
-.Ic options allow-transfer
-statement. If not specified, the default
-is to allow transfers from all hosts.
-
-.It Ic blackhole
-Specifies a list of addresses that the server will not accept queries from
-or use to resolve a query. Queries from these addresses will not be
-responded to.
-.El
-
-.Ss Interfaces
-
-.Pp
-The interfaces and ports that the server will answer queries from may
-be specified using the
-.Ic listen-on
-option.
-.Ic listen-on
-takes an optional port, and an address match list.
-The server will listen on all interfaces allowed by the address match
-list. If a port is not specified, port 53 will be used.
-
-.Pp
-Multiple
-.Ic listen-on
-statements are allowed. For example,
-
-.Bd -literal
- listen-on { 5.6.7.8; };
- listen-on port 1234 { !1.2.3.4; 1.2/16; };
-.Ed
-
-will enable the nameserver on port 53 for the IP address 5.6.7.8, and
-on port 1234 of an address on the machine in net 1.2 that is not
-1.2.3.4.
-
-.Pp
-If no
-.Ic listen-on
-is specified, the server will listen on port
-53 on all interfaces.
-
-.Ss Query Address
-
-.Pp
-If the server doesn't know the answer to a question, it will query
-other nameservers.
-.Ic query-source
-specifies the address and port used for such queries. If
-.Ic address
-is
-.Li *
-or is omitted, a wildcard IP address
-(
-.Dv INADDR_ANY )
-will be used. If
-.Va port
-is
-.Li *
-or is omitted, a random unprivileged port will be used.
-The default is
-.Dl query-source address * port *;
-
-.Pp
-Note:
-.Ic query-source
-currently applies only to UDP queries;
-TCP queries always use a wildcard IP address and a random unprivileged
-port.
-
-.Ss Zone Transfers
-
-.Bl -tag -width 1
-.It Ic max-transfer-time-in
-Inbound zone transfers (
-.Nm named-xfer
-processes) running
-longer than this many minutes will be terminated.
-The default is 120 minutes (2 hours).
-
-.It Ic transfer-format
-The server supports two zone transfer methods.
-.Li one-answer
-uses one DNS message per resource record
-transferred.
-.Li many-answers
-packs as many resource records
-as possible into a message.
-.Li many-answers
-is more efficient, but is only known to be understood by BIND 8.1 and
-patched versions of BIND 4.9.5. The default is
-.Li one-answer .
-.Ic transfer-format
-may be overridden on a per-server basis by using the
-.Ic server
-statement.
-
-.It Ic transfers-in
-The maximum number of inbound zone transfers that can be running
-concurrently. The default value is 10. Increasing
-.Ic transfers-in
-may speed up the convergence of slave zones,
-but it also may increase the load on the local system.
-
-.It Ic transfers-out
-This option will be used in the future to limit the number of
-concurrent outbound zone transfers. It is checked for syntax, but is
-otherwise ignored.
-
-.It Ic transfers-per-ns
-The maximum number of inbound zone transfers (
-.Nm named-xfer
-processes) that can be concurrently transferring from a given remote
-nameserver. The default value is 2. Increasing
-.Ic transfers-per-ns
-may speed up the convergence of slave zones, but it also may increase
-the load on the remote nameserver.
-.Ic transfers-per-ns
-may be overridden on a per-server basis by using the
-.Ic transfers
-phrase of the
-.Ic server
-statement.
-
-.It Ic transfer-source
-.Nm transfer-source
-determines which local address will be bound to the TCP connection used to fetch all zones
-transferred inbound by the server. If not set, it defaults to a system controlled value which will usually be the address of the interface ``closest to`` the remote end. This
-address must appear in the remote end's
-.Nm allow-transfer
-option for the zones being transferred, if one is specified. This statement sets the
-.Nm transfer-source
-for all zones, but can be overriden on a per-zone basis by includinga
-.Nm transfer-source
-statement within the zone block in the configuration file.
-.El
-
-.Ss Resource Limits
-
-.Pp
-The server's usage of many system resources can be limited. Some
-operating systems don't support some of the limits. On such systems,
-a warning will be issued if the unsupported limit is used. Some
-operating systems don't support limiting resources, and on these systems
-a
-.D1 cannot set resource limits on this system
-message will
-be logged.
-
-.Pp
-Scaled values are allowed when specifying resource limits. For
-example,
-.Li 1G
-can be used instead of
-.Li 1073741824
-to specify a limit of one gigabyte.
-.Li unlimited
-requests unlimited use, or the maximum
-available amount.
-.Li default
-uses the limit that was in
-force when the server was started.
-See the definition of
-.Va size_spec
-in the
-.Sx DOCUMENTATION DEFINITIONS
-section for more details.
-
-.Bl -tag -width 1
-.It Ic coresize
-The maximum size of a core dump. The default value is
-.Li default .
-
-.It Ic datasize
-The maximum amount of data memory the server may use. The default
-value is
-.Li default .
-
-.It Ic files
-The maximum number of files the server may have open concurrently.
-The default value is
-.Li unlimited .
-Note that on some operating systems the server cannot set an unlimited
-value and cannot determine the maximum number of open files the kernel
-can support. On such systems, choosing
-.Li unlimited
-will cause the server to use
-the larger of the
-.Va rlim_max
-from
-.Fn getrlimit RLIMIT_NOFILE
-and the value returned by
-.Fn sysconf _SC_OPEN_MAX .
-If the
-actual kernel limit is larger than this value, use
-.Ic limit files
-to specify the limit explicitly.
-
-.It Ic max-ixfr-log-size
-The
-.Li max-ixfr-log-size
-will be used in a future release of the server to limit the size of the transaction
-log kept for Incremental Zone Transfer.
-
-.It Ic stacksize
-The maximum amount of stack memory the server may use. The default value is
-.Li default .
-.El
-
-.Ss Periodic Task Intervals
-
-.Bl -tag -width 1
-.It Ic cleaning-interval
-The server will remove expired resource records from the cache every
-
-.Ic cleaning-interval
-minutes. The default is 60 minutes. If set
-to 0, no periodic cleaning will occur.
-
-.It Ic heartbeat-interval
-The server will perform zone maintenance tasks for all zones marked
-.Ic dialup yes
-whenever this interval expires.
-The default is 60 minutes. Reasonable values are up to 1 day (1440 minutes).
-If set to 0, no zone maintenance for these zones will occur.
-
-.It Ic interface-interval
-The server will scan the network interface list every
-.Ic interface-interval
-minutes. The default is 60 minutes.
-If set to 0, interface scanning will only occur when the configuration
-file is loaded. After the scan, listeners will be started on any new
-interfaces (provided they are allowed by the
-.Ic listen-on
-configuration). Listeners on interfaces that have gone away will be
-cleaned up.
-
-.It Ic statistics-interval
-Nameserver statistics will be logged every
-.Ic statistics-interval
-minutes. The default is 60. If set to 0, no statistics will be logged.
-.El
-
-.Ss Topology
-
-.Pp
-All other things being equal, when the server chooses a nameserver
-to query from a list of nameservers, it prefers the one that is
-topologically closest to itself. The
-.Ic topology
-statement takes an address match list and interprets it in a special way.
-Each top-level list element is assigned a distance.
-Non-negated elements get a distance based on
-their position in the list, where the closer the match is to the start
-of the list, the shorter the distance is between it and the server. A
-negated match will be assigned the maximum distance from the server.
-If there is no match, the address will get a distance which is further
-than any non-negated list element, and closer than any negated
-element. For example,
-
-.Bd -literal
- topology {
- 10/8;
- !1.2.3/24;
- { 1.2/16; 3/8; };
- };
-.Ed
-
-will prefer servers on network 10 the most, followed by hosts on
-network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception
-of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least
-of all.
-
-.Pp
-The default topology is
-.Dl topology { localhost; localnets; };
-
-.Ss Resource Record sorting
-
-.Pp
-When returning multiple RRs, the nameserver will normally return them in
-.Ic Round Robin ,
-i.e. after each request, the first RR is put to the end of the list.
-As the order of RRs is not defined, this should not cause any problems.
-
-The client resolver code should re-arrange the RRs as appropriate, i.e. using
-any addresses on the local net in preference to other addresses. However, not all
-resolvers can do this, or are not correctly configured.
-
-When a client is using a local server, the sorting can be performed in the server,
-based on the client's address. This only requires configuring the nameservers,
-not all the clients.
-
-The
-.Ic sortlist
-statement takes an address match list and interprets it even more
-specially than the
-.Ictopology
-statement does.
-
-Each top level statement in the sortlist must itself be an explicit address match
-list with one or two elements. The first element (which may be an IP address,
-an IP prefix, an ACL name or nested address match list) of each top level list is
-checked against the source address of the query until a match is found.
-
-Once the source address of the query has been matched, if the top level
-statement contains only one element, the actual primitive element that
-matched the source address is used to select the address in the response to
-move to the beginning of the response. If the statement is a list of two elements,
-the second element is treated like the address match list in a topology
-statement. Each top level element is assigned a distance and the address in the
-response with the minimum distance is moved to the beginning of the response.
-
-In the following example, any queries received from any of the addresses of the
-host itself will get responses preferring addresses on any of the locally
-connected networks. Next most preferred are addresses on the 192.168.1/24
-network, and after that either the 192.168.2/24 or 192.168.3/24 network with no
-preference shown between these two networks. Queries received from a host on
-the 192.168.1/24 network will prefer other addresses on that network to the
-192.168.2/24 and 192.168.3/24 networks. Queries received from a host on the
-192.168.4/24 or the 192.168.5/24 network will only prefer other addresses on
-their directly connected networks.
-
-.Bd -literal
-sortlist {
- { localhost; // IF the local host
- { localnets; // THEN first fit on the
- 192.168.1/24; // following nets
- { 192,168.2/24; 192.168.3/24; }; }; };
- { 192.168.1/24; // IF on class C 192.168.1
- { 192.168.1/24; // THEN use .1, or .2 or .3
- { 192.168.2/24; 192.168.3/24; }; }; };
- { 192.168.2/24; // IF on class C 192.168.2
- { 192.168.2/24; // THEN use .2, or .1 or .3
- { 192.168.1/24; 192.168.3/24; }; }; };
- { 192.168.3/24; // IF on class C 192.168.3
- { 192.168.3/24; // THEN use .3, or .1 or .2
- { 192.168.1/24; 192.168.2/24; }; }; };
- { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net
- };
-};
-.Ed
-
-The following example will give reasonable behaviour for the local host and
-hosts on directly connected networks. It is similar to the behavior of the
-address sort in BIND 4.9.x. Responses sent to queries from the local host will
-favor any of the directly connected networks. Responses sent to queries from
-any other hosts on a directly connected network will prefer addresses on that
-same network. Responses to other queries will not be sorted.
-
-.Bd -literal
-sortlist {
- { localhost; localnets; };
- { localnets; };
-};
-.Ed
-
-.Ss RRset Ordering
-
-.Pp
-When multiple records are returned in an answer it may be useful to configure
-the order the records are placed into the response. For example the records for
-a zone might be configured to always be returned in the order they are defined
-in the zone file. Or perhaps a random shuffle of the records as they are
-returned is wanted. The rrset-order statement permits configuration of the
-ordering made of the records in a multiple record response. The default, if no
-ordering is defined, is a cyclic ordering (round robin).
-
-An
-.Ic order_spec
-is defined as follows:
-
-.Bd -literal
- [ \fIclass class_name\fR ][ \fItype type_name\fR ][ \fIname\fR "FQDN" ] \fIorder\fR ordering
-.Ed
-
-If no class is specified, the default is
-.Ic ANY .
-If no
-.Li Ictype
-is specified, the default is
-.Ic ANY .
-If no name is specified, the default is "*".
-
-The legal values for
-.Ic ordering
-are:
-
-.Bd -literal
-.Ic fixed
- Records are returned in the order they are defined in the zone file.
-.Ic random
- Records are returned in some random order.
-.Ic cyclic
- Records are returned in a round-robin order.
-
-For example:
-
- rrset-order {
- class IN type A name "rc.vix.com" order random;
- order cyclic;
- };
-.Ed
-
-will cause any responses for type A records in class IN that have "rc.vix.com" as
-a suffix, to always be returned in random order. All other records are returned
-in cyclic order.
-
-If multiple
-.Ic rrset-order
-statements appear, they are not combined--the last one applies.
-
-If no
-.Ic rrset-order
-statement is specified, a default one of:
-
-.Bd -literal
- rrset-order { class ANY type ANY name "*" order cyclic ; };
-.Ed
-
-is used.
-
-.Ss Tuning
-
-.Bl -tag -width 1
-.It Ic lame-ttl
-Sets the number of seconds to cache a lame server indication. 0 disables
-caching. Default is 600 (10 minutes). Maximum value is 1800 (30 minutes)
-.It Ic max-ncache-ttl
-To reduce network traffic and increase performance the server store negative
-answers.
-.Ic max-ncache-ttl
-is used to set a maximum retention time
-for these answers in the server is seconds. The default
-.Ic max-ncache-ttl
-is 10800 seconds (3 hours).
-.Ic max-ncache-ttl
-cannot exceed the maximum retention time for ordinary (positive)
-answers (7 days) and will be silently truncated to 7 days if set to a
-value which is greater that 7 days.
-.It Ic min-roots
-The minimum number of root servers that is required for a request for the root
-servers to be accepted. Default is 2.
-.El
-
-.Sh THE ZONE STATEMENT
-.Ss Syntax
-
-.Bd -literal
-zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] {
- type master;
- file \fIpath_name\fR;
- [ check-names ( warn | fail | ignore ); ]
- [ allow-update { \fIaddress_match_list\fR }; ]
- [ allow-query { \fIaddress_match_list\fR }; ]
- [ allow-transfer { \fIaddress_match_list\fR }; ]
- [ dialup \fIyes_or_no\fR; ]
- [ notify \fIyes_or_no\fR; ]
- [ also-notify { \fIip_addr\fR; [ \fIip_addr\fR; ... ] };
- [ pubkey \fInumber\fR \fInumber\fR \fInumber\fR \fIstring\fR; ]
-};
-
-zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] {
- type ( slave | stub );
- [ file \fIpath_name\fR; ]
- masters [ port \fIip_port\fR ] { \fIip_addr\fR; [ \fIip_addr\fR; ... ] };
- [ check-names ( warn | fail | ignore ); ]
- [ allow-update { \fIaddress_match_list\fR }; ]
- [ allow-query { \fIaddress_match_list\fR }; ]
- [ allow-transfer { \fIaddress_match_list\fR }; ]
- [ transfer-source \fIip_addr\fR; ]
- [ max-transfer-time-in \fInumber\fR; ]
- [ notify \fIyes_or_no\fR; ]
- [ also-notify { \fIip_addr\fR; [ \fIip_addr\fR; ... ] };
- [ pubkey \fInumber\fR \fInumber\fR \fInumber\fR \fIstring\fR; ]
-};
-
-zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] {
- type forward;
- [ forward ( only | first ); ]
- [ forwarders { [ \fIip_addr\fR ; [ \fIip_addr\fR ; ... ] ] }; ]
- [ check-names ( warn | fail | ignore ); ]
-};
-
-zone \&".\&" [ ( in | hs | hesiod | chaos ) ] {
- type hint;
- file \fIpath_name\fR;
- [ check-names ( warn | fail | ignore ); ]
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic zone
-statement is used to define how information about particular DNS zones
-is managed by the server. There are five different zone types.
-
-.Bl -tag -width 1
-.It Ic master
-The server has a master copy of the data for the zone and will be able
-to provide authoritative answers for it.
-
-.It Ic slave
-A
-.Ic slave
-zone is a replica of a master zone. The
-.Ic masters
-list specifies one or more IP addresses that the slave contacts to
-update its copy of the zone. If a
-.Ic port
-is specified then checks to see if the zone is current and zone transfers
-will be done to the port given. If
-.Ic file
-is specified, then the replica will be written to the named file.
-Use of the
-.Ic file
-clause is highly recommended, since it often speeds server startup
-and eliminates a needless waste of bandwidth.
-
-.It Ic stub
-A
-.Ic stub
-zone is like a slave zone, except that it replicates
-only the NS records of a master zone instead of the entire zone.
-
-.It Ic forward
-A
-.Ic forward
-zone is used to direct all queries in it to other servers, as described in
-.Sx THE OPTIONS STATEMENT
-section. The specification of options in such a zone will override
-any global options declared in the
-.Ic options
-statement.
-
-.Pp
-If either no
-.Ic forwarders
-clause is present in the zone or an empty list for
-.Ic forwarders
-is given, then no forwarding will be done for the zone, cancelling the
-effects of any
-.Ic forwarders
-in the
-.Ic options
-statement.
-Thus if you want to use this type of zone to change only the behavior of
-the global
-.Ic forward
-option, and not the servers used, then you also need to respecify the
-global forwarders.
-
-.It Ic hint
-The initial set of root nameservers is specified using a
-.Ic hint
-zone. When the server starts up, it uses the root hints
-to find a root nameserver and get the most recent list of root nameservers.
-.El
-
-.Pp
-Note: previous releases of BIND used the term
-.Ic primary
-for a master zone,
-.Ic secondary
-for a slave zone, and
-.Ic cache
-for a hint zone.
-
-.Ss Classes
-
-The zone's name may optionally be followed by a class. If a class is not
-specified, class
-.Ic in
-(for "internet"), is assumed. This is correct for the vast majority
-of cases.
-
-.Pp
-The
-.Ic hesiod
-class is for an information service from MIT's Project Athena. It is
-used to share information about various systems databases, such as
-users, groups, printers and so on. More information can be found at
-ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS.
-The keyword
-.Ic hs
-is a synonym for
-.Ic hesiod .
-
-.Pp
-Another MIT development was CHAOSnet, a LAN protocol created in the
-mid-1970s. It is still sometimes seen on LISP stations and other
-hardware in the AI community, and zone data for it can be specified
-with the
-.Ic chaos
-class.
-
-.Ss Options
-
-.Bl -tag -width 1
-.It Ic check-names
-See the subsection on
-.Sx Name Checking
-in
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic allow-query
-See the description of
-.Ic allow-query
-in the
-.Sx Access Control
-subsection of
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic allow-update
-Specifies which hosts are allowed to submit Dynamic DNS updates to the
-server. The default is to deny updates from all hosts.
-
-.It Ic allow-transfer
-See the description of
-.Ic allow-transfer
-in the
-.Sx Access Control
-subsection of
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic transfer-source
-.Ic transfer-source
-determines which local address will be bound to the TCP connection
-used to fetch this zone. If not set, it defaults to a system
-controlled value which will usually be the address of the interface
-``closest to'' the remote end. This address must appear in the remote end's
-.Ic allow-transfer
-option for this zone if one is specified.
-
-.It Ic max-transfer-time-in
-See the description of
-.Ic max-transfer-time-in
-in the
-.Sx Zone Transfers
-subsection of
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic dialup
-See the description of
-.Ic dialup
-in the
-.Sx Boolean Options
-subsection of
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic notify
-See the description of
-.Sx notify
-in the
-.Sx Boolean Options
-subsection of the
-.Sx THE OPTIONS STATEMENT .
-
-.It Ic also-notify
-.Ic also-notify
-is only meaningful if
-.Ic notify
-is active for this zone.
-The set of machines that will receive a DNS NOTIFY message for this
-zone is made up of all the listed nameservers for the zone (other than
-the primary master) plus any IP addresses specified with
-.Ic also-notify .
-.Ic also-notify
-is not meaningful for
-.Ic stub
-zones. The default is the empty list.
-
-.It Ic forward
-.Ic forward
-is only meaningful if the zone has a
-.Ic forwarders
-list. The
-.Ic only
-value causes the lookup to fail after trying the
-.Ic forwarders
-and getting no answer, while
-.Ic first
-would allow a normal lookup to be tried.
-
-.It Ic forwarders
-The
-.Ic forwarders
-option in a zone is used to override the list of global forwarders.
-If it is not specified in a zone of type
-.Ic forward ,
-.Em no
-forwarding is done for the zone; the global options are not used.
-
-.It Ic pubkey
-The DNSSEC flags, protocol, and algorithm are specified, as well as a base-64
-encoded string representing the key.
-.El
-
-.Sh THE ACL STATEMENT
-.Ss Syntax
-
-.Bd -literal
-acl \fIname\fR {
- \fIaddress_match_list\fR
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic acl
-statement creates a named address match list.
-It gets its name from a primary use of address match lists: Access
-Control Lists (ACLs).
-
-.Pp
-Note that an address match list's name must be defined with
-.Ic acl
-before it can be used elsewhere; no forward
-references are allowed.
-
-.Pp
-The following ACLs are built-in:
-
-.Bl -tag -width 1
-.It Ic any
-Allows all hosts.
-.It Ic none
-Denies all hosts.
-.It Ic localhost
-Allows the IP addresses of all interfaces on the system.
-.It Ic localnets
-Allows any host on a network for which the system has an interface.
-.El
-
-.Sh THE KEY STATEMENT
-.Ss Syntax
-
-.Bd -literal
-key \fIkey_id\fR {
- algorithm \fIalgorithm_id\fR;
- secret \fIsecret_string\fR;
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic key
-statement defines a key ID which can be used in a
-.Ic server
-statement to associate a method of authentication with a particular
-name server that is more rigorous than simple IP address matching.
-A key ID must be created with the
-.Ic key
-statement before it can be used in a
-.Ic server
-definition or an address match list.
-
-.Pp
-The
-.Va algorithm_id
-is a string that specifies a
-security/authentication algorithm.
-.Va secret_string
-is the secret to be used by the algorithm,
-and is treated as a base-64 encoded string.
-It should go without saying, but probably can't,
-that if you have
-.Va secret_string 's
-in your
-.Pa named.conf ,
-then it should not be readable by anyone but the superuser.
-
-.Sh THE TRUSTED-KEYS STATEMENT
-.Ss Syntax
-
-.Bd -literal
-trusted-keys {
- [ \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ]
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic trusted-keys
-statement is for use with DNSSEC-style security, originally specified
-in RFC 2065. DNSSEC is meant to
-provide three distinct services: key distribution, data origin
-authentication, and transaction and request authentication. A
-complete description of DNSSEC and its use is beyond the scope of this
-document, and readers interested in more information should start with
-RFC 2065 and then continue with the Internet Drafts available at
-http://www.ietf.org/ids.by.wg/dnssec.html.
-
-.Pp
-Each trusted key is associated with a domain name. Its attributes are
-the non-negative integral
-.Va flags ,
-.Va protocol ,
-and
-.Va algorithm ,
-as well as a base-64 encoded string representing the
-.Va key .
-
-.Pp
-Any number of trusted keys can be specified.
-
-.Sh THE SERVER STATEMENT
-.Ss Syntax
-
-.Bd -literal
-server \fIip_addr\fR {
- [ bogus \fIyes_or_no\fR; ]
- [ transfers \fInumber\fR; ]
- [ transfer-format ( one-answer | many-answers ); ]
- [ keys { \fIkey_id\fR [ \fIkey_id\fR ... ] }; ]
-};
-.Ed
-
-.Ss Definition and Usage
-
-The server statement defines the characteristics to be
-associated with a remote name server.
-
-.Pp
-If you discover that a server is giving out bad data, marking it as
-.Ic bogus
-will prevent further queries to it. The default value of
-.Ic bogus
-is
-.Li no .
-
-.Pp
-The server supports two zone transfer methods. The first,
-.Ic one-answer ,
-uses one DNS message per resource record transferred.
-.Ic many-answers
-packs as many resource records as possible into a message.
-.Ic many-answers
-is more efficient, but is only known to be understood by BIND 8.1 and
-patched versions of BIND 4.9.5. You can specify which method to use
-for a server with the
-.Ic transfer-format
-option. If
-.Ic transfer-format
-is not specified, the
-.Ic transfer-format
-specified by the
-.Ic options
-statement will be used.
-
-.Pp
-The
-.Ic transfers
-will be used in a future release of the server to limit the number of
-concurrent in-bound zone transfers from the specified server. It is
-checked for syntax but is otherwise ignored.
-
-.Pp
-The
-.Ic keys
-clause is used to identify a
-.Va key_id
-defined by the
-.Ic key
-statement, to be used for transaction security when talking to the
-remote server.
-The
-.Ic key
-statememnt must come before the
-.Ic server
-statement that references it.
-
-.Pp
-The
-.Ic keys
-statement is intended for future use by the
-server. It is checked for syntax but is otherwise ignored.
-
-.Sh THE CONTROLS STATEMENT
-.Ss Syntax
-
-.Bd -literal
-controls {
- [ inet \fIip_addr\fR
- port \fIip_port\fR
- allow { \fIaddress_match_list\fR; }; ]
- [ unix \fIpath_name\fR
- perm \fInumber\fR
- owner \fInumber\fR
- group \fInumber\fR; ]
-};
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic controls
-statement declares control channels to be used by system
-administrators to affect the operation of the local name server.
-These control channels are used by the
-.Nm ndc
-utility to send commands
-to and retrieve non-DNS results from a name server.
-
-.Pp
-A
-.Ic unix
-control channel is a FIFO in the file system, and access to it is
-controlled by normal file system permissions. It is created by
-.Nm named
-with the specified file mode bits (see
-.Xr chmod 1 ) ,
-user and group owner. Note that, unlike
-.Nm chmod ,
-the mode bits specified for
-.Ic perm
-will normally have a leading
-.Li 0
-so the number is interpreted as octal. Also note that the user and
-group ownership specified as
-.Ic owner
-and
-.Ic group
-must be given as numbers, not names.
-It is recommended that the
-permissions be restricted to administrative personnel only, or else any
-user on the system might be able to manage the local name server.
-
-.Pp
-An
-.Ic inet
-control channel is a TCP/IP socket accessible to the Internet, created
-at the specified
-.Va ip_port
-on the specified
-.Va ip_addr .
-Modern
-.Nm telnet
-clients are capable of speaking directly to these
-sockets, and the control protocol is ARPAnet-style text.
-It is recommended that 127.0.0.1 be the only
-.Va ip_addr
-used, and this only if you trust all non-privileged users on the local
-host to manage your name server.
-
-.Sh THE INCLUDE STATEMENT
-.Ss Syntax
-
-.Bd -literal
-include \fIpath_name\fR;
-.Ed
-
-.Ss Definition and Usage
-
-The
-.Ic include
-statement inserts the specified file at the point that the
-.Ic include
-statement is encountered. It cannot be used within another statement,
-though, so a line such as
-.Dl acl internal_hosts { include "internal_hosts.acl"; };
-is not allowed.
-
-.Pp
-Use
-.Ic include
-to break the configuration up into easily-managed chunks.
-For example:
-
-.Bd -literal
-include "/etc/security/keys.bind";
-include "/etc/acls.bind";
-.Ed
-
-could be used at the top of a BIND configuration file in order to
-include any ACL or key information.
-
-.Pp
-Be careful not to type
-``#include'', like you would in a C program, because
-``#'' is used to start a comment.
-
-.Sh EXAMPLES
-
-The simplest configuration file that is still realistically useful is
-one which simply defines a hint zone that has a full path to the root
-servers file.
-.Bd -literal
-zone \&".\&" in {
- type hint;
- file \&"/var/named/root.cache\&";
-};
-.Ed
-
-Here's a more typical real-world example.
-
-.Bd -literal
-/*
- * A simple BIND 8 configuration
- */
-
-logging {
- category lame-servers { null; };
- category cname { null; };
-};
-
-options {
- directory \&"/var/named\&";
-};
-
-controls {
- inet * port 52 allow { any; }; // a bad idea
- unix \&"/var/run/ndc\&" perm 0600 owner 0 group 0; // the default
-};
-
-zone \&"isc.org\&" in {
- type master;
- file \&"master/isc.org\&";
-};
-
-zone \&"vix.com\&" in {
- type slave;
- file \&"slave/vix.com\&";
- masters { 10.0.0.53; };
-};
-
-zone \&"0.0.127.in-addr.arpa\&" in {
- type master;
- file \&"master/127.0.0\&";
-};
-
-zone \&".\&" in {
- type hint;
- file \&"root.cache\&";
-};
-.Ed
-
-.Sh FILES
-.Bl -tag -width 1 -compact
-.It Pa /etc/named.conf
-The BIND 8
-.Nm named
-configuration file.
-.El
-
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr ndc 8
diff --git a/contrib/bind/doc/man/ndc.8 b/contrib/bind/doc/man/ndc.8
deleted file mode 100644
index a4645e6fa3938..0000000000000
--- a/contrib/bind/doc/man/ndc.8
+++ /dev/null
@@ -1,133 +0,0 @@
-.\" Copyright (c) 1998,1999 by Internet Software Consortium
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\"
-.Dd December 31, 1998
-.Dt @INDOT_U@NDC @SYS_OPS_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm ndc
-.Nd name daemon control program
-.Sh SYNOPSIS
-.Nm ndc
-.Op Fl c Ar channel
-.Op Fl l Ar localsock
-.Op Fl p Ar pidfile
-.Op Fl d
-.Op Fl q
-.Op Fl s
-.Op Fl t
-.Op Ar command
-.Sh DESCRIPTION
-This command allows the system administrator to control the operation
-of a name server. If no
-.Ar command
-is given,
-.Ic ndc
-will prompt for commands until it reads EOF.
-.Pp
-Options are:
-.Bl -tag -width Fl
-.It Fl c Ar channel
-Specifies the rendezvous point for the control channel. The default is
-.Pa /var/run/ndc
-(a UNIX domain socket which is also the server's default control channel).
-If the desired control channel is a TCP/IP socket, then the format of the
-.Ar channel
-argument is
-.Sy ipaddr/port
-(for example,
-.Sy 127.0.0.1/54
-would be TCP port 54 on the local host.)
-.It Fl l Ar localsock
-This option will
-.Xr bind 2
-the client side of the control channel to a specific address. Servers can
-be configured to reject connections which do not come from specific addresses.
-The format is the same as for
-.Ar channel
-(see above).
-.It Fl p Ar pidfile
-For backward compatibility with older name servers,
-.Ic ndc
-is able to use UNIX signals for control communications. This capability is
-optional in modern name servers and will disappear altogether at some future
-time. Note that the available
-.Ar command
-set is narrower when the signal interface is used. A likely
-.Ar pidfile
-argument would be something like
-.Pa /var/run/named.pid .
-.It Fl d
-Turns on debugging output, which is of interest mainly to developers.
-.It Fl q
-Suppresses prompts and result text.
-.It Fl s
-Suppresses nonfatal error announcements.
-.It Fl t
-Turns on protocol and system tracing, useful in installation debugging.
-.El
-.Sh COMMANDS
-Several commands are built into
-.Ic ndc ,
-but the full set of commands supported by the name server is dynamic and
-should be discovered using the
-.Ar help
-command (see below). Builtin commands are:
-.Bl -tag -width Fl
-.It Ar /help
-Provides help for builtin commands.
-.It Ar /exit
-Exit from
-.Ic ndc
-command interpreter.
-.It Ar /trace
-Toggle tracing (see
-.Fl -t
-description above).
-.It Ar /debug
-Toggle debugging (see
-.Fl d
-description above).
-.It Ar /quiet
-Toggle quietude (see
-.Fl q
-description above).
-.It Ar /silent
-Toggle silence (see
-.Fl s
-description above).
-.El
-.Sh NOTES
-If running in
-.Ar pidfile
-mode, any arguments to
-.Ar start
-and
-.Ar restart
-commands are passed to the new
-.Ic @INDOT@named
-on its command line. If running in
-.Ar channel
-mode, there is no
-.Ar start
-command and the
-.Ar restart
-command just tells the name server to
-.Xr execvp 2
-itself.
-.Sh AUTHOR
-Paul Vixie (Internet Software Consortium)
-.Sh SEE ALSO
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
diff --git a/contrib/bind/doc/man/nslookup.8 b/contrib/bind/doc/man/nslookup.8
deleted file mode 100644
index 5ba185009f50f..0000000000000
--- a/contrib/bind/doc/man/nslookup.8
+++ /dev/null
@@ -1,534 +0,0 @@
-.\"
-.\" ++Copyright++ 1985, 1989
-.\" -
-.\" Copyright (c) 1985, 1989
-.\" The Regents of the University of California. All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the University of
-.\" California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\" may be used to endorse or promote products derived from this software
-.\" without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\" -
-.\" Portions Copyright (c) 1993 by Digital Equipment Corporation.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies, and that
-.\" the name of Digital Equipment Corporation not be used in advertising or
-.\" publicity pertaining to distribution of the document or software without
-.\" specific, written prior permission.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
-.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" -
-.\" --Copyright--
-.\"
-.\" @(#)nslookup.8 5.3 (Berkeley) 6/24/90
-.\"
-.Dd June 24, 1990
-.Dt NSLOOKUP @SYS_OPS_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm nslookup
-.Nd query Internet name servers interactively
-.Sh SYNOPSIS
-.Nm nslookup
-.Op Fl option Ar ...
-.Op Ar host-to-find | Fl Op Ar server
-.Sh DESCRIPTION
-.Ic Nslookup
-is a program to query Internet domain name servers.
-.Ic Nslookup
-has two modes: interactive and non-interactive.
-Interactive mode allows the user to query name servers for
-information about various hosts and domains or to print a list of hosts
-in a domain.
-Non-interactive mode is used to print just the name and requested information
-for a host or domain.
-.Sh ARGUMENTS
-Interactive mode is entered in the following cases:
-.Bl -tag -width "a) "
-.It a)
-when no arguments are given (the default name server will be used),
-.It b)
-when the first argument is a hyphen (-) and the second argument
-is the host name or Internet address of a name server.
-.El
-.Pp
-Non-interactive mode is used when the name or Internet address
-of the host to be looked up
-is given as the first argument. The optional second argument specifies
-the host name or address of a name server.
-.Pp
-The options listed under the
-.Dq Li set
-command below can be specified in
-the
-.Pa .nslookuprc
-file in the user's home directory if they are listed
-one per line. Options can also be specified
-on the command line if they precede the arguments and are prefixed with
-a hyphen. For example, to change the default query type to host information,
-and the initial timeout to 10 seconds, type:
-.Bd -literal -offset indent
- nslookup -query=hinfo -timeout=10
-.Ed
-.Sh INTERACTIVE COMMANDS
-Commands may be interrupted at any time by typing a control-C.
-To exit, type a control-D
-.Pq Dv EOF
-or type
-.Li exit .
-The command line length must be less than 256 characters.
-To treat a built-in command as a host name,
-precede it with an escape character
-.Pq .&\\ .
-.Sy N.B.: An unrecognized command will be interpreted as a host name.
-.Bl -tag -width "lserver"
-.It Ar host Op Ar server
-Look up information for
-.Ar host
-using the current default server or using
-.Ar server ,
-if specified.
-If
-.Ar host
-is an Internet address and the query type is
-.Dv A
-or
-.Dv PTR ,
-the name of the host is returned.
-If
-.Ar host
-is a name and does not have a trailing period, the default
-domain name is appended to the name. (This behavior depends on the state of the
-.Ic set
-options
-.Ic domain , srchlist , defname ,
-and
-.Ic search . )
-.Pp
-To look up a host not in the current domain, append a period to
-the name.
-.It Ic server Ar domain
-.It Ic lserver Ar domain
-Change the default server to
-.Ar domain ;
-.Ic lserver
-uses the initial server to look up information about
-.Ar domain ,
-while
-.Ic server
-uses the current default server.
-If an authoritative answer can't be found, the names of servers
-that might have the answer are returned.
-.It Ic root
-Changes the default server to the server for the root of the domain name space.
-Currently, the host
-.Li ns.internic.net
-is used.
-(This command is a synonym for
-.Dq Ic lserver ns.internic.net . )
-The name of the root server can be changed with the
-.Dq Ic set root
-command.
-.It Xo Ic finger Op Ar name
-.Op Ic > Ar filename
-.Xc
-.It Xo Ic finger Op Ar name
-.Op Ic >> Ar filename
-.Xc
-Connects with the finger server on the current host.
-The current host is defined when a previous lookup for a host
-was successful and returned address information (see the
-.Dq Ic set querytype=A
-command).
-The
-.Ar name
-is optional.
-.Ic >
-and
-.Ic >>
-can be used to redirect output in the usual manner.
-.It Xo Ic ls Op Ar option
-.Ar domain Op Ic > Ar filename
-.Xc
-.It Xo Ic ls Op Ar option
-.Ar domain Op Ic >> Ar filename
-.Xc
-List the information available for
-.Ar domain ,
-optionally creating or appending to
-.Ar filename .
-The default output contains host names and their Internet addresses.
-.Ar Option
-can be one of the following:
-.Bl -tag -width "-a "
-.It Fl t Ar querytype
-lists all records of the specified type (see
-.Ar querytype
-below).
-.It Fl a
-lists aliases of hosts in the domain;
-synonym for
-.Dq Fl t Dv CNAME .
-.It Fl d
-lists all records for the domain;
-synonym for
-.Dq Fl t Dv ANY .
-.It Fl h
-lists CPU and operating system information for the domain;
-synonym for
-.Dq Fl t Dv HINFO .
-.It Fl s
-lists well-known services of hosts in the domain;
-synonym for
-.Dq Fl t Dv WKS .
-.El
-.Pp
-When output is directed to a file, hash marks are printed for every
-50 records received from the server.
-.It Ic view Ar filename
-Sorts and lists the output of previous
-.Ic ls
-command(s) with
-.Xr more @CMD_EXT@ .
-.It Ic help
-.It Ic ?
-Prints a brief summary of commands.
-.It Ic exit
-Exits the program.
-.It Xo Ic set Ar keyword
-.Ns Op = Ns Ar value
-.Xc
-This command is used to change state information that affects the lookups.
-Valid keywords are:
-.Bl -tag -width "class=v"
-.It Ic all
-Prints the current values of the frequently-used options to
-.Ic set .
-Information about the current default server and host is also printed.
-.It Ic class= Ns Ar value
-Change the query class to one of:
-.Bl -tag -width "HESIOD "
-.It Dv IN
-the Internet class
-.It Dv CHAOS
-the Chaos class
-.It Dv HESIOD
-the MIT Athena Hesiod class
-.It Dv ANY
-wildcard (any of the above)
-.El
-.Pp
-The class specifies the protocol group of the information.
-.Pp
-(Default =
-.Dv IN ;
-abbreviation =
-.Ic cl )
-.It Xo Op Ic no
-.Ns Ic debug
-.Xc
-Turn debugging mode on. A lot more information is printed about the
-packet sent to the server and the resulting answer.
-.Pp
-(Default =
-.Ic nodebug ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic deb )
-.Xc
-.It Xo Op Ic no
-.Ns Ic d2
-.Xc
-Turn exhaustive debugging mode on.
-Essentially all fields of every packet are printed.
-.Pp
-(Default =
-.Ic nod2 )
-.It Ic domain= Ns Ar name
-Change the default domain name to
-.Ar name .
-The default domain name is appended to a lookup request depending on the
-state of the
-.Ic defname
-and
-.Ic search
-options.
-The domain search list contains the parents of the default domain if it has
-at least two components in its name.
-For example, if the default domain
-is CC.Berkeley.EDU, the search list is CC.Berkeley.EDU and Berkeley.EDU.
-Use the
-.Dq Ic set srchlist
-command to specify a different list.
-Use the
-.Dq Ic set all
-command to display the list.
-.Pp
-(Default = value from
-.Xr hostname @CMD_EXT@ ,
-.Pa /etc/resolv.conf ,
-or
-.Ev LOCALDOMAIN;
-abbreviation =
-.Ic do )
-.It Ic srchlist= Ns Ar name1/name2/...
-Change the default domain name to
-.Ar name1
-and the domain search list
-to
-.Ar name1 , name2 ,
-etc. A maximum of 6 names separated by slashes (/)
-can be specified.
-For example,
-.Bd -literal -offset indent
-set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU
-.Ed
-.Pp
-sets the domain to lcs.MIT.EDU and the search list to the three names.
-This command overrides the
-default domain name and search list of the
-.Dq Ic set domain
-command.
-Use the
-.Dq Ic set all
-command to display the list.
-.Pp
-(Default = value based on
-.Xr hostname @CMD_EXT@ ,
-.Pa /etc/resolv.conf ,
-or
-.Ev LOCALDOMAIN;
-abbreviation =
-.Ic srchl )
-.It Xo Op Ic no
-.Ns Ic defname
-.Xc
-If set, append the default domain name to a single-component lookup request
-(i.e., one that does not contain a period).
-.Pp
-(Default =
-.Ic defname ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic defname )
-.Xc
-.It Xo Op Ic no
-.Ns Ic search
-.Xc
-If the lookup request contains at least one period but
-.Em doesn't
-end with a trailing period, append the domain names in the domain search list
-to the request until an answer is received.
-.Pp
-(Default =
-.Ic search ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic sea )
-.Xc
-.It Ic port= Ns Ar value
-Change the default TCP/UDP name server port to
-.Ar value .
-.Pp
-(Default = 53;
-abbreviation =
-.Ic \&po )
-.It Ic querytype= Ns Ar value
-.It Ic type= Ns Ar value
-Change the type of information query to one of:
-.Bl -tag -width "HINFO "
-.It Dv A
-the host's Internet address.
-.It Dv CNAME
-the canonical name for an alias.
-.It Dv HINFO
-the host CPU and operating system type.
-.It Dv MINFO
-the mailbox or mail list information.
-.It Dv MX
-the mail exchanger.
-.It Dv NS
-the name server for the named zone.
-.It Dv PTR
-the host name if the query is an Internet address;
-otherwise, the pointer to other information.
-.It Dv SOA
-the domain's
-.Dq start-of-authority
-information.
-.It Dv TXT
-the text information.
-.It Dv UINFO
-the user information.
-.It Dv WKS
-the supported well-known services.
-.El
-.Pp
-Other types
-.Pq Dv ANY, AXFR, MB, MD, MF, NULL
-are described in the RFC-1035 document.
-.Pp
-(Default =
-.Dv A ;
-abbreviations =
-.Ic q , ty )
-.It Xo Op Ic no
-.Ns Ic recurse
-.Xc
-Tell the name server to query other servers if it does not have the
-information.
-.Pp
-(Default =
-.Ic recurse ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic rec )
-.Xc
-.It Ic retry= Ns Ar number
-Set the number of retries to
-.Ar number .
-When a reply to a request is not received within a certain
-amount of time (changed with
-.Dq Ic set timeout ) ,
-the timeout period is doubled and the request is resent.
-The retry value controls how many times a request is resent before giving up.
-.Pp
-(Default = 4, abbreviation =
-.Ic ret )
-.It Ic root= Ns Ar host
-Change the name of the root server to
-.Ar host .
-This affects the
-.Dq Ic root
-command.
-.Pp
-(Default =
-.Ic ns.internic.net. ;
-abbreviation =
-.Ic ro )
-.It Ic timeout= Ns Ar number
-Change the initial timeout interval for waiting for a reply to
-.Ar number
-seconds. Each retry doubles the timeout period.
-.Pp
-(Default = 5 seconds; abbreviation =
-.Ic ti )
-.It Xo Op Ic no
-.Ns Ic vc
-.Xc
-Always use a virtual circuit when sending requests to the server.
-.Pp
-(Default =
-.Ic novc ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic v )
-.Xc
-.It Xo Op Ic no
-.Ns Ic ignoretc
-.Xc
-Ignore packet truncation errors.
-.Pp
-(Default =
-.Ic noignoretc ;
-abbreviation =
-.Xo Op Ic no
-.Ns Ic ig )
-.Xc
-.El
-.El
-.Sh DIAGNOSTICS
-If the lookup request was not successful, an error message is printed.
-Possible errors are:
-.Bl -tag -width "Timed"
-.It Li Timed out
-The server did not respond to a request after a certain amount of
-time (changed with
-.Dq Ic set timeout= Ns Ar value )
-and a certain number of retries (changed with
-.Dq Ic set retry= Ns Ar value ) .
-.It Li \&No response from server
-No name server is running on the server machine.
-.It Li \&No records
-The server does not have resource records of the current query type for the
-host, although the host name is valid.
-The query type is specified with the
-.Dq Ic set querytype
-command.
-.It Li Non-existent domain
-The host or domain name does not exist.
-.It Li Connection refused
-.It Li Network is unreachable
-The connection to the name or finger server could not be made
-at the current time.
-This error commonly occurs with
-.Ic ls
-and
-.Ic finger
-requests.
-.It Li Server failure
-The name server found an internal inconsistency in its database
-and could not return a valid answer.
-.It Li Refused
-The name server refused to service the request.
-.It Li Format error
-The name server found that the request packet was not in the proper format.
-It may indicate an error in
-.Nm nslookup .
-.El
-.Sh FILES
-.Bl -tag -width "/usr/share/misc/nslookup.helpXXX" -compact
-.It Pa /etc/resolv.conf
-initial domain name and name server addresses
-.It Pa $HOME/.nslookuprc
-user's initial options
-.It Pa /usr/share/misc/nslookup.help
-summary of commands
-.Sh ENVIRONMENT
-.Bl -tag -width "HOSTALIASESXXXX" -compact
-.It Ev HOSTALIASES
-file containing host aliases
-.It Ev LOCALDOMAIN
-overrides default domain
-.Sh SEE ALSO
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ;
-RFC-1034,
-.Dq Domain Names - Concepts and Facilities ;
-RFC-1035,
-.Dq Domain Names - Implementation and Specification .
-.Sh AUTHOR
-Andrew Cherenson
diff --git a/contrib/bind/doc/man/nsupdate.8 b/contrib/bind/doc/man/nsupdate.8
deleted file mode 100644
index feaa64c083e64..0000000000000
--- a/contrib/bind/doc/man/nsupdate.8
+++ /dev/null
@@ -1,214 +0,0 @@
-.\" $Id: nsupdate.8,v 8.4 1999/10/17 06:26:18 cyarnell Exp $
-.\"
-.\"Copyright (c) 1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.Dd March 5, 1999
-.Dt NSUPDATE @SYS_OPS_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm nsupdate
-.Nd update Internet name servers interactively
-.Sh SYNOPSIS
-.Nm nsupdate
-.Op Fl Ar k keydir:keyname
-.Op Fl Ar d
-.Op Fl Ar v
-.Op Ar filename
-.Sh DESCRIPTION
-.Ic Nsupdate
-is a program to update Internet domain name servers
-supporting dynamic update.
-.Ic Nsupdate
-uses the DNS resolver library to pass messages
-to a DNS server requesting the additional or deletion of
-DNS resource records (RRs).
-.Ic Nsupdate
-reads input from
-.Ar filename
-or standard input.
-.Sh ARGUMENTS
-.Bl -tag -width Fl
-.It Fl k
-Sign updates with TSIG.
-.It Fl d
-Debug mode.
-.It Fl v
-Virtual circuit - use TCP to communication with server.
-Default is UDP.
-.Sh INPUT FORMAT
-.Ic Nsupdate
-reads input records, one per line,
-each line contributing a resource record to an
-update request.
-All domain names used in a single update request
-must belong to the same DNS zone.
-A blank line causes the accumulated
-records to be formated into a single update request
-and transmitted to the zone's authoritative name servers.
-Additional records may follow,
-which are formed into additional,
-completely independent update requests.
-For the last request to be transmitted, a blank line
-must end the input.
-.Pp
-Records take one of two general forms.
-.Em Prerequisite
-records specify conditions that must be satisfied before
-the request will be processed.
-.Em Update
-records specify changes to be made to the DNS database.
-A update request consists of zero or more prerequisites
-and one or more updates.
-Each update request is processed atomically -
-all prerequisites must be satisfied, then all updates
-will be performed.
-.Pp
-.Ic Nsupdate
-understands the following input record formats:
-.Pp
-
-.Bl -ohang
-
-.It Ic prereq nxdomain Va domain-name
-Requires that no RR of any type exists with name
-.Va domain-name .
-
-.It Ic prereq yxdomain Va domain-name
-Requires that at least one RR named
-.Va domain-name
-must exist.
-
-.It Xo
-.Ic prereq nxrrset Va domain-name Op class
-.Va type
-.Xc
-Requires that no RR exists of the specified
-.Va type
-and
-.Va domain-name .
-
-.It Xo
-.Ic prereq yxrrset
-.Va domain-name Op class
-.Va type Op data...
-.Xc
-Requires that a RR exists of the specified
-.Va type
-and
-.Va domain-name .
-If
-.Va data
-is specified, it must match exactly.
-
-.It Xo
-.Ic update delete
-.Va domain-name Op class
-.Va Op type Op data...
-.Xc
-Deletes RRs named
-.Va domain-name .
-If
-.Va type
-(and possibly
-.Va data )
-is specified,
-only matching records will be deleted.
-
-.It Xo
-.Ic update add
-.Va domain-name ttl Op class
-.Va type data...
-.Xc
-Adds a new RR with specified
-.Va ttl , type ,
-and
-.Va data .
-
-.El
-
-.Sh EXAMPLES
-The following example illustrates the interactive use of
-.Ic nsupdate
-to change an IP address by deleting any existing A records
-for a domain name and then inserting a new one.
-Since no prerequisites are specified,
-the new record will be added even if
-there were no existing records to delete.
-Note the
-trailing blank line, required to process the request.
-.Bd -literal -offset indent
-$ nsupdate
-> update delete test.example.com A
-> update add test.example.com 3600 A 10.1.1.1
->
-
-.Ed
-.Pp
-In this example, a CNAME alias is added to the database
-only if there are no existing A or CNAME records for
-the domain name.
-.Bd -literal -offset indent
-$ nsupdate
-> prereq nxrrset www.example.com A
-> prereq nxrrset www.example.com CNAME
-> update add www.example.com 3600 CNAME test.example.com
->
-
-.Ed
-.Pp
-In this example, the nsupdate will be signed with the key "mykey", which
-is in the directory "/var/named/keys".
-.Bd -literal -offset indent
-$ nsupdate -k /var/named/keys:mykey
-> update add ftp.example.com 60 A 192.168.5.1
->
-
-.Ed
-
-.Sh DIAGNOSTICS
-.Bl -ohang
-
-.It Qq send error
-Typically indicates that the authoritative nameservers could not be reached
-
-.It Qq failed update packet
-Typically indicates that the nameserver has rejected the update,
-either because the nameserver doesn't support dynamic update,
-or due to an authentication failure
-
-.It Qq res_mkupdate: packet size = Va size
-(and no other messages)
-The update was successfully received and authenticated by the nameserver.
-The prerequisites, however, may have prevented the update from actually
-being performed. The only way to determine if the update was performed
-is to use debug mode
-.Fl ( d )
-and examine the status field in the nameserver's reply.
-
-.Sh FILES
-.It Pa /etc/resolv.conf
-initial domain name and name server addresses
-.Sh SEE ALSO
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ;
-RFC-1034,
-.Dq Domain Names - Concepts and Facilities ;
-RFC-1035,
-.Dq Domain Names - Implementation and Specification ;
-RFC-2136,
-Dynamic Updates in the Domain Name System.
-.Sh AUTHOR
-Brent Baccala
diff --git a/contrib/bind/doc/man/resolver.3 b/contrib/bind/doc/man/resolver.3
deleted file mode 100644
index 6ddfe11ddc791..0000000000000
--- a/contrib/bind/doc/man/resolver.3
+++ /dev/null
@@ -1,581 +0,0 @@
-.\" Copyright (c) 1985, 1995 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted provided
-.\" that: (1) source distributions retain this entire copyright notice and
-.\" comment, and (2) distributions including binaries display the following
-.\" acknowledgement: ``This product includes software developed by the
-.\" University of California, Berkeley and its contributors'' in the
-.\" documentation or other materials provided with the distribution and in
-.\" all advertising materials mentioning features or use of this software.
-.\" Neither the name of the University nor the names of its contributors may
-.\" be used to endorse or promote products derived from this software without
-.\" specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)resolver.3 6.5 (Berkeley) 6/23/90
-.\" $Id: resolver.3,v 8.11 1999/09/13 23:33:24 vixie Exp $
-.\"
-.Dd October 19, 1998
-.Dt RESOLVER @LIB_NETWORK_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm res_ninit ,
-.Nm res_nisourserver ,
-.Nm fp_resstat ,
-.Nm res_npquery ,
-.Nm res_hostalias ,
-.Nm res_nquery ,
-.Nm res_nsearch ,
-.Nm res_nquerydomain ,
-.Nm res_nmkquery ,
-.Nm res_nsend ,
-.Nm res_nupdate ,
-.Nm res_nmkupdate ,
-.Nm res_nclose ,
-.Nm res_nsendsigned ,
-.Nm res_nsendupdate ,
-.Nm res_findzonecut ,
-.Nm dn_comp ,
-.Nm dn_expand ,
-.Nm hstrerror ,
-.Nm res_init ,
-.Nm res_isourserver ,
-.Nm p_nquery ,
-.Mm p_query ,
-.Mm hostalias ,
-.Nm res_query ,
-.Nm res_search ,
-.Nm res_querydomain ,
-.Nm res_mkquery ,
-.Nm res_send ,
-.Nm res_update ,
-.Nm res_close ,
-.Nm herror
-.Nd resolver routines
-.Sh SYNOPSIS
-.Fd #include <sys/types.h>
-.Fd #include <netinet/in.h>
-.Fd #include <arpa/nameser.h>
-.Fd #include <resolv.h>
-.Fn res_ninit "res_state statp"
-.Fn res_nisourserver "const res_state statp" "const struct sockaddr_in *addr"
-.Fn fp_resstat "const res_state statp" "FILE *fp"
-.Fn res_npquery "const res_state statp" "const u_char *msg" "int msglen" "FILE *fp"
-.Fn res_hostalias "const res_state statp" "const char *name" "char *buf" "size_t buflen"
-.Fn res_nquery "res_state statp" "const char *dname" "int class" "int type" "u_char *answer" "int anslen"
-.Fn res_nsearch "res_state statp" "const char *dname" "int class" "int type" "u_char * answer" "int anslen"
-.Fn res_nquerydomain "res_state statp" "const char *name" "const char *domain" "int class" "int type" "u_char *answer" "int anslen"
-.Fn res_nmkquery "res_state statp, int op, const char *dname" "int class" "int type" "const u_char *data" "int datalen" "const u_char *newrr" "u_char *buf" "int buflen"
-.Fn res_nsend "res_state statp" "const u_char *msg" "int msglen" "u_char *answer" "int anslen"
-.Fn res_nupdate "res_state statp" "ns_updrec *rrecp_in"
-.Fn res_nmkupdate "res_state statp" "ns_updrec *rrecp_in" "u_char *buf" "int buflen"
-.Fn res_nclose "res_state statp"
-.Fn res_nsendsigned "res_state statp" "const u_char *msg" "int msglen" "ns_tsig_key *key" "u_char *answer" "int anslen"
-.Fn res_findzonecut "res_state statp" "const char *dname" "ns_class class" "int options" "char *zname" "size_t zsize" "struct in_addr *addrs" "int naddrs"
-.Fn res_nsendupdate "res_state statp" "ns_updrec *rrecp_in" "ns_tsig_key *key" "char *zname" "struct in_addr addr"
-.Fn dn_comp "const char *exp_dn" "u_char *comp_dn" "int length" "u_char **dnptrs, **lastdnptr"
-.Fn dn_expand "const u_char *msg, *eomorig, *comp_dn" "char *exp_dn" "int length"
-.Fn hstrerror "int err"
-.Sh DEPRECATED
-.nr nS 1
-.Fd #include <sys/types.h>
-.Fd #include <netinet/in.h>
-.Fd #include <arpa/nameser.h>
-.Fd #include <resolv.h>
-.Fn res_init "void"
-.Fn res_isourserver "const struct sockaddr_in *addr"
-.Fn p_nquery "const u_char *msg" "int msglen" "FILE *fp"
-.Fn p_query "const u_char *msg" "FILE *fp"
-.Fn hostalias "const char *name"
-.Fn res_query "const char *dname" "int class, type" "u_char *answer" "int anslen"
-.Fn res_search "const char *dname" "int class, type" "u_char *answer" "int anslen"
-.Fn res_querydomain "const char *name" "const char *domain" "int class" "int type" "u_char *answer" "int anslen"
-.Fn res_mkquery "int op" "const char *dname, int class, type" "const char *data" "int datalen" "struct rrec *newrr" "u_char *buf" "int buflen"
-.Fn res_send "const u_char *msg" "int msglen" "u_char *answer" "int anslen"
-.Fn res_update "ns_updrec *rrecp_in"
-.Fn res_close "void"
-.Fn herror "const char *s"
-.Sh DESCRIPTION
-These routines are used for making, sending and interpreting
-query and reply messages with Internet domain name servers.
-.Pp
-State information is kept in
-.Fa statp
-and is used to control the behavior of these functions.
-.Fa statp
-should be set to all zeros prior to the first call to any of these functions.
-.Pp
-The functions
-.Fn res_init ,
-.Fn res_isourserver ,
-.Fn p_nquery ,
-.Fn p_query ,
-.Fn hostalias ,
-.Fn res_query ,
-.Fn res_search ,
-.Fn res_querydomain ,
-.Fn res_mkquery ,
-.Fn res_send ,
-.Fn res_update ,
-.Fn res_close
-and
-.Fn herror
-are deprecated and are supplied for compatability with old source
-code.
-They use global configuration and state information that is
-kept in the structure
-.Ft _res
-rather than that referenced through
-.Ft statp .
-.Pp
-Most of the values in
-.Ft statp
-and
-.Ft _res
-are initialized on the first call to
-.Fn res_ninit
-/
-.Fn res_init
-to reasonable defaults and can be ignored.
-Options
-stored in
-.Ft statp->options
-/
-.Ft _res.options
-are defined in
-.Pa resolv.h
-and are as follows.
-Options are stored as a simple bit mask containing the bitwise
-.Dq OR
-of the options enabled.
-.Bl -tag -width "RES_DEB"
-.It Dv RES_INIT
-True if the initial name server address and default domain name are
-initialized (i.e.,
-.Fn res_ninit
-/
-.Fn res_init
-has been called).
-.It Dv RES_DEBUG
-Print debugging messages.
-.It Dv RES_AAONLY
-Accept authoritative answers only.
-should continue until it finds an authoritative answer or finds an error.
-Currently this is not implemented.
-.It Dv RES_USEVC
-Use TCP connections for queries instead of UDP datagrams.
-.It Dv RES_STAYOPEN
-Used with
-.Dv RES_USEVC
-to keep the TCP connection open between queries.
-This is useful only in programs that regularly do many queries.
-UDP should be the normal mode used.
-.It Dv RES_IGNTC
-Ignore truncation errors, i.e., don't retry with TCP.
-.It Dv RES_RECURSE
-Set the recursion-desired bit in queries.
-This is the default.
-(\c
-.Fn res_nsend
-/
-.Fn res_send
-does not do iterative queries and expects the name server
-to handle recursion.)
-.It Dv RES_DEFNAMES
-If set,
-.Fn res_nsearch
-/
-.Fn res_search
-will append the default domain name to single-component names
-(those that do not contain a dot).
-This option is enabled by default.
-.It Dv RES_DNSRCH
-If this option is set,
-.Fn res_nsearch
-/
-.Fn res_search
-will search for host names in the current domain and in parent domains; see
-.Xr hostname @DESC_EXT@ .
-This is used by the standard host lookup routine
-.Xr gethostbyname @LIB_NETWORK_EXT@ .
-This option is enabled by default.
-.It Dv RES_NOALIASES
-This option turns off the user level aliasing feature controlled by
-the
-.Ev HOSTALIASES
-environment variable.
-Network daemons should set this option.
-.It Dv RES_USE_INET6
-This option causes
-.Xr gethostbyname @LIB_NETWORK_EXT@
-to look for AAAA records before looking for A records if none are found.
-.It Dv RES_ROTATE
-This options causes the
-.Fn res_nsend
-/
-.Fn res_send
-to rotate the list of nameservers in
-.Fa statp->nsaddr_list
-/
-.Fa _res.nsaddr_list .
-.It Dv RES_KEEPTSIG
-This option causes
-.Fn res_nsendsigned
-to leave the message unchanged after TSIG verification; otherwise the TSIG
-record would be removed and the header updated.
-.El
-.Pp
-The
-.Fn res_ninit
-/
-.Fn res_init
-routine
-reads the configuration file (if any; see
-.Xr resolver @FORMAT_EXT@ )
-to get the default domain name, search list and
-the Internet address of the local name server(s).
-If no server is configured, the host running the resolver is tried.
-The current domain name is defined by the hostname
-if not specified in the configuration file;
-it can be overridden by the environment variable
-.Ev LOCALDOMAIN .
-This environment variable may contain several blank-separated
-tokens if you wish to override the
-.Dq search list
-on a per-process basis. This is similar to the
-.Ic search
-command in the configuration file.
-Another environment variable
-.Pq Dq Ev RES_OPTIONS
-can be set to override certain internal resolver options which are otherwise
-set by changing fields in the
-.Ft statp
-/
-.Ft _res
-structure or are inherited from the configuration file's
-.Ic options
-command. The syntax of the
-.Dq Ev RES_OPTIONS
-environment variable is explained in
-.Xr resolver @FORMAT_EXT@ .
-Initialization normally occurs on the first call
-to one of the other resolver routines.
-.Pp
-The
-.Fn res_nquery
-/
-.Fn res_query
-functions provides interfaces to the server query mechanism.
-They constructs a query, sends it to the local server,
-awaits a response, and makes preliminary checks on the reply.
-The query requests information of the specified
-.Fa type
-and
-.Fa class
-for the specified fully-qualified domain name
-.Fa dname .
-The reply message is left in the
-.Fa answer
-buffer with length
-.Fa anslen
-supplied by the caller.
-.Fn res_nquery
-/
-.Fn res_query
-return -1 on error or the length of the answer.
-.Pp
-The
-.Fn res_nsearch
-/
-.Fn res_search
-routines make a query and awaits a response like
-.Fn res_nquery
-/
-.Fn res_query ,
-but in addition, it implements the default and search rules
-controlled by the
-.Dv RES_DEFNAMES
-and
-.Dv RES_DNSRCH
-options.
-It returns the length of the first successful reply which is stored in
-.Ft answer
-or -1 on error.
-.Pp
-The remaining routines are lower-level routines used by
-.Fn res_nquery
-/
-.Fn res_query .
-The
-.Fn res_nmkquery
-/
-.Fn res_mkquery
-functions
-constructs a standard query message and places it in
-.Fa buf .
-It returns the size of the query, or \-1 if the query is
-larger than
-.Fa buflen .
-The query type
-.Fa op
-is usually
-.Dv QUERY ,
-but can be any of the query types defined in
-.Pa <arpa/nameser.h> .
-The domain name for the query is given by
-.Fa dname .
-.Fa Newrr
-is currently unused but is intended for making update messages.
-.Pp
-The
-.Fn res_nsend
-/
-.Fn res_send
-/
-.Fn res_nsendsigned
-routines
-sends a pre-formatted query and returns an answer.
-It will call
-.Fn res_ninit
-/
-.Fn res_init
-if
-.Dv RES_INIT
-is not set, send the query to the local name server, and
-handle timeouts and retries. Additionally,
-.Fn res_nsendsigned
-will use TSIG signatures to add authentication to the query and verify the
-response. In this case, only one nameserver will be contacted.
-The length of the reply message is returned, or \-1 if there were errors.
-.Pp
-.Fn res_nquery
-/
-.Fn res_query ,
-.Fn res_nsearch
-/
-.Fn res_search
-and
-.Fn res_nsend
-/
-.Fn res_send
-return a length that may be bigger than
-.Fa anslen .
-In that case the query should be retried with a bigger buffer.
-NOTE the answer to the second query may be larger still so supplying
-a buffer that bigger that the answer returned by the previous
-query is recommended.
-.Pp
-.Fa answer
-MUST be big enough to receive a maximum UDP response from the server or
-parts of the answer will be silently discarded.
-The default maximum UDP response size is 512 bytes.
-.Pp
-The functions
-.Fn res_nisourserver
-/
-.Fn res_isourserver
-return true when
-.Fa inp
-is one of the servers in
-.Fa statp->nsaddr_list
-/
-.Fa _res.nsaddr_list .
-.Pp
-The functions
-.Fn res_npquery
-/
-.Fn p_nquery
-/
-.Fn p_query
-print out the query and any answer in
-.Fa msg
-on
-.Fa fp .
-.Fn p_query
-is equivalent to
-.Fn p_nquery
-with
-.Fa msglen
-set to 512.
-.Pp
-The function
-.Fn fp_resstat
-prints out the active flag bits in
-.Fa statp->options
-preceeded by the text ";; res options:" on
-.Fa file .
-.Pp
-The functions
-.Fn res_hostalias
-/
-.Fn hostalias
-lookup up name in the file referred to by the
-.Ev HOSTALIASES files return a fully qualified hostname if found or NULL if
-not found or an error occurred.
-.Fn res_hostalias
-uses
-.Fa buf
-to store the result in,
-.Fn hostalias
-uses a static buffer.
-.Pp
-The functions
-.Fn res_nupdate
-/
-.Fn res_update
-take a list of ns_updrec
-.Fa rrecp_in .
-Identifies the containing zone for each record and groups the records
-according to containing zone maintaining in zone order then sends and
-update request to the servers for these zones.
-The number of zones updated is returned or -1 on error.
-.Pp
-The function
-.Fn res_findzonecut
-discovers the closest enclosing zone cut for a specified domain name,
-and finds the IP addresses of the zone's master servers.
-.Pp
-The function
-.Fn res_nsendupdate
-is used to perform TSIG authenticated dynamic update operations.
-.Fn res_nsendupdate
-sends a dynamic update to the specified IP address, authenticating the update
-if the key is not NULL.
-.Pp
-The functions
-.Fn res_nmkupdate
-/
-.Fn res_mkupdate
-take a linked list of ns_updrec
-.Fa rrecp_in
-and construct a UPDATE message in
-.Fa buf .
-.Fn res_nmkupdate
-/
-.Fn res_mkupdate
-return the length of the constructed message on no error or one of the
-following error values.
-.Bl -inset -width "-5"
-.It -1
-An error occurred parsing
-.Fa rrecp_in .
-.It -2
-The buffer
-.Fa buf
-was too small.
-.It -3
-The first record was not a zone section or there was a section order problem.
-The section order is S_ZONE, S_PREREQ and S_UPDATE.
-.It -4
-A number overflow occurred.
-.It -5
-Unknown operation or no records.
-.El
-.Pp
-The functions
-.Fn res_nclose
-/
-.Fn res_close
-close any open files referenced through
-.Fa statp
-/
-.Fa _res .
-.Pp
-The
-.Fn dn_comp
-function
-compresses the domain name
-.Fa exp_dn
-and stores it in
-.Fa comp_dn .
-The size of the compressed name is returned or \-1 if there were errors.
-The size of the array pointed to by
-.Fa comp_dn
-is given by
-.Fa length .
-The compression uses
-an array of pointers
-.Fa dnptrs
-to previously-compressed names in the current message.
-The first pointer points to
-to the beginning of the message and the list ends with
-.Dv NULL .
-The limit to the array is specified by
-.Fa lastdnptr .
-A side effect of
-.Fn dn_comp
-is to update the list of pointers for labels inserted into the message
-as the name is compressed. If
-.Fa dnptr
-is
-.Dv NULL ,
-names are not compressed. If
-.Fa lastdnptr
-is
-.Dv NULL ,
-the list of labels is not updated.
-.Pp
-The
-.Fn dn_expand
-entry
-expands the compressed domain name
-.Fa comp_dn
-to a full domain name.
-The compressed name is contained in a query or reply message;
-.Fa msg
-is a pointer to the beginning of the message.
-The uncompressed name is placed in the buffer indicated by
-.Fa exp_dn
-which is of size
-.Fa length .
-The size of compressed name is returned or \-1 if there was an error.
-.Pp
-The variables
-.Ft statp->res_h_errno
-/
-.Ft _res.res_h_errno
-and external variable
-.Ft h_errno
-is set whenever an error occurs during resolver operation. The following
-definitions are given in
-.Pa <netdb.h> :
-.Bd -literal
-#define NETDB_INTERNAL -1 /* see errno */
-#define NETDB_SUCCESS 0 /* no problem */
-#define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */
-#define TRY_AGAIN 2 /* Non-Authoritative not found, or SERVFAIL */
-#define NO_RECOVERY 3 /* Non-Recoverable: FORMERR, REFUSED, NOTIMP */
-#define NO_DATA 4 /* Valid name, no data for requested type */
-.Ed
-.Pp
-The
-.Fn herror
-function writes a message to the diagnostic output consisting of the string
-parameter
-.Fa s ,
-the constant string ": ", and a message corresponding to the value of
-.Ft h_errno .
-.Pp
-The
-.Fn hstrerror
-function returns a string which is the message text corresponding to the
-value of the
-.Fa err
-parameter.
-.Sh FILES
-.Bl -tag -width "/etc/resolv.conf "
-.It Pa /etc/resolv.conf
-See
-.Xr resolver @FORMAT_EXT@ .
-.El
-.Sh SEE ALSO
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @FORMAT_EXT@ ;
-RFC1032, RFC1033, RFC1034, RFC1035, RFC974;
-SMM:11,
-.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/man/resolver.5 b/contrib/bind/doc/man/resolver.5
deleted file mode 100644
index 21298933f0b0e..0000000000000
--- a/contrib/bind/doc/man/resolver.5
+++ /dev/null
@@ -1,224 +0,0 @@
-.\" Copyright (c) 1986 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley. The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\" @(#)resolver.5 5.9 (Berkeley) 12/14/89
-.\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $
-.\"
-.Dd November 11, 1993
-.Dt RESOLVER @FORMAT_EXT_U@
-.Os BSD 4
-.Sh NAME
-.Nm resolver
-.Nd resolver configuration file
-.Sh SYNOPSIS
-.Pa /etc/resolv.conf
-.Sh DESCRIPTION
-The
-.Nm resolver
-is a set of routines in the C library
-.Pq Xr resolve @LIB_NETWORK_EXT@
-that provide access to the Internet Domain Name System.
-The
-.Nm resolver
-configuration file contains information that is read
-by the
-.Nm resolver
-routines the first time they are invoked by a process.
-The file is designed to be human readable and contains a list of
-keywords with values that provide various types of
-.Nm resolver
-information.
-.Pp
-On a normally configured system, this file should not be necessary.
-The only name server to be queried will be on the local machine,
-the domain name is determined from the host name,
-and the domain search path is constructed from the domain name.
-.Pp
-The different configuration directives are:
-.Bl -tag -width "nameser"
-.It Li nameserver
-Internet address (in dot notation) of a name server that the
-.Nm resolver
-should query. Up to
-.Dv MAXNS
-(see
-.Pa <resolv.h> )
-name servers may be listed, one per keyword.
-If there are multiple servers, the
-.Nm resolver
-library queries them in the order listed.
-If no
-.Li nameserver
-entries are present, the default is to use the name server on the local machine.
-(The algorithm used is to try a name server, and if the query times out,
-try the next, until out of name servers,
-then repeat trying all the name servers
-until a maximum number of retries are made).
-.It Li domain
-Local domain name.
-Most queries for names within this domain can use short names
-relative to the local domain.
-If no
-.Li domain
-entry is present, the domain is determined from the local host name returned by
-.Xr gethostname @BSD_SYSCALL_EXT@ ;
-the domain part is taken to be everything after the first
-.Sq \&. .
-Finally, if the host name does not contain a domain part, the root
-domain is assumed.
-.It Li search
-Search list for host-name lookup.
-The search list is normally determined from the local domain name;
-by default, it contains only the local domain name.
-This may be changed by listing the desired domain search path
-following the
-.Li search
-keyword with spaces or tabs separating the names.
-Most
-.Nm resolver
-queries will be attempted using each component
-of the search path in turn until a match is found.
-Note that this process may be slow and will generate a lot of network
-traffic if the servers for the listed domains are not local,
-and that queries will time out if no server is available
-for one of the domains.
-.Pp
-The search list is currently limited to six domains
-with a total of 256 characters.
-.It Li sortlist
-Allows addresses returned by gethostbyname to be sorted.
-A
-.Li sortlist
-is specified by IP address netmask pairs. The netmask is
-optional and defaults to the natural netmask of the net. The IP address
-and optional network pairs are separated by slashes. Up to 10 pairs may
-be specified. For example:
-.Bd -literal -offset indent
-sortlist 130.155.160.0/255.255.240.0 130.155.0.0
-.Ed
-.It Li options
-Allows certain internal
-.Nm resolver
-variables to be modified.
-The syntax is
-.D1 Li options Ar option ...
-where
-.Ar option
-is one of the following:
-.Bl -tag -width "ndots:n "
-.It Li debug
-sets
-.Dv RES_DEBUG
-in
-.Ft _res.options .
-.It Li ndots: Ns Ar n
-sets a threshold for the number of dots which
-must appear in a name given to
-.Fn res_query
-(see
-.Xr resolver @LIB_NETWORK_EXT@ )
-before an
-.Em initial absolute query
-will be made. The default for
-.Ar n
-is
-.Dq 1 ,
-meaning that if there are
-.Em any
-dots in a name, the name will be tried first as an absolute name before any
-.Em search list
-elements are appended to it.
-.It Li timeout: Ns Ar n
-sets the amount of time the resolver will wait for a response from a remote
-name server before retrying the query via a different name server. Measured in
-seconds, the default is
-.Dv RES_TIMEOUT
-(see
-.Pa <resolv.h> ).
-.It Li attempts: Ns Ar n
-sets the number of times the resolver will send a query to its name servers
-before giving up and returning an error to the calling application. The
-default is
-.Dv RES_DFLRETRY
-(see
-.Pa <resolv.h> ).
-.It Li rotate
-sets
-.Dv RES_ROTATE
-in
-.Ft _res.options ,
-which causes round robin selection of nameservers from among those listed.
-This has the effect of spreading the query load among all listed servers,
-rather than having all clients try the first listed server first every time.
-.It Li no-check-names
-sets
-.Dv RES_NOCHECKNAME
-in
-.Ft _res.options ,
-which disables the modern BIND checking of incoming host names and mail names
-for invalid characters such as underscore (_), non-ASCII, or control characters.
-.It Li inet6
-sets
-.Dv RES_USE_INET6
-in
-.Ft _res.options .
-This has the effect of trying a AAAA query before an A query inside the
-.Ft gethostbyname
-function, and of mapping IPv4 responses in IPv6 ``tunnelled form'' if no
-AAAA records are found but an A record set exists.
-.El
-.El
-.Pp
-The
-.Li domain
-and
-.Li search
-keywords are mutually exclusive.
-If more than one instance of these keywords is present,
-the last instance wins.
-.Pp
-The
-.Li search
-keyword of a system's
-.Pa resolv.conf
-file can be
-overridden on a per-process basis by setting the environment variable
-.Dq Ev LOCALDOMAIN
-to a space-separated list of search domains.
-.Pp
-The
-.Li options
-keyword of a system's
-.Pa resolv.conf
-file can be amended on a per-process basis by setting the environment variable
-.Dq Ev RES_OPTIONS to a space-separated list of
-.Nm resolver
-options as explained above under
-.Li options .
-.Pp
-The keyword and value must appear on a single line, and the keyword
-(e.g.,
-.Li nameserver )
-must start the line. The value follows the keyword, separated by white space.
-.Sh FILES
-.Pa /etc/resolv.conf
-.Pa <resolv.h>
-.Sh SEE ALSO
-.Xr gethostbyname @LIB_NETWORK_EXT@ ,
-.Xr hostname @DESC_EXT@ ,
-.Xr @INDOT@named @SYS_OPS_EXT@ ,
-.Xr resolver @LIB_NETWORK_EXT@ ,
-.Xr resolver @FORMAT_EXT@ .
-.Dq Name Server Operations Guide for Sy BIND
diff --git a/contrib/bind/doc/man/tsig.3 b/contrib/bind/doc/man/tsig.3
deleted file mode 100644
index fa852eeceb1f2..0000000000000
--- a/contrib/bind/doc/man/tsig.3
+++ /dev/null
@@ -1,240 +0,0 @@
-.\" $Id: tsig.3,v 8.2 1999/01/08 18:54:28 vixie Exp $
-.\"
-.\"Copyright (c) 1995-1999 by Internet Software Consortium
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\"SOFTWARE.
-.\"
-.Dd January 1, 1996
-.Os BSD 4
-.Dt TSIG @SYSCALL_EXT@
-.Sh NAME
-.Nm ns_sign ,
-.Nm ns_sign_tcp ,
-.Nm ns_sign_tcp_init ,
-.Nm ns_verify ,
-.Nm ns_verify_tcp ,
-.Nm ns_verify_tcp_init ,
-.Nm ns_find_tsig
-.Nd TSIG system
-.Sh SYNOPSIS
-.Ft int
-.Fo ns_sign
-.Fa "u_char *msg"
-.Fa "int *msglen"
-.Fa "int msgsize"
-.Fa "int error"
-.Fa "void *k"
-.Fa "const u_char *querysig"
-.Fa "int querysiglen"
-.Fa "u_char *sig"
-.Fa "int *siglen"
-.Fa "time_t in_timesigned"
-.Fc
-.Ft int
-.Fn ns_sign_tcp "u_char *msg" "int *msglen" "int msgsize" "int error" \
- "ns_tcp_tsig_state *state" "int done"
-.Ft int
-.Fn ns_sign_tcp_init "void *k" "const u_char *querysig" "int querysiglen" \
- "ns_tcp_tsig_state *state"
-.Ft int
-.Fo ns_verify
-.Fa "u_char *msg"
-.Fa "int *msglen"
-.Fa "void *k"
-.Fa "const u_char *querysig"
-.Fa "int querysiglen"
-.Fa "u_char *sig"
-.Fa "int *siglen"
-.Fa "time_t in_timesigned"
-.Fa "int nostrip"
-.Fc
-.Ft int
-.Fn ns_verify_tcp "u_char *msg" "int *msglen" "ns_tcp_tsig_state *state" \
- "int required"
-.Ft int
-.Fn ns_verify_tcp_init "void *k" "const u_char *querysig" "int querysiglen" \
- "ns_tcp_tsig_state *state"
-.Ft u_char *
-.Fn ns_find_tsig "u_char *msg" "u_char *eom"
-.Sh DESCRIPTION
-The TSIG routines are used to implement transaction/request security of
-DNS messages.
-.Pp
-.Fn ns_sign
-and
-.Fn ns_verify
-are the basic routines.
-.Fn ns_sign_tcp
-and
-.Fn ns_verify_tcp
-are used to sign/verify TCP messages that may be split into multiple packets,
-such as zone transfers, and
-.Fn ns_sign_tcp_init,
-.Fn ns_verify_tcp_init
-initialize the state structure necessary for TCP operations.
-.Fn ns_find_tsig
-locates the TSIG record in a message, if one is present.
-.Pp
-.Fn ns_sign
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv msg
-the incoming DNS message, which will be modified
-.It Dv msglen
-the length of the DNS message, on input and output
-.It Dv msgsize
-the size of the buffer containing the DNS message on input
-.It Dv error
-the value to be placed in the TSIG error field
-.It Dv key
-the (DST_KEY *) to sign the data
-.It Dv querysig
-for a response, the signature contained in the query
-.It Dv querysiglen
-the length of the query signature
-.It Dv sig
-a buffer to be filled with the generated signature
-.It Dv siglen
-the length of the signature buffer on input, the signature length on output
-.El
-.Pp
-.Fn ns_sign_tcp
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv msg
-the incoming DNS message, which will be modified
-.It Dv msglen
-the length of the DNS message, on input and output
-.It Dv msgsize
-the size of the buffer containing the DNS message on input
-.It Dv error
-the value to be placed in the TSIG error field
-.It Dv state
-the state of the operation
-.It Dv done
-non-zero value signifies that this is the last packet
-.El
-.Pp
-.Fn ns_sign_tcp_init
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv k
-the (DST_KEY *) to sign the data
-.It Dv querysig
-for a response, the signature contained in the query
-.It Dv querysiglen
-the length of the query signature
-.It Dv state
-the state of the operation, which this initializes
-.El
-.Pp
-.Fn ns_verify
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv msg
-the incoming DNS message, which will be modified
-.It Dv msglen
-the length of the DNS message, on input and output
-.It Dv key
-the (DST_KEY *) to sign the data
-.It Dv querysig
-for a response, the signature contained in the query
-.It Dv querysiglen
-the length of the query signature
-.It Dv sig
-a buffer to be filled with the signature contained
-.It Dv siglen
-the length of the signature buffer on input, the signature length on output
-.It Dv nostrip
-non-zero value means that the TSIG is left intact
-.El
-.Pp
-.Fn ns_verify_tcp
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv msg
-the incoming DNS message, which will be modified
-.It Dv msglen
-the length of the DNS message, on input and output
-.It Dv state
-the state of the operation
-.It Dv required
-non-zero value signifies that a TSIG record must be present at this step
-.El
-.Pp
-.Fn ns_verify_tcp_init
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv k
-the (DST_KEY *) to verify the data
-.It Dv querysig
-for a response, the signature contained in the query
-.It Dv querysiglen
-the length of the query signature
-.It Dv state
-the state of the operation, which this initializes
-.El
-.Pp
-.Fn ns_find_tsig
-.Bl -tag -width "in_timesigned" -compact -offset indent
-.It Dv msg
-the incoming DNS message
-.It Dv msglen
-the length of the DNS message
-.El
-.Sh RETURN VALUES
-.Fn ns_find_tsig
-returns a pointer to the TSIG record if one is found, and NULL otherwise.
-.Pp
-All other routines return 0 on success, modifying arguments when necessary.
-.Pp
-.Fn ns_sign
-and
-.Fn ns_sign_tcp
-return the following errors:
-.Bl -tag -width "NS_TSIG_ERROR_NO_SPACE" -compact -offset indent
-.It Dv (-1)
-bad input data
-.It Dv (-ns_r_badkey)
-The key was invalid, or the signing failed
-.It Dv NS_TSIG_ERROR_NO_SPACE
-the message buffer is too small.
-.El
-.Pp
-.Fn ns_verify
-and
-.Fn ns_verify_tcp
-return the following errors:
-.Bl -tag -width "NS_TSIG_ERROR_NO_SPACE" -compact -offset indent
-.It Dv (-1)
-bad input data
-.It Dv NS_TSIG_ERROR_FORMERR
-The message is malformed
-.It Dv NS_TSIG_ERROR_NO_TSIG
-The message does not contain a TSIG record
-.It Dv NS_TSIG_ERROR_ID_MISMATCH
-The TSIG original ID field does not match the message ID
-.It Dv (-ns_r_badkey)
-Verification failed due to an invalid key
-.It Dv (-ns_r_badsig)
-Verification failed due to an invalid signature
-.It Dv (-ns_r_badtime)
-Verification failed due to an invalid timestamp
-.It Dv ns_r_badkey
-Verification succeeded but the message had an error of BADKEY
-.It Dv ns_r_badsig
-Verification succeeded but the message had an error of BADSIG
-.It Dv ns_r_badtime
-Verification succeeded but the message had an error of BADTIME
-.El
-.Pp
-.Sh SEE ALSO
-.Xr resolver 3 .
-.Sh AUTHORS
-Brian Wellington, TISLabs at Network Associates
-.\" .Sh BUGS
diff --git a/contrib/bind/doc/misc/DynamicUpdate b/contrib/bind/doc/misc/DynamicUpdate
deleted file mode 100644
index fb4152c74f77b..0000000000000
--- a/contrib/bind/doc/misc/DynamicUpdate
+++ /dev/null
@@ -1,284 +0,0 @@
-
-
- Description of Dynamic Update and T_UNSPEC Code
-
-
-
-
- Added by Mike Schwartz
- University of Washington Computer Science Department
- 11/86
- schwartz@cs.washington.edu
-
-
-
-
-I have incorporated 2 new features into BIND:
- 1. Code to allow (unauthenticated) dynamic updates: surrounded by
- #ifdef ALLOW_UPDATES
- 2. Code to allow data of unspecified type: surrounded by
- #ifdef ALLOW_T_UNSPEC
-
-Note that you can have one or the other or both (or neither) of these
-modifications running, by appropriately modifying the makefiles. Also,
-the external interface isn't changed (other than being extended), i.e.,
-a BIND server that allows dynamic updates and/or T_UNSPEC data can
-still talk to a 'vanilla' server using the 'vanilla' operations.
-
-The description that follows is broken into 3 parts: a functional
-description of the dynamic update facility, a functional description of
-the T_UNSPEC facility, and a discussion of the implementation of
-dynamic updates. The implementation description is mostly intended for
-those who want to make future enhancements (especially the addition of
-a good authentication mechanism). If you make enhancements, I would be
-interested in hearing about them.
-
-
-
-
-
- 1. Dynamic Update Facility
-
-I added this code in conjunction with my research into naming in large
-heterogeneous systems. For the purposes of this research, I ignored
-security issues. In other words, no authentication/authorization
-mechanism exists to control updates. Authentication will hopefully be
-addressed at some future point (although probably not by me). In the
-mean time, BIND Internet name servers (as opposed to "private" name
-server networks operating with their own port numbers, as I use in my
-research) should be compiled *without* -DALLOW_UPDATES, so that the
-integrity of the Internet name database won't be compromised by this
-code.
-
-
-There are 5 different dynamic update interfaces:
- UPDATEA - add a resource record
- UPDATED - delete a specific resource record
- UPDATEDA - delete all named resource records
- UPDATEM - modify a specific resource record
- UPDATEMA - modify all named resource records
-
-These all work through the normal resolver interface, i.e., these
-interfaces are opcodes, and the data in the buffers passed to
-res_mkquery must conform to what is expected for the particular
-operation (see the #ifdef ALLOW_UPDATES extensions to nstest.c for
-example usage).
-
-UPDATEM is logically equivalent to an UPDATED followed by an UPDATEA,
-except that the updates occur atomically at the primary server (as
-usual with Domain servers, secondaries may become temporarily
-inconsistent). The difference between UPDATED and UPDATEDA is that the
-latter allows you to delete all RRs associated with a name; similarly
-for UPDATEM and UPDATEMA. The reason for the UPDATE{D,M}A interfaces
-is two-fold:
-
- 1. Sometimes you want to delete/modify some data, but you know you'll
- only have a single RR for that data; in such a case, it's more
- convenient to delete/modify the RR by just giving the name;
- otherwise, you would have to first look it up, and then
- delete/modify it.
-
- 2. It is sometimes useful to be able to delete/modify multiple RRs
- this way, since one can then perform the operation atomically.
- Otherwise, one would have to delete/modify the RRs one-by-one.
-
-One additional point to note about UPDATEMA is that it will return a
-success status if there were *zero* or more RRs associated with the given
-name (and the RR add succeeds), whereas UPDATEM, UPDATED, and UPDATEDA
-will return a success status if there were *one* or more RRs associated
-with the given name. The reason for the difference is to handle the
-(probably common) case where what you want to do is set a particular
-name to contain a single RR, irrespective of whether or not it was
-already set.
-
-
-
-
- 2. T_UNSPEC Facility
-
-Type T_UNSPEC allows you to store data whose layout BIND doesn't
-understand. Data of this type is not marshalled (i.e., converted
-between host and network representation, as is done, for example, with
-Internet addresses) by BIND, so it is up to the client to make sure
-things work out ok w.r.t. heterogeneous data representations. The way
-I use this type is to have the client marshal data, store it, retrieve
-it, and demarshal it. This way I can store arbitrary data in BIND
-without having to add new code for each specific type.
-
-T_UNSPEC data is dumped in an ASCII-encoded, checksummed format so
-that, although it's not human-readable, it at least doesn't fill the
-dump file with unprintable characters.
-
-Type T_UNSPEC is important for my research environment, where
-potentially lots of people want to store data in the name service, and
-each person's data looks different. Instead of having BIND understand
-the format of each of their data types, the clients define marshaling
-routines and pass buffers of marshalled data to BIND; BIND never tries
-to demarshal the data...it just holds on to it, and gives it back to
-the client when the client requests it, and the client must then
-demarshal it.
-
-The Xerox Network System's name service (the Clearinghouse) works this
-way. The reason 'vanilla' BIND understands the format of all the data
-it holds is probably that BIND is tailored for a very specific
-application, and wants to make sure the data it holds makes sense (and,
-for some types, BIND needs to take additional action depending on the
-data's semantics). For more general purpose name services (like the
-Clearinghouse and my usage of BIND), this approach is less tractable.
-
-See the #ifdef ALLOW_T_UNSPEC extensions to nstest.c for example usage of
-this type.
-
-
-
-
-
-
- 3. Dynamic Update Implementation Description
-
-This section is divided into 3 subsections: General Discussion,
-Miscellaneous Points, and Known Defects.
-
-
-
-
- 3.1 General Discussion
-
-The basic scheme is this: When an update message arrives, a call is
-made to InitDynUpdate, which first looks up the SOA record for the zone
-the update affects. If this is the primary server for that zone, we do
-the update and then update the zone serial number (so that secondaries
-will refresh later). If this is a secondary server, we forward the
-update to the primary, and if that's successful, we update our copy
-afterwards. If it's neither, we refuse the update. (One might think
-to try to propagate the update to an authoritative server; I figured
-that updates will probably be most likely within an administrative
-domain anyway; this could be changed if someone has strong feelings
-about it).
-
-Note that this mechanism disallows updates when the primary is
-down, preserving the Domain scheme's consistency requirements,
-but making the primary a critical point for updates. This seemed
-reasonable to me because
- 1. Alternative schemes must deal with potentially complex
- situations involving merging of inconsistent secondary
- updates
- 2. Updates are presumed to be rare relative to read accesses,
- so this increased restrictiveness for updates over reads is
- probably not critical
-
-I have placed comments through out the code, so it shouldn't be
-too hard to see what I did. The majority of the processing is in
-doupdate() and InitDynUpdate(). Also, I added a field to the zone
-struct, to keep track of when zones get updated, so that only changed
-zones get checkpointed.
-
-
-
-
-
- 3.2 Miscellaneous Points
-
-I use ns_maint to call zonedump() if the database changes, to
-provide a checkpointing mechanism. I use the zone refresh times to
-set up ns_maint interrupts if there are either secondaries or
-primaries. Hence, if there is a secondary, this interrupt can cause
-zoneref (as before), and if there is a primary, this interrupt can
-cause doadump. I also checkpoint if needed before shutting down.
-
-You can force a server to checkpoint any changed zones by sending the
-maint signal (SIGALRM) to the process. Otherwise it just checkpoints
-during maint. interrupts, or when being shutdown (with SIGTERM).
-Sending it the dump signal causes the database to be dumped into the
-(single) dump file, but doesn't checkpoint (i.e., update the boot
-files). Note that the boot files will be overwritten with checkpoint
-files, so if you want to preserve the comments, you should keep copies
-of the original boot files separate from the versions that are actually
-used.
-
-I disallow T_SOA updates, for several reasons:
- - T_SOA deletes at the primary wont be discovered by the secondaries
- until they try to request them at maint time, which will cause
- a failure
- - the corresponding NS record would have to be deleted at the same
- time (atomically) to avoid various problems
- - T_SOA updates would have to be done in the right order, or else
- the primary and secondaries will be out-of-sync for that zone.
-My feeling is that changing the zone topology is a weighty enough thing
-to do that it should involve changing the load file and reloading all
-affected servers.
-
-There are alot of places where bind exits due to catastrophic failures
-(mainly malloc failures). I don't try to dump the database in these
-places because it's probably inconsistent anyway. It's probably better
-to depend on the most recent dump.
-
-
-
-
-
- 3.2 Known Defects
-
-1. I put the following comment in nlookup (db_lookup.c):
-
- Note: at this point, if np->n_data is NULL, we could be in one
- of two situations: Either we have come across a name for which
- all the RRs have been (dynamically) deleted, or else we have
- come across a name which has no RRs associated with it because
- it is just a place holder (e.g., EDU). In the former case, we
- would like to delete the namebuf, since it is no longer of use,
- but in the latter case we need to hold on to it, so future
- lookups that depend on it don't fail. The only way I can see
- of doing this is to always leave the namebufs around (although
- then the memory usage continues to grow whenever names are
- added, and can never shrink back down completely when all their
- associated RRs are deleted).
-
- Thus, there is a problem that the memory usage will keep growing for
- the situation described. You might just choose to ignore this
- problem (since I don't see any good way out), since things probably
- wont grow fast anyway (how many names are created and then deleted
- during a single server incarnation, after all?)
-
- The problem is that one can't delete old namebufs because one would
- want to do it from db_update, but db_update calls nlookup to do the
- actual work, and can't do it there, since we need to maintain place
- holders. One could make db_update not call nlookup, so we know it's
- ok to delete the namebuf (since we know the call is part of a delete
- call); but then there is code with alot of overlapping functionality
- in the 2 routines.
-
- This also causes another problem: If you create a name and then do
- UPDATEDA, all it's RRs get deleted, but the name remains; then, if you
- do a lookup on that name later, the name is found in the hash table,
- but no RRs are found for it. It then forwards the query to itself (for
- some reason), and then somehow decides there is no such domain, and then
- returns (with the correct answer, but after going through extra work).
- But the name remains, and each time it is looked up, we go through
- these same steps. This should be fixed, but I don't have time right
- now (and the right answer seems to come back anyway, so it's good
- enough for now).
-
-2. There are 2 problems that crop up when you store data (other than
- T_SOA and T_NS records) in the root:
- a. Can't get primary to doaxfr RRs other than SOA and NS to
- secondary.
- b. Upon checkpoint (zonedump), this data sometimes comes out after other
- data in the root, so that (since the SOA and NS records have null
- names), they will get interpreted as being records under the
- other names upon the next boot up. For example, if you have a
- T_A record called ABC, the checkpoint may look like:
- $ORIGIN .
- ABC IN A 128.95.1.3
- 99999999 IN NS UW-BORNEO.
- IN SOA UW-BORNEO. SCHWARTZ.CS.WASHINGTON.EDU.
- ( 50 3600 300 3600000 3600 )
- Then when booting up the next time, the SOA and NS records get
- interpreted as being called "ABC" rather than the null root
- name.
-
-3. The secondary server caches the T_A RR for the primary, and hence when
- it tries to ns_forw an update, it won't find the address of the primary
- using nslookup unless that T_A RR is *also* stored in the main hashtable
- (by putting it in a named.db file as well as the named.ca file).
-
diff --git a/contrib/bind/doc/misc/FAQ.1of2 b/contrib/bind/doc/misc/FAQ.1of2
deleted file mode 100644
index 99619eb37a250..0000000000000
--- a/contrib/bind/doc/misc/FAQ.1of2
+++ /dev/null
@@ -1,1602 +0,0 @@
-Newsgroups: comp.protocols.tcp-ip.domains,comp.answers,news.answers
-Path: vixie!news1.digital.com!su-news-hub1.bbnplanet.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.mathworks.com!news.kei.com!uhog.mit.edu!rutgers!njitgw.njit.edu!hertz.njit.edu!cdp2582
-From: cdp2582@hertz.njit.edu (Chris Peckham)
-Subject: comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ) (Part 1 of 2)
-Message-ID: <cptd-faq-1-849940949@njit.edu>
-Followup-To: comp.protocols.tcp-ip.domains
-Originator: cdp2582@hertz.njit.edu
-Keywords: BIND,DOMAIN,DNS
-Sender: news@njit.edu
-Supersedes: <cptd-faq-1-847336183@njit.edu>
-Nntp-Posting-Host: hertz.njit.edu
-X-Posting-Frequency: posted during the first week of each month
-Reply-To: domain-faq@njit.edu (comp.protocols.tcp-ip.domains FAQ comments)
-Organization: NJIT.EDU - New Jersey Institute of Technology, Newark, NJ, USA
-Date: Sat, 7 Dec 1996 06:42:36 GMT
-Approved: news-answers-request@MIT.EDU
-Expires: Sat 11 Jan 97 02:42:29 EDT
-Lines: 1582
-Xref: vixie comp.protocols.tcp-ip.domains:12904 comp.answers:22440 news.answers:85682
-
-Posted-By: auto-faq 3.1.1.2
-Archive-name: internet/tcp-ip/domains-faq/part1
-Revision: 1.14 1996/12/07 06:42:05
-
-
-Note that this posting has been split into two parts because of its size.
-
-$Id: FAQ.1of2,v 8.4 1996/12/18 04:22:33 vixie Exp $
-
-A new version of this document appears monthly. If this copy is more
-than a month old it may be out of date.
-
-This FAQ is edited and maintained by Chris Peckham, <cdp@pfmc.net>. The
-most recently posted version may be found for anonymous ftp from
-
-rtfm.mit.edu : /pub/usenet/news.answers/internet/tcp-ip/domains-faq
-
-It is also available in HTML from
-http://www.users.pfmc.net/~cdp/cptd-faq/.
-
-If you can contribute any answers for items in the TODO section, please do
-so by sending e-mail to <domain-faq@pfmc.net> ! If you know of any items
-that are not included and you feel that they should be, send the
-relevant information to <domain-faq@pfmc.net>.
-
-===============================================================================
-
-Index
-
- Section 1. TO DO / UPDATES
- Q1.1 Contributions needed
- Q1.2 UPDATES / Changes since last posting
-
- Section 2. INTRODUCTION / MISCELLANEOUS
- Q2.1 What is this newsgroup ?
- Q2.2 More information
- Q2.3 What is BIND ?
- Q2.4 What is the difference between BIND and DNS ?
- Q2.5 Where is the latest version of BIND located ?
- Q2.6 How can I find the path taken between two systems/domains ?
- Q2.7 How do you find the hostname given the TCP-IP address ?
- Q2.8 How do I register a domain ?
- Q2.9 How can I change the IP address of our server ?
- Q2.10 Issues when changing your domain name
- Q2.11 How memory and CPU does DNS use ?
- Q2.12 Other things to consider when planning your servers
- Q2.13 Proper way to get NS and reverse IP records into DNS
- Q2.14 How do I get my address assigned from the NIC ?
- Q2.15 Is there a block of private IP addresses I can use?
- Q2.16 Does BIND cache negative answers (failed DNS lookups) ?
- Q2.17 What does an NS record really do ?
- Q2.18 DNS ports
- Q2.19 What is the cache file
- Q2.20 Obtaining the latest cache file
- Q2.21 Selecting a nameserver/root cache
- Q2.22 InterNIC and domain names
-
- Section 3. UTILITIES
- Q3.1 Utilities to administer DNS zone files
- Q3.2 DIG - Domain Internet Groper
- Q3.3 DNS packet analyser
- Q3.4 host
- Q3.5 How can I use DNS information in my program?
- Q3.6 A source of information relating to DNS
-
- Section 4. DEFINITIONS
- Q4.1 TCP/IP Host Naming Conventions
- Q4.2 What are slaves and forwarders ?
- Q4.3 When is a server authoritative?
- Q4.4 My server does not consider itself authoritative !
- Q4.5 NS records don't configure servers as authoritative ?
- Q4.6 underscore in host-/domainnames
- Q4.7 What is lame delegation ?
- Q4.8 How can I see if the server is "lame" ?
- Q4.9 What does opt-class field in a zone file do?
- Q4.10 Top level domains
- Q4.11 Classes of networks
- Q4.12 What is CIDR ?
- Q4.13 What is the rule for glue ?
-
- Section 5. CONFIGURATION
- Q5.1 Changing a Secondary server to a Primary server ?
- Q5.2 Moving a Primary server to another server
- Q5.3 How do I subnet a Class B Address ?
- Q5.4 Subnetted domain name service
- Q5.5 Recommended format/style of DNS files
- Q5.6 DNS on a system not connected to the Internet
- Q5.7 Multiple Domain configuration
- Q5.8 wildcard MX records
- Q5.9 How do you identify a wildcard MX record ?
- Q5.10 Why are fully qualified domain names recommended ?
- Q5.11 Distributing load using named
- Q5.12 Order of returned records
- Q5.13 resolv.conf
- Q5.14 How do I delegate authority for sub-domains ?
- Q5.15 DNS instead of NIS on a Sun OS 4.1.x system
- Q5.16 Patches to add functionality to BIND
- Q5.17 How to serve multiple domains from one server
-
- Section 6. PROBLEMS
- Q6.1 No address for root server
- Q6.2 Error - No Root Nameservers for Class XX
- Q6.3 Bind 4.9.x and MX querying?
- Q6.4 Do I need to define an A record for localhost ?
- Q6.5 MX records, CNAMES and A records for MX targets
- Q6.6 Can an NS record point to a CNAME ?
- Q6.7 Nameserver forgets own A record
- Q6.8 General problems (core dumps !)
- Q6.9 malloc and DECstations
- Q6.10 Can't resolve names without a "."
- Q6.11 Err/TO errors being reported
- Q6.12 Why does swapping kill BIND ?
-
- Section 7. ACKNOWLEDGEMENTS
- Q7.1 How is this FAQ generated ?
- Q7.2 What formats are available ?
- Q7.3 Contributors
-
-===============================================================================
-
-Section 1. TO DO / UPDATES
-
- Q1.1 Contributions needed
- Q1.2 UPDATES / Changes since last posting
-
------------------------------------------------------------------------------
-
-Question 1.1. Contributions needed
-
-Date: Fri Dec 6 00:40:00 EST 1996
-
-* Expand the slave/forward section
-
------------------------------------------------------------------------------
-
-Question 1.2. UPDATES / Changes since last posting
-
-Date: Fri Dec 6 00:40:00 EST 1996
-
-* The FAQ is now maintained in BFNN (Bizzare format with No Name). This
- allows me to create ASCII, HTML, and GNU info (postscript coming soon)
- from one source file.
-* References to 4.9.4 changed to 4.9.5.
-* memory/CPU usage question - removed uunet map reference. Not there...
-* Minor edits of information and questions for new format.
-* How do I delegate authority for sub-domains ? - edited answer
-
-===============================================================================
-
-Section 2. INTRODUCTION / MISCELLANEOUS
-
- Q2.1 What is this newsgroup ?
- Q2.2 More information
- Q2.3 What is BIND ?
- Q2.4 What is the difference between BIND and DNS ?
- Q2.5 Where is the latest version of BIND located ?
- Q2.6 How can I find the path taken between two systems/domains ?
- Q2.7 How do you find the hostname given the TCP-IP address ?
- Q2.8 How do I register a domain ?
- Q2.9 How can I change the IP address of our server ?
- Q2.10 Issues when changing your domain name
- Q2.11 How memory and CPU does DNS use ?
- Q2.12 Other things to consider when planning your servers
- Q2.13 Proper way to get NS and reverse IP records into DNS
- Q2.14 How do I get my address assigned from the NIC ?
- Q2.15 Is there a block of private IP addresses I can use?
- Q2.16 Does BIND cache negative answers (failed DNS lookups) ?
- Q2.17 What does an NS record really do ?
- Q2.18 DNS ports
- Q2.19 What is the cache file
- Q2.20 Obtaining the latest cache file
- Q2.21 Selecting a nameserver/root cache
- Q2.22 InterNIC and domain names
-
------------------------------------------------------------------------------
-
-Question 2.1. What is this newsgroup ?
-
-Date: Thu Dec 1 11:08:28 EST 1994
-
-comp.protocols.tcp-ip.domains is the usenet newsgroup for discussion on
-issues relating to the Domain Name System (DNS).
-
-This newsgroup is not for issues directly relating to IP routing and
-addressing. Issues of that nature should be directed towards
-comp.protocols.tcp-ip.
-
------------------------------------------------------------------------------
-
-Question 2.2. More information
-
-Date: Fri Dec 6 00:41:03 EST 1996
-
-You can find more information concerning DNS in the following places:
-
-* The BOG (BIND Operations Guide) - in the BIND distribution
-* The FAQ included with BIND 4.9.5 in doc/misc/FAQ
-* DNS and BIND by Albitz and Liu (an O'Reilly & Associates Nutshell
- handbook)
-* A number of RFCs (920, 974, 1032, 1034, 1101, 1123, 1178, 1183, 1348,
- 1535, 1536, 1537, 1591, 1706, 1712, 1713, 1912, 1918)
-* The DNS Resources Directory (DNSRD) http://www.dns.net/dnsrd/
-* If you are having troubles relating to sendmail and DNS, you may wish to
- refer to the USEnet newsgroup comp.mail.sendmail and/or the FAQ for that
- newsgroup which may be found for anonymous ftp at rtfm.mit.edu :
- /pub/usenet/news.answers/mail/sendmail-faq
-* Information concerning some frequently asked questions relating to the
- Internet (i.e., what is the InterNIC, what is an RFC, what is the IETF,
- etc) may be found for anonymous ftp from ds.internic.net : /fyi/fyi4.txt
- A version may also be obtained with the URL
- gopher://ds.internic.net/00/fyi/fyi4.txt.
-* Information on performing an initial installation of BIND may be found
- using the DNS Resources Directory at
- http://www.dns.net/dnsrd/docs/basic.txt
-* Three other USEnet newsgroups:
-
- * comp.protocols.dns.bind
- * comp.protocols.dns.ops
- * comp.protocols.dns.std
-
------------------------------------------------------------------------------
-
-Question 2.3. What is BIND ?
-
-Date: Tue Sep 10 23:15:58 EDT 1996
-
-From the BOG Introduction -
-
-The Berkeley Internet Name Domain (BIND) implements an Internet name
-server for the BSD operating system. The BIND consists of a server (or
-``daemon'') and a resolver library. A name server is a network
-service that enables clients to name resources or objects and share this
-information with other objects in the network. This in effect is a
-distributed data base system for objects in a computer network. BIND
-is fully integrated into BSD (4.3 and later releases) network programs
-for use in storing and retrieving host names and address. The system
-administrator can configure the system to use BIND as a replacement to
-the older host table lookup of information in the network hosts file
-/etc/hosts. The default configuration for BSD uses BIND.
-
------------------------------------------------------------------------------
-
-Question 2.4. What is the difference between BIND and DNS ?
-
-Date: Tue Sep 10 23:15:58 EDT 1996
-
-(text provided by Andras Salamon) DNS is the Domain Name System, a set of
-protocols for a distributed database that was originally designed to
-replace /etc/hosts files. DNS is most commonly used by applications to
-translate domain names of hosts to IP addresses. A client of the DNS is
-called a resolver; resolvers are typically located in the application
-layer of the networking software of each TCP/IP capable machine. Users
-typically do not interact directly with the resolver. Resolvers query the
-DNS by directing queries at name servers that contain parts of the
-distributed database that is accessed by using the DNS protocols. In
-common usage, `the DNS' usually refers just to the data in the database.
-
-BIND (Berkeley Internet Name Domain) is an implementation of DNS, both
-server and client. Development of BIND is funded by the Internet Software
-Consortium and is coordinated by Paul Vixie. BIND has been ported to
-Windows NT and VMS, but is most often found on Unix. BIND source code is
-freely available and very complex; most of the development on the DNS
-protocols is based on this code; and most Unix vendors ship BIND-derived
-DNS implementations. As a result, the BIND name server is the most widely
-used name server on the Internet. In common usage, `BIND' usually refers
-to the name server that is part of the BIND distribution, and sometimes to
-name servers in general (whether BIND-derived or not).
-
------------------------------------------------------------------------------
-
-Question 2.5. Where is the latest version of BIND located ?
-
-Fri Dec 6 00:23:19 EST 1996
-
-This information may be found at http://www.vix.com/isc/bind.html
-
-At this time, BIND version of 4.9.5 may be found for anonymous ftp from
-
-ftp.vix.com : /pub/bind/release/4.9.5/bind-4.9.5-REL.tar.gz
-
-Other sites that officially mirror the BIND distribution are
-
-* bind.fit.qut.edu.au : /pub/bind
-* ftp.funet.fi : /pub/unix/tcpip/dns/bind
-* ftp.univ-lyon1.fr : /pub/mirrors/unix/bind
-* ftp.oleane.net : /pub/mirrors/unix/bind
-* ftp.ucr.ac.cr : /pub/Unix/dns/bind
-* ftp.luth.se : /pub/unix/dns/bind/beta
-
-You may need GNU zip, Larry Wall's patch program (if there are any patch
-files), and a C compiler to get BIND running from the above mentioned
-source.
-
-GNU zip is available for anonymous ftp from
-
-prep.ai.mit.edu : /pub/gnu/gzip-1.2.4.tar
-
-patch is available for anonymous ftp from
-
-prep.ai.mit.edu : /pub/gnu/patch-2.1.tar.gz
-
-A version of BIND for Windows NT is available for anonymous ftp from
-
-ftp.vix.com : /pub/bind/release/4.9.5/contrib/ntdns495relbin.zip
-
-and
-
-ftp.vix.com : /pub/bind/release/4.9.5/contrib/ntbind495rel.zip
-
------------------------------------------------------------------------------
-
-Question 2.6. How can I find the path taken between two systems/domains ?
-
-Date: Fri Dec 6 00:10:31 EST 1996
-
-On a Unix system, use traceroute. If it is not available to you, you may
-obtain the source source for 'traceroute', compile it and install it on
-your system.
-
-One version of this program with additional functionality may be found for
-anonymous ftp from
-
-ftp.nikhef.nl : /pub/network/traceroute.tar.Z
-
-Another version may be found for anonymous ftp from
-
-ftp.psc.edu : /pub/net_tools/traceroute.tar
-
------------------------------------------------------------------------------
-
-Question 2.7. How do you find the hostname given the TCP-IP address ?
-
-Date: Thu Dec 1 09:55:24 EST 1994
-
-For an address a.b.c.d you can always do:
-
- % nslookup
- > set q=ptr
- > d.c.b.a.in-addr.arpa.
-
-Most newer version of nslookup (since 4.8.3) will recognize an address, so
-you can just say:
-
- % nslookup a.b.c.d
-
-DiG will work like this also:
-
- % dig -x a.b.c.d
-
-host from the contrib/host from the bind distribution may also be used.
-
------------------------------------------------------------------------------
-
-Question 2.8. How do I register a domain ?
-
-Date: Wed Sep 4 23:59:42 EDT 1996
-
-You can talk to your Internet Service Provider (ISP). They can submit the
-registration for you. If you are not going to be directly connected, they
-should be able to offer MX records for your domain for mail delivery (so
-that mail sent to the new domain will be sent to your "standard" account).
-In the case where the registration is done by the organization itself, it
-still makes the whole process much easier if the ISP is approached for
-secondary servers _before_ the InterNIC is approached for registration.
-
-For information about making the registration yourself, look to the
-InterNIC (or other similar organization).
-
-* anonymout ftp from internic.net : /templates
-* gopher://rs.internic.net/
-* http://rs.internic.net/reg/reg-forms.html
-* http://www.ripe.net/
-
-You will need at least two domain name servers when you register your
-domain. Many ISP's are willing to provide primary and/or secondary name
-service for their customers.
-
-Please note that the InterNIC is now charging a fee for domain names in
-the "COM", "ORG", and "NET". More information may be found from the
-Internic at
-
-http://rs.internic.net/domain-info/fee-policy.html
-
-Many times, registration of a domain name can be initiated by sending
-e-mail to the zone contact. You can obtain the contact in the SOA record
-for the country, or in a whois server:
-
- $ nslookup -type=SOA fr.
- origin = ns1.nic.fr
- mail addr = nic.nic.fr
- ...
-
-The mail address to contact in this case is 'nic@nic.fr' (you must
-substitute an '@' for the first dot in the mail addr field).
-
-An alternate method to obtain the e-mail address of the national NIC is
-the 'whois' server at InterNIC.
-
-You may be requested to make your request to another email address or
-using a certain information template/application.
-
------------------------------------------------------------------------------
-
-Question 2.9. How can I change the IP address of our server ?
-
-Date: Sun May 5 22:46:28 EDT 1996
-
-(From Mark Andrews) Before the move.
-
-* Ensure you are running a modern nameserver. BIND 4.9.3-REL + Patch1 is a
- good choice.
-* Inform all your secondaries that you are going to change. Have them
- install both the current and new addresses in their named.boot's.
-* Drop the ttl of the A's associated with the nameserver to something
- small (5 min is usually good).
-* Drop the refesh and retry times of the zone containing the forward
- records for the server.
-* Configure the new reverse zone before the move and make sure it is
- operational.
-* On the day of the move add the new A record(s) for the server. Don't
- forget to have these added to parent domains. You will look like you are
- multihomed with one interface dead.
-
-Move the machine after gracefully terminating any other services it is
-offering. Then,
-
-* Fixup the A's, ttl, refresh and retry counters. (If you are running an
- all server EDIT out all references to the old addresses in the cache
- files).
-* Inform all the secondaries the move is complete.
-* Inform the parents of all zones you are primary of the new NS/A pairs
- for the relevent zones.
-* Inform all the administators of zones you are secondaring that the
- machine has moved.
-* For good measure update the serial no for all zones you are primary for.
- This will flush out old A's.
-
------------------------------------------------------------------------------
-
-Question 2.10. Issues when changing your domain name
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-If you are changing your domain name from abc.foobar.com to foobar.net,
-the forward zones are easy and there are a number of ways to do it. One
-way is the following:
-
-Have a single db file for the 2 domains, and have a single machine be the
-primary server for both abc.foobar.com and foobar.net.
-
-To resolve the host foo in both domains, use a single zone file which
-merely uses this for the host:
-
-foo IN A 1.2.3.4
-
-Use a "@" wherever the domain would be used ie for the SOA:
-
-@ IN SOA (...
-
-Then use this pair of lines in your named.boot:
-
-primary abc.foobar.com db.foobar
-primary foobar.net db.foobar
-
-The reverse zones should either contain PTRs to both names, or to
-whichever name you believe to be canonical currently.
-
------------------------------------------------------------------------------
-
-Question 2.11. How memory and CPU does DNS use ?
-
-Date: Fri Dec 6 01:07:56 EST 1996
-
-It can use quite a bit ! The main thing that BIND needs is memory. It
-uses very little CPU or network bandwidth. The main considerations to
-keep in mind when planning are:
-
-* How many zones do you have and how large are they ?
-* How many clients do you expect to serve and how active are they ?
-
-As an example, here is a snapshot of memory usage from CSIRO Division of
-Mathematics and Statistics, Australia
-
- Named takes several days to stabalize its memory usage.
-
- Our main server stabalises at ~10Mb. It takes about 3 days to
- reach this size from 6 M at startup. This is under Sun OS 4.1.3U1.
-
-As another example, here is the configuration of ns.uu.net (from late
-1994):
-
- ns.uu.net only does nameservice. It is running a version of BIND
- 4.9.3 on a Sun Classic with 96 MB of RAM, 220 MB of swap (remember
- that Sun OS will reserve swap for each fork, even if it is not needed)
- running Sun OS 4.1.3_U1.
-
- Joseph Malcolm, of Alternet, states that named generally hovers at
- 5-10% of the CPU, except after a reload, when it eats it all.
-
------------------------------------------------------------------------------
-
-Question 2.12. Other things to consider when planning your servers
-
-Date: Mon Jan 2 14:24:51 EST 1995
-
-When making the plans to set up your servers, you may want to also
-consider the following issues:
-
- A) Server O/S limitations/capacities (which tend to be widely
- divergent from vendor to vendor)
- B) Client resolver behavior (even more widely divergent)
- C) Expected query response time
- D) Redundancy
- E) Desired speed of change propagation
- F) Network bandwidth availability
- G) Number of zones/subdomain-levels desired
- H) Richness of data stored (redundant MX records? HINFO records?)
- I) Ease of administration desired
- J) Network topology (impacts reverse-zone volume)
-
- Assuming a best-possible case for the factors above, particularly (A), (B),
- (C), (F), (G) & (H), it would be possible to run a 1000-node domain
- using a single lowly 25 or 40 MHz 386 PC with a fairly modest amount of RAM
- by today's standards, e.g. 4 or 8 Meg. However, this configuration would
- be slow, unreliable, and would provide no functionality beyond your basic
- address-to-name and name-to-address mappings.
-
- Beyond that baseline case, depending on what factors listed above,
- you may want look at other strategies, such splitting up the DNS
- traffic among several machines strategically located, possibly larger ones,
- and/or subdividing your domain itself. There are many options, tradeoffs,
- and DNS architectural paradigms from which to choose.
------------------------------------------------------------------------------
-
-Question 2.13. Proper way to get NS and reverse IP records into DNS
-
-Date: Mon Jan 2 13:03:53 EST 1995
-
-Reverse domain registration is separate from forward domain registration.
-Blocks of network addresses have been delegated by the InterNIC. Check if
-your network a.b.c.0 is in such a block by using nslookup:
-
- nslookup -type=soa c.b.a.in-addr.arpa.
- nslookup -type=soa b.a.in-addr.arpa.
- nslookup -type=soa a.in-addr.arpa.
-
-One of the above should give you the information you are looking for (the
-others will return with an error something like `*** No start of authority
-(SOA) records available for ...') This will give you the email address of
-the person to whom you should address your change request.
-
-If none of these works, your network probably has not been delegated by
-the InterNIC and you need to contact them directly.
-
-CIDR has meant that the registration is delegated, but registration of
-in-addr.arpa has always been separate from forward zones - and for good
-reason - in that the forward and reverse zones may have different
-policies, contents etc, may be served by a different set of nameservers,
-and exist at different times (usually only at point of creation). There
-isn't a one-to-one mapping between the two, so merging the registration
-would probably cause more problems than people forgetting/not-knowing that
-they had to register in-addr.arpa zones separately. For example, there
-are organizations that have hundreds of networks and two or more domains,
-with a sprinkling of machines from each network in each of the domains.
-
------------------------------------------------------------------------------
-
-Question 2.14. How do I get my address assigned from the NIC ?
-
-Date: Fri Dec 6 01:11:34 EST 1996
-
-You should probably ask your Internet provider to give you an address.
-These days, addresses are being distributed through the providers, so that
-they can assign adjacent blocks of addresses to sites that go through the
-same provider, to permit more efficient routing on the backbones.
-
-Unless you have thousands of hosts, you probably won't be able to get a
-class B these days. Instead, you can get a series of class C networks.
-Large requests will be queried, so be ready to provide a network plan if
-you ask for more than 16 class C networks.
-
-If you can't do this through your Internet provider, you can look for a
-subnet registration form on rs.internic.net. See the answer in this FAQ
-to the question "How do I register a domain" for a URL to these forms.
-
------------------------------------------------------------------------------
-
-Question 2.15. Is there a block of private IP addresses I can use?
-
-Date: Sun May 5 23:02:49 EDT 1996
-
-Yes there is. Please refer to RFC 1918:
-
- 1918 Address Allocation for Private Internets. Y. Rekhter, B.
- Moskowitz, D. Karrenberg, G. de Groot, & E. Lear. February 1996.
- (Format: TXT=22270 bytes)
-
-RFC 1918 documents the allocation of the following addresses for use by
-``private internets'':
-
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
-
------------------------------------------------------------------------------
-
-Question 2.16. Does BIND cache negative answers (failed DNS lookups) ?
-
-Date: Mon Jan 2 13:55:50 EST 1995
-
-Yes, BIND 4.9.3 and more recent versions will cache negative answers.
-
------------------------------------------------------------------------------
-
-Question 2.17. What does an NS record really do ?
-
-Date: Wed Sep 4 22:52:18 EDT 1996
-
-The NS records in your zone data file pointing to the zone's name servers
-(as opposed to the servers of delegated subdomains) don't do much.
-They're essentially unused, though they are returned in the authority
-section of reply packets from your name servers.
-
-However, the NS records in the zone file of the parent domain are used to
-find the right servers to query for the zone in question. These records
-are more important than the records in the zone itself.
-
------------------------------------------------------------------------------
-
-Question 2.18. DNS ports
-
-Date: Fri Feb 10 15:40:10 EST 1995
-
-The following table shows what TCP/UDP ports DNS uses to send and receive
-queries:
-
- Prot Src Dst Use
- udp 53 53 Queries between servers (eg, recursive queries)
- Replies to above
- tcp 53 53 Queries with long replies between servers, zone
- transfers Replies to above
- udp >1023 53 Client queries (sendmail, nslookup, etc ...)
- udp 53 >1023 Replies to above
- tcp >1023 53 Client queries with long replies
- tcp 53 >1023 Replies to above
-
- Note: >1023 is for non-priv ports on Un*x clients. On other client
- types, the limit may be more or less.
-
-Another point to keep in mind when designing filters for DNS is that a DNS
-server uses port 53 both as the source and destination for it's queries.
-So, a client queries an initial server from an unreserved port number to
-UDP port 53. If the server needs to query another server to get the
-required info, it sends a UDP query to that server with both source and
-destination ports set to 53. The response is then sent with the same
-src=53 dest=53 to the first server which then responds to the original
-client from port 53 to the original source port number.
-
-The point of all this is that putting in filters to only allow UDP between
-a high port and port 53 will not work correctly, you must also allow the
-port 53 to port 53 UDP to get through.
-
-Also, ALL versions of BIND use TCP for queries in some cases. The
-original query is tried using UDP. If the response is longer than the
-allocated buffer, the resolver will retry the query using a TCP
-connection. If you block access to TCP port 53 as suggested above, you
-may find that some things don't work.
-
-Newer version of BIND allow you to configure a list of IP addresses from
-which to allow zone transfers. This mechanism can be used to prevent
-people from outside downloading your entire namespace.
-
------------------------------------------------------------------------------
-
-Question 2.19. What is the cache file
-
-Date: Fri Dec 6 01:15:22 EST 1996
-
-From the "Name Server Operations Guide"
-
- 6.3. Cache Initialization
-
- 6.3.1. root.cache
-
- The name server needs to know the servers that
- are the authoritative name servers for the root
- domain of the network. To do this we have to prime
- the name server's cache with the addresses of these
- higher authorities. The location of this file is
- specified in the boot file. ...
-
------------------------------------------------------------------------------
-
-Question 2.20. Obtaining the latest cache file
-
-Date: Fri Dec 6 01:15:22 EST 1996
-
-If you have a version of dig running, you may obtain the information with
-the command
-
- dig @a.root-servers.net. . ns
-
-A perl script to handle some possible problems when using this method
-from behind a firewall and that can also be used to periodically obtain
-the latest cache file was posted to comp.protocols.tcp-ip.domains during
-early October, 1996. It was posted with the subject "Keeping db.cache
-current". It is available at
-http://www.users.pfmc.net/~cdp/cptd-faq/current_db_cache.txt.
-
-The latest cache file may also be obtained from the InterNIC via ftp or
-gopher:
-
- ; This file is made available by InterNIC registration services
- ; under anonymous FTP as
- ; file /domain/named.root
- ; on server FTP.RS.INTERNIC.NET
- ; -OR- under Gopher at RS.INTERNIC.NET
- ; under menu InterNIC Registration Services (NSI)
- ; submenu InterNIC Registration Archives
- ; file named.root
-
------------------------------------------------------------------------------
-
-Question 2.21. Selecting a nameserver/root cache
-
-Date: Mon Aug 5 22:54:11 EDT 1996
-
-Exactly how is the a root server selected from the root cache? Does the
-resolver attempt to pick the closest host or is it random or is it via
-sortlist-type workings? If the root server selected is not available (for
-whatever reason), will the the query fail instead of attempting another
-root server in the list ?
-
-Every recursive BIND name server (that is, one which is willing to go out
-and find something for you if you ask it something it doesn't know) will
-remember the measured round trip time to each server it sends queries to.
-If it has a choice of several servers for some domain (like "." for
-example) it will use the one whose measured RTT is lowest.
-
-Since the measured RTT of all NS RRs starts at zero (0), every one gets
-tried one time. Once all have responded, all RTT's will be nonzero, and
-the "fastest server" will get all queries henceforth, until it slows down
-for some reason.
-
-To promote dispersion and good recordkeeping, BIND will penalize the RTT
-by a little bit each time a server is reused, and it will penalize the RTT
-a _lot_ if it ever has to retransmit a query. For a server to stay "#1",
-it has to keep on answering quickly and consistently.
-
-Note that this is something BIND does that the DNS Specification does not
-mention at all. So other servers, those not based on BIND, might behave
-very differently.
-
------------------------------------------------------------------------------
-
-Question 2.22. InterNIC and domain names
-
-Date: Sun Jun 2 11:23:49 EDT 1996
-
-The current InterNIC policy on what to do if someone wants to use a domain
-name that is already in use may be found at
-
-rs.internic.net : /policy/internic/internic-domain-4.txt
-
-or
-
-http://rs.internic.net/domain-info/internic-domain-4.html.
-
-The following information was submitted by Carl Oppedahl
-<oppedahl@patents.com> :
-
-If the jealous party happens to have a trademark registration, it is quite
-likely that the domain name owner will lose the domain name, even if they
-aren't infringing the trademark. This presents a substantial risk of loss
-of a domain name on only 30 days' notice. Anyone who is the manager of an
-Internet-connected site should be aware of this risk and should plan for
-it.
-
-See "How do I protect myself from loss of my domain name?" at
-http://www.patents.com/weblaw.sht#domloss.
-
-For an example of an ISP's battle to keep its domain name, see
-http://www.patents.com/nsi.sht.
-
-A compendium of information on the subject may be found at
-http://www.law.georgetown.edu/lc/internic/domain1.html.
-
-===============================================================================
-
-Section 3. UTILITIES
-
- Q3.1 Utilities to administer DNS zone files
- Q3.2 DIG - Domain Internet Groper
- Q3.3 DNS packet analyser
- Q3.4 host
- Q3.5 How can I use DNS information in my program?
- Q3.6 A source of information relating to DNS
-
------------------------------------------------------------------------------
-
-Question 3.1. Utilities to administer DNS zone files
-
-Date: Wed Sep 4 22:53:53 EDT 1996
-
-There are a few utilities available to ease the administration of zone
-files in the DNS.
-
-Two common ones are h2n and makezones. Both are perl scripts. h2n is
-used to convert host tables into zone data files. It is available for
-anonymous ftp from
-
-ftp.uu.net : /published/oreilly/nutshell/dnsbind/dns.tar.Z
-
-makezones works from a single file that looks like a forward zone file,
-with some additional syntax for special cases. It is included in the
-current BIND distribution. The newest version is always available for
-anonymous ftp from
-
-ftp.cus.cam.ac.uk : /pub/software/programs/DNS/makezones
-
-More information may be found using the DNS Resources Directory
-
-http://www.dns.net/dnsrd/.
-
------------------------------------------------------------------------------
-
-Question 3.2. DIG - Domain Internet Groper
-
-Date: Thu Dec 1 11:09:11 EST 1994
-
-The latest and greatest, official, accept-no-substitutes version of the
-Domain Internet Groper (DiG) is the one that comes with BIND. Get the
-latest kit.
-
------------------------------------------------------------------------------
-
-Question 3.3. DNS packet analyser
-
-Date: Wed Sep 4 23:43:57 EDT 1996
-
-There is a free ethernet analyser called Ethload available for PC's
-running DOS. The latest filename is ETHLD104.ZIP. It understands lots of
-protocols including TCP/UDP. It'll look inside there and display
-DNS/BOOTP/ICMP packets etc. (Ed. note: something nice for someone to add
-to tcpdump ;^) ). Depending on the ethernet controller it's given it'll
-perform slightly differently. It handles NDIS/Novell/Packet drivers. It
-works best with Novell's promiscuous mode drivers. A SimTel mirror site
-should have the program available for anonymous ftp. One is
-
-ftp.coast.net : /SimTel/msdos/lan/ethld104.zip
-
------------------------------------------------------------------------------
-
-Question 3.4. host
-
-Date: Sun Dec 4 21:15:38 EST 1994
-
-A section from the host man page:
-
- host looks for information about Internet hosts and domain
- names. It gets this information from a set of intercon-
- nected servers that are spread across the world. The infor-
- mation is stored in the form of "resource records" belonging
- to hierarchically organized "zones".
-
- By default, the program simply converts between host names
- and Internet addresses. However, with the -t, -a and -v
- options, it can be used to find all of the information about
- domain names that is maintained by the domain nameserver
- system. The information printed consists of various fields
- of the associated resource records that were retrieved.
-
- The arguments can be either host names (domain names) or
- numeric Internet addresses.
-
-'host' is compatible with both BIND 4.9 and BIND 4.8
-
-'host' may be found in contrib/host in the BIND distribution. The latest
-version always available for anonymous ftp from
-
-ftp.nikhef.nl : /pub/network/host.tar.Z
-
-It may also be found for anonymous ftp from
-
-ftp.uu.net : /networking/ip/dns/host.tar.Z
-
------------------------------------------------------------------------------
-
-Question 3.5. How can I use DNS information in my program?
-
-Date: Fri Feb 10 15:25:11 EST 1995
-
-It depends on precisely what you want to do:
-
-* Consider whether you need to write a program at all. It may well be
- easier to write a shell program (e.g. using awk or perl) to parse the
- output of dig, host or nslookup.
-* If all you need is names and addresses, there will probably be system
- routines 'gethostbyname' and 'gethostbyaddr' to provide this
- information.
-* If you need more details, then there are system routines (res_query and
- res_search) to assist with making and sending DNS queries. However,
- these do not include a routine to parse the resulting answer (although
- routines to assist in this task are provided). There is a separate
- library available that will take a DNS response and unpick it into its
- constituent parts, returning a C structure that can be used by the
- program. The source for this library is available for anonymous ftp at
-
- hpux.csc.liv.ac.uk : /hpux/Networking/Admin/resparse-1.2
-
------------------------------------------------------------------------------
-
-Question 3.6. A source of information relating to DNS
-
-Date: Tue Nov 5 23:42:21 EST 1996
-
-You may find utilities and tools to help you manage your zone files
-(including WWW front-ends) in the "tools" section of the DNS resources
-directory:
-
-http://www.dns.net/dnsrd/tools.html
-
-There are also a number of IP management tools available. Data
-Communications had an article on the subject in Sept/Oct of 1996. The
-tools mentioned in the article and a few others may be found at the
-following sites:
-
-* IP Address management, http://www.accugraph.com
-* IP-Track, http://www.on.com
-* NetID, http://www.isotro.com
-* QIP, http://www.quadritek.com
-* UName-It, http://www.esm.com
-
-===============================================================================
-
-Section 4. DEFINITIONS
-
- Q4.1 TCP/IP Host Naming Conventions
- Q4.2 What are slaves and forwarders ?
- Q4.3 When is a server authoritative?
- Q4.4 My server does not consider itself authoritative !
- Q4.5 NS records don't configure servers as authoritative ?
- Q4.6 underscore in host-/domainnames
- Q4.7 What is lame delegation ?
- Q4.8 How can I see if the server is "lame" ?
- Q4.9 What does opt-class field in a zone file do?
- Q4.10 Top level domains
- Q4.11 Classes of networks
- Q4.12 What is CIDR ?
- Q4.13 What is the rule for glue ?
-
------------------------------------------------------------------------------
-
-Question 4.1. TCP/IP Host Naming Conventions
-
-Date: Mon Aug 5 22:49:46 EDT 1996
-
-One guide that may be used when naming hosts is RFC 1178, "Choosing a Name
-for Your Computer", which is available via anonymous FTP from
-
-ftp.internic.net : /rfc/rfc1178.txt
-
-RFCs (Request For Comments) are specifications and guidelines for how many
-aspects of TCP/IP and the Internet (should) work. Most RFCs are fairly
-technical documents, and some have semantics that are hotly contested in
-the newsgroups. But a few, like RFC 1178, are actually good to read for
-someone who's just starting along a TCP/IP path.
-
------------------------------------------------------------------------------
-
-Question 4.2. What are slaves and forwarders ?
-
-Date: Thu Dec 1 10:32:43 EST 1994
-
-"forwarders" is a list of NS records that are _prepended_ to a list of NS
-records to query if the data is not available locally. This allows a rich
-cache of records to be built up at a centralized location. This is good
-for sites that have sporadic or very slow connections to the Internet.
-(demand dial-up, for example) It's also just a good idea for very large
-distributed sites to increase the chance that you don't have to go off to
-the Internet to get an IP address. (sometimes for addresses across the
-street!)
-
-"slave" modifies this to say to replace the list of NS records with the
-forwarders entry, instead of prepending to it. This is for firewalled
-environments, where the nameserver can't directly get out to the Internet
-at all.
-
-"slave" is meaningless (and invalid, in late-model BINDs) without
-"forwarders". "forwarders" is an entry in named.boot, and therefore
-applies only to the nameserver (not to resolvers).
-
------------------------------------------------------------------------------
-
-Question 4.3. When is a server authoritative?
-
-Date: Mon Jan 2 13:15:13 EST 1995
-
-In the case of BIND:
-
-* The server contains current data in files for the zone in question (Data
- must be current for secondaries, as defined in the SOA)
-* The server is told that it is authoritative for the zone, by a 'primary'
- or 'secondary' keyword in /etc/named.boot.
-* The server does an error-free load of the zone.
-
------------------------------------------------------------------------------
-
-Question 4.4. My server does not consider itself authoritative !
-
-Date: Mon Jan 2 13:15:13 EST 1995
-
-The question was:
-
- What if I have set up a DNS where there is an SOA record for
- the domain, but the server still does not consider itself
- authoritative. (when using nslookup and set server=the correct machine.)
- It seems that something is not matching up somewhere. I suspect
- that this is because the service provider has not given us control
- over the IP numbers in our own domain, and so while the machine listed
- has an A record for an address, there is no corresponding PTR record.
-With the answer:
-
- That's possible too, but is unrelated to the first question.
- You need to be delegated a zone before outside people will start
- talking to your server. However, a server can still be authoritative
- for a zone even though it hasn't been delegated authority (it's just
- that only the people who use that as their server will see the data).
-
- A server may consider itself non-authoritative even though it's a
- primary if there is a syntax error in the zone (see the list in the
- previous question).
------------------------------------------------------------------------------
-
-Question 4.5. NS records don't configure servers as authoritative ?
-
-Date: Fri Dec 6 16:13:34 EST 1996
-
-Nope, delegation is a separate issue from authoritativeness. You can
-still be authoritative, but not delegated. (you can also be delegated,
-but not authoritative -- that's a "lame delegation")
-
------------------------------------------------------------------------------
-
-Question 4.6. underscore in host-/domainnames
-
-Date: Mon Aug 5 22:39:02 EDT 1996
-
-The question is "Are underscores are allowed in host- or domainnames" ?
- RFC 1033 allows them.
- RFC 1035 doesn't.
- RFC 1123 doesn't.
- dnswalk complains about them.
-
-
-Which RFC is the final authority these days?
-
-Actually RFC 1035 deals with names of machines or names of mail domains.
-i.e "_" is not permitted in a hostname or on the RHS of the "@" in
-local@domain.
-
-Underscore is permitted where ever the domain is NOT one of these types
-of addresses.
-
-In general the DNS mostly contains hostnames and mail domainnames. This
-will change as new resource record types for authenticating DNS queries
-start to appear.
-
-The latest version of 'host' checks for illegal characters in A/MX record
-names and the NS/MX target names.
-
-After saying all of that, remember that RFC 1123 is a Required Internet
-Standard (per RFC 1720), and RFC 1033 isn't. Even RFC 1035 isn't a
-required standard. Therefore, RFC 1123 wins, no contest.
-
-From RFC 1123, Section 2.1
-
- 2.1 Host Names and Numbers
-
- The syntax of a legal Internet host name was specified in RFC-952
- [DNS:4]. One aspect of host name syntax is hereby changed: the
- restriction on the first character is relaxed to allow either a
- letter or a digit. Host software MUST support this more liberal
- syntax.
-
- And described by Dave Barr in RFC1912:
-
- Allowable characters in a label for a host name are only ASCII
- letters, digits, and the `-' character. Labels may not be all
- numbers, but may have a leading digit (e.g., 3com.com). Labels must
- end and begin only with a letter or digit. See [RFC 1035] and [RFC
- 1123]. (Labels were initially restricted in [RFC 1035] to start with
- a letter, and some older hosts still reportedly have problems with
- the relaxation in [RFC 1123].) Note there are some Internet
- hostnames which violate this rule (411.org, 1776.com).
-
-Finally, one more piece of information (From Paul Vixie):
-
- RFC 1034 says only that domain names have characters in them, though it
- says so with enough fancy and indirection that it's hard to tell exactly.
-
- Generally, for second level domains (i.e., something you would get from
- InterNIC or from the US Domain Registrar and probably other ISO 3166
- country code TLDs), RFC 952 is thought to apply. RFC 952 was about host
- names rather than domain names, but the rules seemed good enough.
-
- <domainname> ::= <hname>
-
- <hname> ::= <name>*["."<name>]
- <name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
-
-There has been a recent update on this subject which may be found in
-
-ftp.internic.net : /internet-drafts/draft-andrews-dns-hostnames-03.txt.
-
------------------------------------------------------------------------------
-
-Question 4.7. What is lame delegation ?
-
-Date: Mon Aug 5 22:45:02 EDT 1996
-
-Two things are required for a lame delegation:
-
-* A nameserver X is delegated as authoritative for a zone.
-* Nameserver X is not performing nameservice for that zone.
-
-Try to think of a lame delegation as a long-term condition, brought about
-by a misconfiguration somewhere. Bryan Beecher's 1992 LISA paper on lame
-delegations is good to read on this. The problem really lies in
-misconfigured nameservers, not "lameness" brought about by transient
-outages. The latter is common on the Internet and hard to avoid, while
-the former is correctable.
-
-In order to be performing nameservice for a zone, it must have (presumed
-correct) data for that zone, and it must be answering authoritatively to
-resolver queries for that zone. (The AA bit is set in the flags section)
-
-The "classic" lame delegation case is when nameserver X is delegated as
-authoritative for domain Y, yet when you ask Y about X, it returns
-non-authoritative data.
-
-Here's an example that shows what happens most often (using dig, dnswalk,
-and doc to find).
-
-Let's say the domain bogus.com gets registered at the NIC and they have
-listed 2 primary name servers, both from their *upstream* provider:
-
- bogus.com IN NS ns.bogus.com
- bogus.com IN NS upstream.com
- bogus.com IN NS upstream1.com
-
-So the root servers have this info. But when the admins at bogus.com
-actually set up their zone files they put something like:
-
- bogus.com IN NS upstream.com
- bogus.com IN NS upstream1.com
-
-So your name server may have the nameserver info cached (which it may have
-gotten from the root). The root says "go ask ns.bogus.com" since they are
-authoritative
-
-This is usually from stuff being registered at the NIC (either nic.ddn.mil
-or rs.internic.net), and then updated later, but the folks who make the
-updates later never let the folks at the NIC know about it.
-
------------------------------------------------------------------------------
-
-Question 4.8. How can I see if the server is "lame" ?
-
-Date: Mon Aug 5 22:45:02 EDT 1996
-
-Go to the authoritative servers one level up, and ask them who they think
-is authoritative, and then go ask each one of those delegees if they think
-that they themselves are authoritative. If any responds "no", then you
-know who the lame delegation is, and who is delegating lamely to them.
-You can then send off a message to the administrators of the level above.
-
-The 'lamers' script from Byran Beecher really takes care of all this for
-you. It parses the lame delegation notices from BIND's syslog and
-summarizes them for you. It may be found in the contrib section of the
-latest BIND distribution. The latest version is available for anonymous
-ftp from
-
-terminator.cc.umich.edu : /dns/lame-delegations/
-
- If you want to actively check for lame delegations, you can use 'doc'
-and 'dnswalk'. You can check things manually with 'dig'.
-
-The InterNIC recently announced a new lame delegation that will be in
-effect on 01 October, 1996. Here is a summary:
-
-* After receipt/processing of a name registration template, and at random
- intervals thereafter, the InterNIC will perform a DNS query via UDP
- Port 53 on domain names for an SOA response for the name being
- registered.
-* If the query of the domain name returns a non-authoritative response
- from all the listed name servers, the query will be repeated four times
- over the next 30 days at random intervals approximately 7 days apart,
- with notification to all listed whois and nameserver contacts of the
- possible pending deletion. If at least one server answers correctly,
- but one or more are lame, FYI notifications will be sent to all contacts
- and checking will be discontinued. Additionally, e-mail notices will be
- provided to the contact for the name servers holding the delegation to
- alert them to the "lame" condition. Notifications will state explicitly
- the consequences of not correcting the "lame" condition and will be
- assigned a descriptive subject as follows:
-
- Subject: Lame Delegation Notice: DOMAIN_NAME
-
- The notification will include a timestamp for when the query was
- performed.
-* If, following 30 days, the name servers still provide no SOA response,
- the name will be placed in a "hold" status and the DNS information will
- no longer be propagated. The administrative contact will be notified by
- postal mail and all whois contacts will be notified by e-mail, with
- instructions for taking corrective action.
-* Following 60 days in a "hold" status, the name will be deleted and made
- available for reregistration. Notification of the final deletion will
- be sent to the name server and domain name contacts listed in the NIC
- database.
-
------------------------------------------------------------------------------
-
-Question 4.9. What does opt-class field in a zone file do?
-
-Date: Thu Dec 1 11:10:39 EST 1994
-
-This field is the address class. From the BOG -
-
- ...is the address class; currently, only one class
- is supported: IN for internet addresses and other
- internet information. Limited support is included for
- the HS class, which is for MIT/Athena ``Hesiod''
- information.
------------------------------------------------------------------------------
-
-Question 4.10. Top level domains
-
-Date: Fri Dec 6 15:13:35 EST 1996
-
-A section from RFC 1591:
-
- 2. The Top Level Structure of the Domain Names
-
- In the Domain Name System (DNS) naming of computers there is a
- hierarchy of names. The root of system is unnamed. There are a set
- of what are called "top-level domain names" (TLDs). These are the
- generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two
- letter country codes from ISO-3166. It is extremely unlikely that
- any other TLDs will be created.
-
------
-
-[ Ed note: the ISO-3166 country codes may be found for anonymous ftp
-from:
-
-* ftp.isi.edu : /in-notes/iana/assignments/country-codes
-* ftp.ripe.net : /iso3166-codes
-
-]
-
-[ Ed note: Since the Internic started charging for registration services,
-(and for other reasons) there are a number of groups that want to offer
-an alternative to registering a domain under a "standard" TLD. More
-information on some of these options may be found at:
-
-* http://www.alternic.net/
-* http://www.eu.org/
-* http://www.ml.org/mljoin.html
-
-You may participate in one of the discussions on iTLD proposals at
-
-* To sign up: http://www.newdom.com/lists
-* Old postings: http://www.newdom.com/archive
-
-]
-
------
-
- ...
- Under each TLD may be created a hierarchy of names. Generally, under
- the generic TLDs the structure is very flat. That is, many
- organizations are registered directly under the TLD, and any further
- structure is up to the individual organizations.
-
- In the country TLDs, there is a wide variation in the structure, in
- some countries the structure is very flat, in others there is
- substantial structural organization. In some country domains the
- second levels are generic categories (such as, AC, CO, GO, and RE),
- in others they are based on political geography, and in still others,
- organization names are listed directly under the country code. The
- organization for the US country domain is described in RFC 1480.
-
- Each of the generic TLDs was created for a general category of
- organizations. The country code domains (for example, FR, NL, KR,
- US) are each organized by an administrator for that country. These
- administrators may further delegate the management of portions of the
- naming tree. These administrators are performing a public service on
- behalf of the Internet community. Descriptions of the generic
- domains and the US country domain follow.
-
- Of these generic domains, five are international in nature, and two
- are restricted to use by entities in the United States.
-
- World Wide Generic Domains:
-
- COM - This domain is intended for commercial entities, that is
- companies. This domain has grown very large and there is
- concern about the administrative load and system performance if
- the current growth pattern is continued. Consideration is
- being taken to subdivide the COM domain and only allow future
- commercial registrations in the subdomains.
-
- EDU - This domain was originally intended for all educational
- institutions. Many Universities, colleges, schools,
- educational service organizations, and educational consortia
- have registered here. More recently a decision has been taken
- to limit further registrations to 4 year colleges and
- universities. Schools and 2-year colleges will be registered
- in the country domains (see US Domain, especially K12 and CC,
- below).
-
- NET - This domain is intended to hold only the computers of network
- providers, that is the NIC and NOC computers, the
- administrative computers, and the network node computers. The
- customers of the network provider would have domain names of
- their own (not in the NET TLD).
-
- ORG - This domain is intended as the miscellaneous TLD for
- organizations that didn't fit anywhere else. Some non-
- government organizations may fit here.
-
- INT - This domain is for organizations established by international
- treaties, or international databases.
-
- United States Only Generic Domains:
-
- GOV - This domain was originally intended for any kind of government
- office or agency. More recently a decision was taken to
- register only agencies of the US Federal government in this
- domain. State and local agencies are registered in the country
- domains (see US Domain, below).
-
- MIL - This domain is used by the US military.
-
- Example country code Domain:
-
- US - As an example of a country domain, the US domain provides for
- the registration of all kinds of entities in the United States
- on the basis of political geography, that is, a hierarchy of
- <entity-name>.<locality>.<state-code>.US. For example,
- "IBM.Armonk.NY.US". In addition, branches of the US domain are
- provided within each state for schools (K12), community
- colleges (CC), technical schools (TEC), state government
- agencies (STATE), councils of governments (COG),libraries
- (LIB), museums (MUS), and several other generic types of
- entities (see RFC 1480 for details).
-
-
-A section from RFC 1480:
-
- 2. NAMING STRUCTURE
-
- The US Domain hierarchy is based on political geography. The
- basic name space under US is the state name space, then the
- "locality" name space, (like a city, or county) then
- organization or computer name and so on.
-
- For example:
-
- BERKELEY.CA.US
- PORTLAND.WA.US
-
- There is of course no problem with running out of names.
-
- The things that are named are individual computers.
-
- If you register now in one city and then move, the database can
- be updated with a new name in your new city, and a pointer can
- be set up from your old name to your new name. This type of
- pointer is called a CNAME record.
-
- The use of unregistered names is not effective and causes problems
- for other users. Inventing your own name and using it without
- registering is not a good idea.
-
- In addition to strictly geographically names, some special names
- are used, such as FED, STATE, AGENCY, DISTRICT, K12, LIB, CC,
- CITY, and COUNTY. Several new name spaces have been created,
- DNI, GEN, and TEC, and a minor change under the "locality" name
- space was made to the existing CITY and COUNTY subdomains by
- abbreviating them to CI and CO. A detailed description
- follows.
-
- Below US, Parallel to States:
- -----------------------------
-
- "FED" - This branch may be used for agencies of the federal
- government. For example: <org-name>.<city>.FED.US
-
- "DNI" - DISTRIBUTED NATIONAL INSTITUTES - The "DNI" branch was
- created directly under the top-level US. This branch is to be used
- for distributed national institutes; organizations that span state,
- regional, and other organizational boundaries; that are national in
- scope, and have distributed facilities. For example:
- <org-name>.DNI.US.
-
- Name Space Within States:
- ------------------------
-
- "locality" - cities, counties, parishes, and townships. Subdomains
- under the "locality" would be like CI.<city>.<state>.US,
- CO.<county>.<state>.US, or businesses. For example:
- Petville.Marvista.CA.US.
-
- "CI" - This branch is used for city government agencies and is a
- subdomain under the "locality" name (like Los Angeles). For example:
- Fire-Dept.CI.Los-Angeles.CA.US.
-
- "CO" - This branch is used for county government agencies and is a
- subdomain under the "locality" name (like Los Angeles). For example:
- Fire-Dept.CO.San-Diego.CA.US.
-
- "K12" - This branch may be used for public school districts. A
- special name "PVT" can be used in the place of a school district name
- for private schools. For example: <school-name>.K12.<state>.US and
- <school-name>.PVT.K12.<state>.US.
-
- "CC" - COMMUNITY COLLEGES - This branch was established for all state
- wide community colleges. For example: <school-name>.CC.<state>.US.
-
- "TEC" - TECHNICAL AND VOCATIONAL SCHOOLS - The branch "TEC" was
- established for technical and vocational schools and colleges. For
- example: <school-name>.TEC.<state>.US.
-
- "LIB" - LIBRARIES (STATE, REGIONAL, CITY, COUNTY) - This branch may
- be used for libraries only. For example: <lib-name>.LIB.<state>.US.
-
- "STATE" - This branch may be used for state government agencies. For
- example: <org-name>.STATE.<state>.US.
-
- "GEN" - GENERAL INDEPENDENT ENTITY - This branch is for the things
- that don't fit easily into any other structure listed -- things that
- might fit in to something like ORG at the top-level. It is best not
- to use the same keywords (ORG, EDU, COM, etc.) that are used at the
- top-level to avoid confusion. GEN would be used for such things as,
- state-wide organizations, clubs, or domain parks. For example:
- <org-name>.GEN.<state-code>.US.
-
-The application form for the US domain may be found:
-
-* for anonymous ftp from internic.net : /templates/us-domain-template.txt
-* http://www.isi.edu/us-domain/
-
-The application form for the EDU, COM, NET, ORG, and GOV domains may be
-found for anonymous ftp from:
-
-internic.net : /templates/domain-template.txt
-
------------------------------------------------------------------------------
-
-Question 4.11. Classes of networks
-
-Date: Wed Sep 4 22:59:27 EDT 1996
-
-The usage of 'classes of networks' (class A, B, C) are historical and have
-been replaced by CIDR blocks on the Internet. That being said...
-
-An Internet Protocol (IP) address is 32 bit in length, divided into two
-or three parts (the network address, the subnet address (if present), and
-the host address. The subnet addresses are only present if the network
-has been divided into subnetworks. The length of the network, subnet, and
-host field are all variable.
-
-There are five different network classes. The leftmost bits indicate the
-class of the network.
-
- # of # of
- bits in bits in
- network host
-Class field field Internet Protocol address in binary Ranges
-============================================================================
- A 7 24 0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH 1-127.x.x.x
- B 14 16 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH 128-191.x.x.x
- C 22 8 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH 192-223.x.x.x
- D NOTE 1 1110xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx 224-239.x.x.x
- E NOTE 2 11110xxx.xxxxxxxx.xxxxxxxx.xxxxxxxx 240-247.x.x.x
-
- where N represents part of the network address and H represents part of
- the host address. When the subnet address is defined, the needed bits
- are assigned from the host address space.
-
- NOTE 1: Reserved for multicast groups - RFC 1112
- NOTE 2: Reserved for future use
-
- 127.0.0.1 is reserved for local loopback.
-
------------------------------------------------------------------------------
-
-Question 4.12. What is CIDR ?
-
-Date: Tue Nov 5 23:47:29 EST 1996
-
-CIDR is "Classless Inter-Domain Routing (CIDR). From RFC 1517:
-
- ...Classless Inter-Domain Routing (CIDR) attempts to deal with
- these problems by defining a mechanism to slow the growth of
- routing tables and reduce the need to allocate new IP network
- numbers.
-
-Much more information may be obtained in RFCs 1467, 1517, 1518, 1520;
-with primary reference 1519.
-
-Also please see the CIDR FAQ at
-
-* http://www.ibm.net.il/~hank/cidr.html
-* http://www.rain.net/faqs/cidr.faq.html
-* http://www.lab.unisource.ch/services/internet/direct/cidr.html
-
------------------------------------------------------------------------------
-
-Question 4.13. What is the rule for glue ?
-
-Date: Fri Apr 28 13:31:24 EDT 1995
-
-A glue record is an A record for a name that appears on the right-hand
-side of a NS record. So, if you have this:
-
-
- sub.foobar.com. IN NS dns.sub.foobar.com.
- dns.sub.foobar.com. IN A 1.2.3.4
-
-then the second record is a glue record (for the NS record above it).
-
-You need glue records when -- and only when -- you are delegating
-authority to a nameserver that "lives" in the domain you are delegating
-*and* you aren't a secondary server for that domain.
-
-In other words, in the example above, you need to add an A record for
-dns.sub.foobar.com since it "lives" in the domain it serves. This boot
-strapping information is necessary: How are you supposed to find out the
-IP address of the nameserver for domain FOO if the nameserver for FOO
-"lives" in FOO?
-
-If you have this NS record:
-
- sub.foobar.com. IN NS dns.xyz123.com.
-
-you do NOT need a glue record, and, in fact, adding one is a very bad
-idea. If you add one, and then the folks at xyz123.com change the
-address, then you will be passing out incorrect data.
-
-Also, unless you actually have a machine called something.IN-ADDR.ARPA,
-you will never have any glue records present in any of your "reverse"
-files.
-
-There is also a sort of implicit glue record that can be useful (or
-confusing :^) ). If the parent server (abc.foobar.com domain in example
-above) is a secondary server for the child, then the A record will be
-fetched from the child server when the zone transfer is done. The glue is
-still there but it's a little different, it's in the ip address in the
-named.boot line instead of explicitly in the data. In this case you can
-leave out the explicit glue A record and leave the manually configured
-"glue" in just the one place in the named.boot file.
-
-RFC 1537 says it quite nicely:
-
- 2. Glue records
-
- Quite often, people put unnecessary glue (A) records in their
- zone files. Even worse is that I've even seen *wrong* glue records
- for an external host in a primary zone file! Glue records need only
- be in a zone file if the server host is within the zone and there
- is no A record for that host elsewhere in the zone file.
-
- Old BIND versions ("native" 4.8.3 and older versions) showed the
- problem that wrong glue records could enter secondary servers in
- a zone transfer.
-
-
-The remainder of the FAQ is in the next part (Part 2 of 2).
-
diff --git a/contrib/bind/doc/misc/FAQ.2of2 b/contrib/bind/doc/misc/FAQ.2of2
deleted file mode 100644
index 40e16494b5bfb..0000000000000
--- a/contrib/bind/doc/misc/FAQ.2of2
+++ /dev/null
@@ -1,1298 +0,0 @@
-Newsgroups: comp.protocols.tcp-ip.domains,comp.answers,news.answers
-Path: vixie!news1.digital.com!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.mathworks.com!news.kei.com!uhog.mit.edu!rutgers!njitgw.njit.edu!hertz.njit.edu!cdp2582
-From: cdp2582@hertz.njit.edu (Chris Peckham)
-Subject: comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ) (Part 2 of 2)
-Message-ID: <cptd-faq-2-849940949@njit.edu>
-Followup-To: comp.protocols.tcp-ip.domains
-Originator: cdp2582@hertz.njit.edu
-Keywords: BIND,DOMAIN,DNS
-Sender: news@njit.edu
-Supersedes: <cptd-faq-2-847336183@njit.edu>
-Nntp-Posting-Host: hertz.njit.edu
-X-Posting-Frequency: posted during the first week of each month
-Reply-To: domain-faq@njit.edu (comp.protocols.tcp-ip.domains FAQ comments)
-Organization: NJIT.EDU - New Jersey Institute of Technology, Newark, NJ, USA
-References: <cptd-faq-1-849940949@njit.edu>
-Date: Sat, 7 Dec 1996 06:42:49 GMT
-Approved: news-answers-request@MIT.EDU
-Expires: Sat 11 Jan 97 02:42:29 EDT
-Lines: 1277
-Xref: vixie comp.protocols.tcp-ip.domains:12905 comp.answers:22441 news.answers:85683
-
-Posted-By: auto-faq 3.1.1.2
-Archive-name: internet/tcp-ip/domains-faq/part2
-Revision: 1.13 1996/12/07 06:42:15
-
-
-(Continued from Part 1, where you'll find the introduction and
-table of contents.)
-
-
-===============================================================================
-
-Section 5. CONFIGURATION
-
- Q5.1 Changing a Secondary server to a Primary server ?
- Q5.2 Moving a Primary server to another server
- Q5.3 How do I subnet a Class B Address ?
- Q5.4 Subnetted domain name service
- Q5.5 Recommended format/style of DNS files
- Q5.6 DNS on a system not connected to the Internet
- Q5.7 Multiple Domain configuration
- Q5.8 wildcard MX records
- Q5.9 How do you identify a wildcard MX record ?
- Q5.10 Why are fully qualified domain names recommended ?
- Q5.11 Distributing load using named
- Q5.12 Order of returned records
- Q5.13 resolv.conf
- Q5.14 How do I delegate authority for sub-domains ?
- Q5.15 DNS instead of NIS on a Sun OS 4.1.x system
- Q5.16 Patches to add functionality to BIND
- Q5.17 How to serve multiple domains from one server
-
------------------------------------------------------------------------------
-
-Question 5.1. Changing a Secondary server to a Primary server ?
-
-Date: Fri Jul 5 23:54:35 EDT 1996
-
-For 4.8.3, it's prudent to kill and restart following any changes to
-named.boot.
-
-In BIND 4.9.3, you only have to kill and restart named if you change a
-primary zone to a secondary or v-v, or if you delete a zone and remain
-authoritative for its parent. Every other case should be taken care of by
-a HUP. (Ed. note: 4.9.3b9 may still require you to kill and restart the
-server due to some bugs in the HUP code).
-
-You will also need to update the server information on the root servers.
-You can do this by filing a new domain registration form to inform
-InterNIC of the change. They will then update the root server's SOA
-records. This process usually takes 10-12 business days after they
-receive the request.
-
------------------------------------------------------------------------------
-
-Question 5.2. Moving a Primary server to another server
-
-Date: Fri Jul 5 23:54:35 EDT 1996
-
-The usual solution is to move the primary to ns.newserver.com, and have
-ns.oldserver.com be configured as a secondary server until the change to
-the root servers takes place after the request has been made to the
-InterNIC.
-
-If you are moving to a different ISP which will change your IP's, the
-recommened setting for the SOA that would minimize problems for your name
-servers using the old settings can be done as follows:
-
-Gradually lower the TTL value in your SOA (that's the last one of the five
-numbers) to always be equal to the time left until you change over.
-(assuming that none of your resource records have individual TTL's set, if
-so, do likewise witht them.) So, the day before, lower to 43200 seconds
-(12 hours). Then lower every few hours to be the time remaining until
-the change-over. So, an hour before the change, you may just want to
-lower it all the way to 60 seconds or so. That way no one can cache
-information past the change-over.
-
-After the change, start gradually incrementing the TTL value, because
-you'll probably be making changes to work out problems. Once everything
-stabilizes, move the TTL up to whatever your normal values are.
-
-To minimize name servers from using the "old settings", you can do the
-same thing with the "refresh" interval in the SOA (the second number of
-the SOA). That will tell the secondaries to refresh every X seconds.
-Lower that value as you approach the changeover date. You probably don't
-want to go much below an hour or you'll start the primary thrashing as all
-the secondaries perpetually refresh.
-
-Also see the answer to the "How can I change the IP address of our server
-?" in the INTRODUCTION section.
-
------------------------------------------------------------------------------
-
-Question 5.3. How do I subnet a Class B Address ?
-
-Date: Fri Apr 28 13:34:52 EDT 1995
-
-That you need to subnet at all is something of a misconception. You can
-also think of a class B network as giving you 65,534 individual hosts, and
-such a network will work. You can also configure your class B as 16,384
-networks of 2 hosts each. That's obviously not very practical, but it
-needs to be made clear that you are not constrained by the size of an
-octet (remember that many older devices would not work in a network
-configured in this manner).
-
-So, the question is: why do you need to subnet? One reason is that it is
-easier to manage a subnetted network, and in fact, you can delegate the
-responsibility for address space management to local administrators on the
-various subnets. Also, IP based problems will end up localized rather
-than affecting your entire network.
-
-If your network is a large backbone with numerous segments individually
-branching off the backbone, that too suggests subnetting.
-
-Subnetting can also be used to improve routing conditions.
-
-You may wish to partition your network to disallow certain protocols on
-certain segments of your net. You can, for example, restrict IP or IPX to
-certain segments only by adding a router routing high level protocols,
-and across the router you may have to subnet.
-
-Finally, as far as how many subnets you need depends on the answer to the
-above question. As far as subnet masks are concerned, the mask can be
-anything from 255.0.0.0 to 255.255.255.252. You'll probably be looking at
-9 or 10 bits for the subnet (last octet 128 or 192 respectively). RFC
-1219 discusses the issue of subnetting very well and leaves the network
-administrator with a large amount of flexibility for future growth.
-
------------------------------------------------------------------------------
-
-Question 5.4. Subnetted domain name service
-
-Date: Mon Aug 5 23:00:16 EDT 1996
-
-If you are looking for some examples of handling subnetted class C
-networks as separate DNS domains, see the Internet Draft
-
-draft-ietf-cidrd-classless-inaddr-02.txt
-
-for more information. This file is available for anonymous ftp at
-
-ds.internic.net :
-/internet-drafts/draft-ietf-cidrd-classless-inaddr-02.txt
-
-or other IETF mirror sites (ftp.is.ca.za [Africa], nic.nordu.net [Europe],
-munnari.oz.au [Pacific Rim], ds.internic.net [US East Coast], or
-ftp.isi.edu [US West Coast]).
-
-Details follow- You need to delegate down to the fourth octet, so you will
-have one domain per IP address ! Here is how you can subdelegate a
-in-addr.arpa address for non-byte aligned subnet masks:
-
-Take as an example the net 192.1.1.x, and example subnet mask
-255.255.255.240.
-
-We first define the domain for the class C net,
-
- $origin 1.1.192.in-addr.arpa
- @ SOA (usual stuff)
- @ ns some.nameserver
- ns some.other.nameserver
- ; delegate a subdomain
- one ns one.nameserver
- ns some.nameserver
- ; delegate another
- two ns two.nameserver
- ns some.nameserver
- ; CNAME pointers to subdomain one
- 0 CNAME 0.one
- 1 CNAME 1.one
- ; through
- 15 CNAME 15.one
- ; CNAME pointers to subdomain two
- 16 CNAME 16.two
- 17 CNAME 17.two
- 31 CNAME 31.two
- ; CNAME as many as required.
-
-Now, in the delegated nameserver, one.nameserver
-
- $origin one.1.1.192.in-addr.arpa
- @ SOA (usual stuff)
- NS one.nameserver
- NS some.nameserver ; secondary for us
- 0 PTR onenet.one.domain
- 1 PTR onehost.one.domain
- ; through
- 15 PTR lasthost.one.domain
-
-And similar for the two.1.1.192.in-addr.arpa delegated domain.
-
-There is additional documentation and a perl script that may be used for
-this purpose available for anonymous ftp from:
-
-ftp.vix.com : /pub/bind/contrib/gencidrzone
-
------------------------------------------------------------------------------
-
-Question 5.5. Recommended format/style of DNS files
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-This answer is quoted from an article posted by Paul Vixie:
-
- I've gone back and forth on the question of whether the BOG should
- include a section on this topic. I know what I myself prefer, but
- I'm wary of ramming my own stylistic preferences down the throat of
- every BOG reader. But since you ask :-)...
-
- Create /var/named. If your system is too old to have a /var, either
- create one or use /usr/local/adm/named instead. Put your named.boot
- in it, and make /etc/named.boot a symlink to it. If your system
- doesn't have symlinks, you're S-O-L (but you knew that). In
- named.boot, put a "directory" directive that specifies your actual
- BIND working directory:
-
- directory /var/named
-
- All relative pathnames used in "primary", "secondary", and "cache"
- directives will be evaluated relative to this directory. Create two
- subdirectories, /var/named/pri and /var/named/sec. Whenever you add
- a "primary" directive to your named.boot, use "pri/WHATEVER" as the
- path name. And then put the primary zone file into "pri/WHATEVER".
- Likewise when you add "secondary" directives, use "sec/WHATEVER" and
- BIND (really named-xfer) will create the files in that
- subdirectory.
-
- (Variations: (1) make a midlevel directory "zones" and put "pri" and
- "sec" into it; (2) if you tend to pick up a lot of secondaries from
- a few hosts, group them together in their own subdirectories --
- something like /var/named/zones/uucp if you're a UUCP Project name
- server.)
-
- For your forward files, name them after the zone. dec.com becomes
- "/var/named/zones/pri/dec.com". For your reverse files, name them
- after the network number. 0.1.16.in-addr.arpa becomes
- "/var/named/zones/pri/16.1.0".
-
- When creating or maintaining primary zone files, try to use the same
- SOA values everywhere, except for the serial number which varies per
- zone. Put a $ORIGIN directive at the top of the primary zone file,
- not because its needed (it's not since the default origin is the
- zone named in the "primary" directive) but because it make it easier
- to remember what you're working on when you have a lot of primary
- zones. Put some comments up there indicating contact information
- for the real owner if you're proxying. Use RCS and put the "Id"
- in a ";" comment near the top of the zone file.
-
- The SOA and other top level information should all be listed
- together. But don't put IN on every line, it defaults nicely. For
- example:
-
-==============
-@ IN SOA gw.home.vix.com. postmaster.vix.com. (
- 1994082501 ; serial
- 3600 ; refresh (1 hour)
- 1800 ; retry (30 mins)
- 604800 ; expire (7 days)
- 3600 ) ; minimum (1 hour)
-
- NS gw.home.vix.com.
- NS ns.uu.net.
- NS uucp-gw-1.pa.dec.com.
- NS uucp-gw-2.pa.dec.com.
-
- MX 10 gw.home.vix.com.
- MX 20 uucp-gw-1.pa.dec.com.
- MX 20 uucp-gw-1.pa.dec.com.
-==============
-
- I don't necessarily recommend those SOA values. Not every zone is
- as volatile as the example shown. I do recommend that serial number
- format; it's in date format with a 2-digit per-day revision number.
- This format will last us until 2147 A.D. at which point I expect a
- better solution will have been found :-). (Note that it would last
- until 4294 A.D. except that there are some old BINDs out there that
- use a signed quantity for representing serial number interally; I
- suppose that as long as none of these are still running after 2047
- A.D., that we can use the above serial number format until 4294
- A.D., at which point a better solution will HAVE to be found.)
-
- You'll note that I use a tab stop for "IN" even though I never again
- specify it. This leaves room for names longer than 7 bytes without
- messing up the columns. You might also note that I've put the MX
- priority and destination in the same tab stop; this is because both
- are part of the RRdata and both are very different from MX which is
- an RRtype. Some folks seem to prefer to group "MX" and the priority
- together in one tab stop. While this looks neat it's very confusing
- to newcomers and for them it violates the law of least
- astonishment.
-
- If you have a multi-level zone (one which contains names that have
- dots in them), you can use additional $ORIGIN statements but I
- recommend against it since there is no "back" operator. That is,
- given the above example you can add:
-
-=============
-$ORIGIN home
-gw A 192.5.5.1
-=============
-
- The problem with this is that subsequent RR's had better be
- somewhere under the "home.vix.com" name or else the $ORIGIN that
- introduces them will have to use a fully qualified name. FQDN
- $ORIGIN's aren't bad and I won't be mad if you use them.
- Unqualified ones as shown above are real trouble. I usually stay
- away from them and just put the whole name in:
-
-=============
-gw.home A 192.5.5.1
-=============
-
- In your reverse zones, you're usually in some good luck because the
- owner name is usually a single short token or sometimes two.
-
-=============
-$ORIGIN 5.5.192.in-addr.arpa.
-@ IN SOA ...
- NS ...
-1 PTR gw.home.vix.com.
-=========================================
-$ORIGIN 1.16.in-addr.arpa.
-@ IN SOA ...
- NS ...
-2.0 PTR gatekeeper.dec.com.
-=============
-
- It is usually pretty hard to keep your forward and reverse zones in
- synch. You can avoid that whole problem by just using "h2n" (see
- the ORA book, DNS and BIND, and its sample toolkit, included in the
- BIND distribution or on ftp.uu.net (use the QUOTE SITE EXEC INDEX
- command there to find this -- I never can remember where it's at).
- "h2n" and many tools like it can just read your old /etc/hosts file
- and churn it into DNS zone files. (May I recommend
- contrib/decwrl/mkdb.pl from the BIND distribution?) However, if you
- (like me) prefer to edit these things by hand, you need to follow
- the simple convention of making all of your holes consistent. If
- you use 192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in
- your forward file you will have something like
-
-=============
-...
-gw.home A 192.5.5.1
-;avail A 192.5.5.2
-pc.home A 192.5.5.3
-=============
-
- and in your reverse file you will have something like
-
-=============
-...
-1 PTR gw.home.vix.com.
-;2 PTR avail
-3 PTR pc.home.vix.com.
-=============
-
- This convention will allow you to keep your sanity and make fewer
- errors. Any kind of automation (h2n, mkdb, or your own
- perl/tcl/awk/python tools) will help you maintain a consistent
- universe even if it's also a complex one. Editing by hand doesn't
- have to be deadly but you MUST take care.
-
------------------------------------------------------------------------------
-
-Question 5.6. DNS on a system not connected to the Internet
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-You need to create your own root domain name server until you connect to
-the internet. Your roots need to delegate to mydomain.com and any
-in-addr.arpa subdomains you might have, and that's about it. As soon as
-you're connected, rip out the fake roots and use the real ones.
-
-It does not actually have to be another server pretending to be the root.
-You can set up the name server so that it is primary for each domain above
-you and leave them empty (i.e. you are foo.bar.com - claim to be primary
-for bar.com and com)
-
-If you connect intermittently and want DNS to work when you are connected,
-and "fail" when you are not, you can point the resolver at the name server
-at the remote site and if the connection (SLIP/PPP) isn't up, the resolver
-doesn't have a route to the remote server and since there's only one name
-server in resolv.conf, the resolver quickly backs off the using
-/etc/hosts. No problem. You could do the same with multiple name server
-and a resolver that did configurable /etc/hosts fallback.
-
------------------------------------------------------------------------------
-
-Question 5.7. Multiple Domain configuration
-
-Date: Fri Dec 2 15:40:49 EST 1994
-
-If you want to have multiple domain names pointing to the same
-destination, such as:
-
- ftp ftp.biff.com connects user to -> ftp.biff.com
- ftp ftp.fred.com connects user to -> ftp.biff.com
- ftp ftp.bowser.com connects user to -> ftp.biff.com
-
-You may do this by using CNAMEs:
-
- ftp.bowser.com. IN CNAME ftp.biff.com.
-
-You can also do the same thing with multiple A records.
-
------------------------------------------------------------------------------
-
-Question 5.8. wildcard MX records
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-Does BIND not understand wildcard MX records such as the following?
-
- *.foo.com MX 0 mail.foo.com.
-
-No. It just doesn't work.
-
-Explicit RR's at one level of specificity will, by design, "block" a
-wildcard at a lesser level of specificity. I suspect that you have an RR
-(an A RR, perhaps?) for "bar.foo.com" which is blocking the application of
-your "*.foo.com" wildcard. The initial MX query is thus failing (NOERROR
-but an answer count of 0), and the backup query finds the A RR for
-"bar.foo.com" and uses it to deliver the mail directly (which is what you
-DIDN'T want it to do). Adding an explicit MX RR for the host is therefore
-the right way to handle this situation.
-
-See RFC 1034, Section 4.3.3 ("Wildcards") for more information on this
-"blocking" behavior, along with an illustrative example. See also RFC 974
-for an explanation of standard mailer behavior in the face of an "empty"
-response to one's MX query.
-
-Basically, what it boils down to is, there is no point in trying to use a
-wildcard MX for a host which is otherwise listed in the DNS.
-
-It just doesn't work.
-
------------------------------------------------------------------------------
-
-Question 5.9. How do you identify a wildcard MX record ?
-
-Date: Thu Dec 1 11:10:39 EST 1994
-
-You don't really need to "identify" a wildcard MX RR. The precedence for
-u@dom is:
-
- exact match MX
- exact match A
- wildcard MX
-
-One way to implement this is to query for ("dom",IN,MX) and if the answer
-name that comes back is "*." something, you know it's a wildcard,
-therefore you know there is no exact match MX, and you therefore query for
-("dom",IN,A) and if you get something, use it. if you don't, use the
-previous wildcard response.
-
-RFC 974 explains this pretty well.
-
------------------------------------------------------------------------------
-
-Question 5.10. Why are fully qualified domain names recommended ?
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-The documentation for BIND 4.9.2 says that the hostname should be set to
-the full domain style name (i.e host.our.domain rather than host). What
-advantages are there in this, and are there any adverse consequences if we
-don't?
-
-Paul Vixie likes to do it :-) He lists a few reasons -
-
-* Sendmail can be configured to just use Dj$w rather than Dj$w.mumble
- where "mumble" is something you have to edit in by hand. Granted, most
- people use "mumble" elsewhere in their config files ("tack on local
- domain", etc) but why should it be a requirement ?
-* The real reason is that not doing it violates a very useful invariant:
- gethostbyname(gethostname) == gethostbyaddr(primary_interface_address)
-
- If you take an address and go "backwards" through the PTR's with it,
- you'll get a FQDN, and if you push that back through the A RR's, you get
- the same address. Or you should. Many multi-homed hosts violate this
- uncaringly.
-
- If you take a non-FQDN hostname and push it "forwards" through the A
- RR's, you get an address which, if you push it through the PTR's, comes
- back as a FQDN which is not the same as the hostname you started with.
- Consider the fact that, absent NIS/YP, there is no "domainname" command
- analogous to the "hostname" command. (NIS/YP's doesn't count, of
- course, since it's sometimes-but-only-rarely the same as the Internet
- domain or subdomain above a given host's name.) The "domain" keyword in
- resolv.conf doesn't specify the parent domain of the current host; it
- specifies the default domain of queries initiated on the current host,
- which can be a very different thing. (As of RFC 1535 and BIND 4.9.2's
- compliance with it, most people use "search" in resolv.conf, which
- overrides "domain", anyway.)
-
- What this means is that there is NO authoritative way to
- programmatically discover your host's FQDN unless it is set in the
- hostname, or unless every application is willing to grovel the "netstat
- -in" tables, find what it hopes is the primary address, and do a PTR
- query on it.
-
- FQDN /bin/hostnames are, intuitively or not, the simplest way to go.
-
------------------------------------------------------------------------------
-
-Question 5.11. Distributing load using named
-
-Date: Wed Mar 1 11:04:43 EST 1995
-
-When you attempt to distribute the load on a system using named, the first
-response be cached, and then later queries use the cached value (This
-would be for requests that come through the same server). Therefore, it
-can be useful to use a lower TTL on records where this is important. You
-can use values like 300 or 500 seconds.
-
-If your local caching server has ROUND_ROBIN, it does not matter what the
-authoritative servers have -- every response from the cache is rotated.
-
-But if it doesn't, and the authoritative server site is depending on this
-feature (or the old "shuffle-A") to do load balancing, then if one doesn't
-use small TTLs, one could conceivably end up with a really nasty
-situation, e.g., hundreds of workstations at a branch campus pounding on
-the same front end at the authoritative server's site during class
-registration.
-
-Not nice.
-
-Paul Vixie has an example of the ROUND_ROBIN code in action. Here is
-something that he wrote regarding his example:
-
- >I want users to be distributed evenly among those 3 hosts.
-
- Believe it or not :-), BIND offers an ugly way to do this. I offer
- for your collective amusement the following snippet from the
- ugly.vix.com zone file:
-
- hydra cname hydra1
- cname hydra2
- cname hydra3
- hydra1 a 10.1.0.1
- a 10.1.0.2
- a 10.1.0.3
- hydra2 a 10.2.0.1
- a 10.2.0.2
- a 10.2.0.3
- hydra3 a 10.3.0.1
- a 10.3.0.2
- a 10.3.0.3
-
- Note that having multiple CNAME RR's at a given name is
- meaningless according to the DNS RFCs but BIND doesn't mind (in
- fact it doesn't even complain). If you call
- gethostbyname("hydra.ugly.vix.com") (try it!) you will get
- results like the following. Note that there are two round robin
- rotations going on: one at ("hydra",CNAME) and one at each
- ("hydra1",A) et al. I used a layer of CNAME's above the layer of
- A's to keep the response size down. If you don't have nine
- addresses you probably don't care and would just use a pile of
- CNAME's pointing directly at real host names.
-
- {hydra.ugly.vix.com
- name: hydra2.ugly.vix.com
- aliases: hydra.ugly.vix.com
- addresses: 10.2.0.2 10.2.0.3 10.2.0.1
-
- {hydra.ugly.vix.com
- name: hydra3.ugly.vix.com
- aliases: hydra.ugly.vix.com
- addresses: 10.3.0.2 10.3.0.3 10.3.0.1
-
- {hydra.ugly.vix.com
- name: hydra1.ugly.vix.com
- aliases: hydra.ugly.vix.com
- addresses: 10.1.0.2 10.1.0.3 10.1.0.1
-
- {hydra.ugly.vix.com
- name: hydra2.ugly.vix.com
- aliases: hydra.ugly.vix.com
- addresses: 10.2.0.3 10.2.0.1 10.2.0.2
-
- {hydra.ugly.vix.com
- name: hydra3.ugly.vix.com
- aliases: hydra.ugly.vix.com
- addresses: 10.3.0.3 10.3.0.1 10.3.0.2
-
------------------------------------------------------------------------------
-
-Question 5.12. Order of returned records
-
-Sorting, is the *resolver's* responsibility. RFC 1123:
-
-
- 6.1.3.4 Multihomed Hosts
-
- When the host name-to-address function encounters a host
- with multiple addresses, it SHOULD rank or sort the
- addresses using knowledge of the immediately connected
- network number(s) and any other applicable performance or
- history information.
-
- DISCUSSION:
- The different addresses of a multihomed host generally
- imply different Internet paths, and some paths may be
- preferable to others in performance, reliability, or
- administrative restrictions. There is no general way
- for the domain system to determine the best path. A
- recommended approach is to base this decision on local
- configuration information set by the system
- administrator.
-
-In BIND 4.9.x's resolver code, the "sortlist" directive in resolv.conf
-can be used to configure this.
-
------------------------------------------------------------------------------
-
-Question 5.13. resolv.conf
-
-Date: Fri Feb 10 15:46:17 EST 1995
-
-The question was asked one time, "Why should I use 'real' IP addresses in
-/etc/resolv.conf and not 0.0.0.0 or 127.0.0.1" ?
-
-Paul Vixie writes on the issue of the contents of resolv.conf:
-
- It's historical. Some kernels can't unbind a UDP socket's source
- address, and some resolver versions (notably not including BIND
- 4.9.2 or 4.9.3's) try to do this. The result can be wide area
- network traffic with 127.0.0.1 as the source address. Rather than
- giving out a long and detailed map of version/vendor combinations of
- kernels/BINDs that have/don't this problem, I just tell folks not to
- use 127.0.0.1 at all.
-
- 0.0.0.0 is just an alias for the first interface address assigned
- after a system boot, and if that interface is a up-and-down point to
- point link (PPP, SLIP, whatever), there's no guarantee that you'll
- be able to reach yourself via 0.0.0.0 during the entire lifetime of
- any system instance. On most kernels you can finesse this by adding
- static routes to 127.0.0.1 for each of your interface addresses, but
- some kernels don't like that trick and rather than give a detailed
- map of which ones work and which ones don't, I just globally
- recommend against 0.0.0.0.
-
- If you know enough to know that 127.0.0.1 or 0.0.0.0 is safe on your
- kernel and resolver, then feel free to use them. If you don't know
- for sure that it is safe, don't use them. I never use them (except
- on my laptop, whose hostname is "localhost" and whose 0.0.0.0 is
- 127.0.0.1 since I ifconfig my lo0 before any other interface). The
- operational advantage to using a real IP address rather than an
- wormhole like 0.0.0.0 or 127.0.0.1, is that you can then "rdist" or
- otherwise share identical copies of your resolv.conf on all the
- systems on any given subnet, not all of which will be servers.
-
-The problem was with older versions of the resolver (4.8.X). If you
-listed 127.0.0.1 as the first entry in resolv.conf, and for whatever
-reason the local name server wasn't running and the resolver fell back to
-the second name server listed, it would send queries to the name server
-with the source IP address set to 127.0.0.1 (as it was set when the
-resolver was trying to send to 127.0.0.1--you use the loopback address to
-send to the loopback address).
-
------------------------------------------------------------------------------
-
-Question 5.14. How do I delegate authority for sub-domains ?
-
-Date: Sat Dec 7 02:04:17 EST 1996
-
-When you start having a very big domain that can be broken into logical
-and separate entities that can look after their own DNS information, you
-will probably want to do this. Maintain a central area for the things
-that everyone needs to see and delegate the authority for the other parts
-of the organization so that they can manage themselves.
-
-Another essential piece of information is that every domain that exists
-must have it NS records associated with it. These NS records denote the
-name servers that are queried for information about that zone. For your
-zone to be recognized by the outside world, the server responsible for the
-zone above you must have created a NS record for your your new servers
-(NOTE that the new servers DO NOT have to be in the new domain). For
-example, putting the computer club onto the network and giving them
-control over their own part of the domain space we have the following.
-
-The machine authorative for gu.uwa.edu.au is mackerel and the machine
-authorative for ucc.gu.uwa.edu.au is marlin.
-
-in mackerel's data for gu.uwa.edu.au we have the following
-
- @ IN SOA ...
- IN A 130.95.100.3
- IN MX mackerel.gu.uwa.edu.au.
- IN MX uniwa.uwa.edu.au.
-
- marlin IN A 130.95.100.4
-
- ucc IN NS marlin.gu.uwa.edu.au.
- IN NS mackerel.gu.uwa.edu.au.
-
-Marlin is also given an IP in our domain as a convenience. If they blow
-up their name serving there is less that can go wrong because people can
-still see that machine which is a start. You could place "marlin.ucc" in
-the first column and leave the machine totally inside the ucc domain as
-well.
-
-The second NS line is because mackerel will be acting as secondary name
-server for the ucc.gu domain. Do not include this line if you are not
-authorative for the information included in the sub-domain.
-
------------------------------------------------------------------------------
-
-Question 5.15. DNS instead of NIS on a Sun OS 4.1.x system
-
-Date: Sat Dec 7 01:14:17 EST 1996
-
-Comments relating to running bind 4.9.x on a Sun OS 4.1.x system and the
-effect on sendmail, ftp, telnet and other TCP/IP services bypassing NIS
-and directly using named is documented quite well in the
-comp.sys.sun.admin FAQ in questions one and two. You can get them from:
-
-* ftp.ece.uc.edu : /pub/sun-faq/FAQs/sun-faq.general
-* http://www.cis.ohio-state.edu/hypertext/faq/usenet/comp-sys-sun-faq
-
-as well as from rtfm.mit.edu in the usual place, etc.
-
------------------------------------------------------------------------------
-
-Question 5.16. Patches to add functionality to BIND
-
-Date: Tue Nov 5 23:53:47 EST 1996
-
-There are others, but these are listed here:
-
-* When using the round robin DNS and assigning 3 IPs to a host (for
- example), a process to guarantee that all 3 IPs are reachable may be
- found at
- http://www-leland.stanford.edu/~schemers/docs/lbnamed/lbnamed.html
-
-* Patches for 4.9.3-REL that will support the IPv6 AAAA record format may
- be found at ftp.inria.fr : /network/ipv6/
-
-* A patch for 4.9.3-REL that will allow you to turn off forwarding of
- information from my server may be found at ftp.vix.com :
- /pub/bind/release/4.9.3/contrib/noforward.tar.gz
-
-* How do I tell a server to listen to a particular interface to listen and
- respond to DNS queries on ?
-
- Mark Andrews has a patch that will tell a 4.9.4 server to listen to a
- particular interface and respond to DNS queries. It may be found at an
- unofficial location: http://www.ultra.net/~jzp/andrews.patch.txt
-
------------------------------------------------------------------------------
-
-Question 5.17. How to serve multiple domains from one server
-
-Date: Tue Nov 5 23:44:02 EST 1996
-
-Most name server implementations allow information about multiple domains
-to be kept on one server, and questions about those domains to be
-answered by that one server. For instance, there are many large servers
-on the Internet that each serve information about more than 1000
-different domains.
-
-To be completely accurate, a server contains information about zones,
-which are parts of domains that are kept as a single unit. [Ed note: for
-a definition of zones and domains, see Section 2: The Name Service in the
-"Name Server Operations Guide" included with the BIND 4.9.5 distribution.]
-
-In the configuration of the name server, the additional zones need to be
-specified. An important consideration is whether a particular server is
-primary or secondary for any specific zone--a secondary server maintains
-only a copy of the zone, periodically refreshing its copy from another,
-specified, server. In BIND, to set up a server as a secondary server for
-the x.y.z zone, to the configuration file /etc/named.boot add the line
-
- secondary x.y.z 10.0.0.1 db.x.y.z
-
-where 10.0.0.1 is the IP address of the server that the zone will be
-copied from, and db.x.y.z is a local filename that will contain the copy
-of the zone.
-
-If this is a question related to how to set up multiple IP numbers on one
-system, which you do not need to do to act as a domain server for
-multiple domains, see
-
-http://www.thesphere.com/%7Edlp/TwoServers/.
-
-===============================================================================
-
-Section 6. PROBLEMS
-
- Q6.1 No address for root server
- Q6.2 Error - No Root Nameservers for Class XX
- Q6.3 Bind 4.9.x and MX querying?
- Q6.4 Do I need to define an A record for localhost ?
- Q6.5 MX records, CNAMES and A records for MX targets
- Q6.6 Can an NS record point to a CNAME ?
- Q6.7 Nameserver forgets own A record
- Q6.8 General problems (core dumps !)
- Q6.9 malloc and DECstations
- Q6.10 Can't resolve names without a "."
- Q6.11 Err/TO errors being reported
- Q6.12 Why does swapping kill BIND ?
-
------------------------------------------------------------------------------
-
-Question 6.1. No address for root server
-
-Date: Mon Jan 2 13:49:43 EST 1995
-
-Q: I've been getting the following messages lately from bind-4.9.2..
- ns_req: no address for root server
-
-We are behind a firewall and have the following for our named.cache file -
-
- ; list of servers
- . 99999999 IN NS POBOX.FOOBAR.COM.
- 99999999 IN NS FOOHOST.FOOBAR.COM.
- foobar.com. 99999999 IN NS pobox.foobar.com.
-You can't do that. Your nameserver contacts POBOX.FOOBAR.COM, gets the
-correct list of root servers from it, then tries again and fails because
-of your firewall.
-
-You will need a 'forwarder' definition, to ensure that all requests are
-forwarded to a host which can penetrate the firewall. And it is unwise to
-put phony data into 'named.cache'.
-
------------------------------------------------------------------------------
-
-Question 6.2. Error - No Root Nameservers for Class XX
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-Q: I've received errors before about "No root nameservers for class XX"
- but they've been because of network connectivity problems.
- I believe that Class 1 is Internet Class data.
- And I think I heard someone say that Class 4 is Hesiod??
- Does anyone know what the various Class numbers are?
-From RFC 1700:
-
- DOMAIN NAME SYSTEM PARAMETERS
- The Internet Domain Naming System (DOMAIN) includes several
- parameters. These are documented in [RFC1034] and [RFC1035]. The
- CLASS parameter is listed here. The per CLASS parameters are
- defined in separate RFCs as indicated.
-
- Domain System Parameters:
-
- Decimal Name References
- -------- ---- ----------
- 0 Reserved [PM1]
- 1 Internet (IN) [RFC1034,PM1]
- 2 Unassigned [PM1]
- 3 Chaos (CH) [PM1]
- 4 Hesoid (HS) [PM1]
- 5-65534 Unassigned [PM1]
- 65535 Reserved [PM1]
-
-DNS information for RFC 1700 was taken from
-ftp.isi.edu : /in-notes/iana/assignments/dns-parameters
-
-Hesiod is class 4, and there are no official root nameservers for class 4,
-so you can safely declare yourself one if you like. You might want to
-put up a packet filter so that no one outside your network is capable of
-making Hesiod queries of your machines, if you define yourself to be a
-root nameserver for class 4.
-
------------------------------------------------------------------------------
-
-Question 6.3. Bind 4.9.x and MX querying?
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-If you query a 4.9.x DNS server for MX records, a list of the MX records
-as well as a list of the authorative nameservers is returned. This
-happens because bind 4.9.2 returns the list of nameserver that are
-authorative for a domain in the response packet, along with their IP
-addresses in the additional section.
-
------------------------------------------------------------------------------
-
-Question 6.4. Do I need to define an A record for localhost ?
-
-Date: Sat Sep 9 00:36:01 EDT 1995
-
-Somewhere deep in the BOG (BIND Operations Guide) that came with 4.9.3
-(section 5.4.3), it says that you define this yourself (if need be) in
-the same zone files as your "real" IP addresses for your domain. Quoting
-the BOG:
-
-
- ... As implied by this PTR
- record, there should be a ``localhost.my.dom.ain''
- A record (with address 127.0.0.1) in every domain
- that contains hosts. ``localhost.'' will lose its
- trailing dot when 1.0.0.127.in-addr.arpa is queried
- for;...
-
-The sample files in the BIND distribution show you what needs to be done
-(see the BOG).
-
-Some HP boxen (especially those running HP OpenView) will also need
-"loopback" defined with this IP address. You may set it as a CNAME
-record pointing to the "localhost." record.
-
------------------------------------------------------------------------------
-
-Question 6.5. MX records, CNAMES and A records for MX targets
-
-Date: Sun Nov 27 23:32:41 EST 1994
-
-The O'Reilly "DNS and Bind" book warns against using non-canonical names
-in MX records, however, this warning is given in the context of mail hubs
-that MX to each other for backup purposes. How does this apply to mail
-spokes. RFC 974 has a similar warning, but where is it specifically
-prohibited to us an alias in an MX record ?
-
-Without the restrictions in the RFC, a MTA must request the A records for
-every MX listed to determine if it is in the MX list then reduce the list.
-This introduces many more lookups than would other wise be required. If
-you are behind a 1200 bps link YOU DON'T WANT TO DO THIS. The addresses
-associated with CNAMES are not passed as additional data so you will force
-additional traffic to result even if you are running a caching server
-locally.
-
-There is also the problem of how does the MTA find all of it's IP
-addresses. This is not straight forward. You have to be able to do this is
-you allow CNAMEs (or extra A's) as MX targets.
-
-The letter of the law is that an MX record should point to an A record.
-
-There is no "real" reason to use CNAMEs for MX targets or separate As for
-nameservers any more. CNAMEs for services other than mail should be used
-because there is no specified method for locating the desired server yet.
-
-People don't care what the names of MX targets are. They're invisible to
-the process anyway. If you have mail for "mary" redirected to "sue" is
-totally irrelevant. Having CNAMEs as the targets of MX's just needlessly
-complicates things, and is more work for the resolver.
-
-Having separate A's for nameservers like "ns.your.domain" is pointless
-too, since again nobody cares what the name of your nameserver is, since
-that too is invisible to the process. If you move your nameserver from
-"mary.your.domain" to "sue.your.domain" nobody need care except you and
-your parent domain administrator (and the InterNIC). Even less so for
-mail servers, since only you are affected.
-
-Q: Given the example -
-
- hello in cname realname
- mailx in mx 0 hello
-
- Now, while reading the operating manual of bind it clearly states
- that this is *not* valid. These two statements clearly contradict
- each other. Is there some later rfc than 974 that overrides what is
- said in there with respect to MX and CNAMEs? Anyone have the
- reference handy?
-
-A: This isn't what the BOG says at all. See below. You can have a CNAME
- that points to some other RR type; in fact, all CNAMEs have to point
- to other names (Canonical ones, hence the C in CNAME). What you
- can't have is an MX that points to a CNAME. MX RR's that point to
- names which have only CNAME RR's will not work in many cases, and
- RFC 974 intimates that it's a bad idea:
-
- Note that the algorithm to delete irrelevant RRs breaks if LOCAL has
- a alias and the alias is listed in the MX records for REMOTE. (E.g.
- REMOTE has an MX of ALIAS, where ALIAS has a CNAME of LOCAL). This
- can be avoided if aliases are never used in the data section of MX
- RRs.
-
- Here's the relevant BOG snippet:
-
- aliases {ttl addr-class CNAME Canonical name
- ucbmonet IN CNAME monet
-
- The Canonical Name resource record, CNAME, speci-
- fies an alias or nickname for the official, or
- canonical, host name. This record should be the
- only one associated with the alias name. All other
- resource records should be associated with the
- canonical name, not with the nickname. Any
- resource records that include a domain name as
- their value (e.g., NS or MX) must list the canoni-
- cal name, not the nickname.
-
------------------------------------------------------------------------------
-
-Question 6.6. Can an NS record point to a CNAME ?
-
-Date: Wed Mar 1 11:14:10 EST 1995
-
-Can I do this ? Is it legal ?
-
-
- @ SOA (.........)
- NS ns.host.this.domain.
- NS second.host.another.domain.
- ns CNAME third
- third IN A xxx.xxx.xxx.xxx
-
-No. Only one RR type is allowed to refer, in its data field, to a CNAME,
-and that's CNAME itself. So CNAMEs can refer to CNAMEs but NSs and MXs
-cannot.
-
-BIND 4.9.3 (Beta11 and later) explicitly syslogs this case rather than
-simply failing as pre-4.9 servers did. Here's a current example:
-
- Dec 7 00:52:18 gw named[17561]: "foobar.com IN NS" \
- points to a CNAME (foobar.foobar.com)
-
-Here is the reason why:
-
-Nameservers are not required to include CNAME records in the Additional
-Info section returned after a query. It's partly an implementation
-decision and partly a part of the spec. The algorithm described in RFC
-1034 (pp24,25; info also in RFC 1035, section 3.3.11, p 18) says 'Put
-whatever addresses are available into the additional section, using glue
-RRs [if necessary]'. Since NS records are speced to contain only primary
-names of hosts, not CNAMEs, then there's no reason for algorithm to
-mention them. If, on the other hand, it's decided to allow CNAMEs in NS
-records (and indeed in other records) then there's no reason that CNAME
-records might not be included along with A records. The Additional Info
-section is intended for any information that might be useful but which
-isn't strictly the answer to the DNS query processed. It's an
-implementation decision in as much as some servers used to follow CNAMEs
-in NS references.
-
------------------------------------------------------------------------------
-
-Question 6.7. Nameserver forgets own A record
-
-Date: Fri Dec 2 16:17:31 EST 1994
-
-Q: Lately, I've been having trouble with named 4.9.2 and 4.9.3.
- Periodically, the nameserver will seem to "forget" its own A record,
- although the other information stays intact. One theory I had was
- that somehow a site that the nameserver was secondary for was
- "corrupting" the A record somehow.
-
-A: This is invariably due to not removing ALL of the cached zones
- when you moved to 4.9.X. Remove ALL cached zones and restart
- your nameservers.
-
- You get "ignoreds" because the primaries for the relevant zones are
- running old versions of BIND which pass out more glue than is
- required. named-xfer trims off this extra glue.
-
------------------------------------------------------------------------------
-
-Question 6.8. General problems (core dumps !)
-
-Date: Sun Dec 4 22:21:22 EST 1994
-
-Paul Vixie says:
-
- I'm always interested in hearing about cases where BIND dumps core.
- However, I need a stack trace. Compile with -g and not -O (unless
- you are using gcc and know what you are doing) and then when it
- dumps core, get into dbx or gdb using the executable and the core
- file and use "bt" to get a stack trace. Send it to me
- <paul@vix.com> along with specific circumstances leading to or
- surrounding the crash (test data, tail of the debug log, tail of the
- syslog... whatever matters) and ideally you should save your core
- dump for a day or so in case I have questions you can answer via
- gdb/dbx.
-
------------------------------------------------------------------------------
-
-Question 6.9. malloc and DECstations
-
-Date: Mon Jan 2 14:19:22 EST 1995
-
-We have replaced malloc on our DECstations with a malloc that is more
-compact in memory usage, and this helped the operation of bind a lot. The
-source is now available for anonymous ftp from
-
-ftp.cs.wisc.edu : /pub/misc/malloc.tar.gz
-
------------------------------------------------------------------------------
-
-Question 6.10. Can't resolve names without a "."
-
-(Answer written by Mark Andrews) You are not using a RFC 1535 aware
-resolver. Depending upon the age of your resolver you could try adding a
-search directive to resolv.conf.
-
- e.g.
- domain <domain>
- search <domain> [<domain2> ...]
-
-If that doesn't work you can configure you server to serve the parent and
-grandparent domains as this is the default search list.
-
-"domain langley.af.mil" has an implicit "search langley.af.mil af.mil mil"
-in the old resolvers, and you are timing out trying to resolve the
-address with one of these domains tacked on.
-
-When resolving internic.net the following will be tried in order.
- internic.net.langley.af.mil
- internic.net.af.mil
- internic.net.mil
- internic.net.
-
-RFC 1535 aware resolvers try qualified address first.
-
- internic.net.
- internic.net.langley.af.mil
- internic.net.af.mil
- internic.net.mil
-RFC 1535 documents the problems associated with the old search
-algorithim, including security issues, and how to alleviate some of the
-problems.
-
------------------------------------------------------------------------------
-
-Question 6.11. Err/TO errors being reported
-
-Date: Sun May 5 23:46:32 EDT 1996
-
-Why are errors like
-
- Apr 2 20:41:58 nameserver named[25846]: Err/TO getting serial# for
- "foobar.domain1.com"
- Apr 2 20:41:59 nameserver named[25846]: Err/TO getting serial# for
- "foobar.domain2.com"
-
-reported ? These generally indicate that there is one of the following
-problems:
-
-* A network problem between you and the primary,
-* A bad IP address in named.boot,
-* The primary is Lame for the zone.
-
-An external check to see if you can retrieve the SOA is the best way to
-work out which it is.
-
------------------------------------------------------------------------------
-
-Question 6.12. Why does swapping kill BIND ?
-
-Date: Thu Jul 4 23:20:20 EDT 1996
-
-The question was:
-
- I've been diagnosing a problem with BIND 4.9.x (where x is usually 3BETA9
- or 3REL) for several months now. I finally tracked it down to swap space
- utilization on the unix boxes.
-
- This happens under (at least) under Linux 1.2.9 & 1.2.13, SunOS 4.1.3U1,
- 4.1.1, and Solaris 2.5. The symptom is that if these machines get into
- swap at all bind quits resolving most, if not all queries. Mind you that
- these machines are not "swapping hard", but rather we're talking about a
- several hundred K TEMPORARY deficiency. I have noticed while digging
- through various archives that there is some referral to "bind thrashing
- itself to death". Is this what is happening ?
-
-And the answer is:
-
- Yes it is. Bind can't tolerate having even a few pages swapped out.
- The time required to send responses climbs to several seconds/request,
- and the request queue fills and overflows.
-
- It's possible to shrink memory consumption a lot by undefining STATS
- and XSTATS, and recompiling. You could nuke DEBUG too, which will
- cut the code size down some, but probably not the data size. If that
- doesn't do the job then it sounds like you'll need to move DNS onto a
- separate box.
-
- BIND tends to touch all of its resident pages all of the time with
- normal activity... if you look at the RSS verses the total process
- size, you will always see the RSS within, usually, 90% of the total
- size of the process. This means that *any* paging of named-owned
- pages will stall named. Thus, a machine running a heavily accessed
- named process cannot afford to swap *at all*.
-
- (Paul Vixie continues on this subject):
- I plan to try to get BIND to exhibit slightly better locality of
- reference in some future release. Of course, I can only do this if
- the query names also exhibit some kind of hot spots. If someone
- queries all your names often, BIND will have to touch all of its VM
- pool that often. (Right now, BIND touches everything pretty often
- even if you're just hammering on some hot spots -- that's the part
- I'd like to fix. Malloc isn't cooperating.)
-
-===============================================================================
-
-Section 7. ACKNOWLEDGEMENTS
-
- Q7.1 How is this FAQ generated ?
- Q7.2 What formats are available ?
- Q7.3 Contributors
-
------------------------------------------------------------------------------
-
-Question 7.1. How is this FAQ generated ?
-
-Date: Fri Dec 6 16:51:31 EST 1996
-
-This FAQ is maintained in BFNN (Bizzarre Format with No Name). This
-allows me to create ASCII, HTML, and GNU info (postscript coming soon)
-from one source file.
-
-The perl script "bfnnconv.pl" that is available with the linux FAQ is used
-to generate the various output files from the BFNN source.
-
------------------------------------------------------------------------------
-
-Question 7.2. What formats are available ?
-
-Date: Fri Dec 6 16:51:31 EST 1996
-
-You may obtain one of the following formats for this document:
-
-* ASCII: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.ascii
-* BFNN: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.bfnn
-* GNU info: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.info
-* HTML: http://www.users.pfmc.net/~cdp/cptd-faq/index.html
-
------------------------------------------------------------------------------
-
-Question 7.3. Contributors
-
-Date: Sat Dec 7 01:29:29 EST 1996
-
-Many people have helped put this list together. Listed in e-mail address
-alphabetical order, the following people have contributed to this FAQ:
-
-* <Benoit.Grange@inria.fr> (Benoit.Grange)
-* <D.T.Shield@csc.liv.ac.uk> (Dave Shield)
-* <Todd.Aven@BankersTrust.Com>
-* <adam@comptech.demon.co.uk> (Adam Goodfellow)
-* <andras@is.co.za> (Andras Salamon)
-* <barmar@nic.near.net> (Barry Margolin)
-* <barr@pop.psu.edu> (David Barr)
-* <bj@herbison.com> (B.J. Herbison)
-* <bje@cbr.fidonet.org> (Ben Elliston)
-* <brad@birch.ims.disa.mil> (Brad Knowles)
-* <ckd@kei.com> (Christopher Davis)
-* <cdp2582@hertz.njit.edu> (Chris Peckham)
-* <cricket@hp.com> (Cricket Liu)
-* <cudep@csv.warwick.ac.uk> (Ian 'Vato' Dickinson [ID17])
-* <dillon@best.com> (Matthew Dillon)
-* <dparter@cs.wisc.edu> (David Parter)
-* <e07@nikhef.nl> (Eric Wassenaar)
-* <fitz@think.com> (Tom Fitzgerald)
-* <fwp@CC.MsState.Edu> (Frank Peters)
-* <gah@cco.caltech.edu> (Glen A. Herrmannsfeldt)
-* <glenn@popco.com> (Glenn Fleishman)
-* <harvey@indyvax.iupui.edu> (James Harvey)
-* <hubert@cac.washington.edu> (Steve Hubert)
-* <ivanl@pacific.net.sg> (Ivan Leong)
-* <jhawk@panix.com> (John Hawkinson)
-* <jmalcolm@uunet.uu.net> (Joseph Malcolm)
-* <jprovo@augustus.ultra.net> (Joe Provo)
-* <kevin@cfc.com> (Kevin Darcy)
-* <lamont@abstractsoft.com> (Sean T. Lamont)
-* <lavondes@tidtest.total.fr> (Michel Lavondes)
-* <mark@ucsalf.ac.uk> (Mark Powell)
-* <marka@syd.dms.CSIRO.AU> (Mark Andrews)
-* <mathias@unicorn.swi.com.sg> (Mathias Koerber)
-* <mjo@iao.ford.com> (Mike O'Connor)
-* <nick@flapjack.ieunet.ie> (Nick Hilliard)
-* <oppedahl@popserver.panix.com> (Carl Oppedahl)
-* <patrick@oes.amdahl.com> (Patrick J. Horgan)
-* <paul@software.com> (Paul Wren)
-* <pb@fasterix.frmug.fr.net> (Pierre Beyssac)
-* <ph10@cus.cam.ac.uk> (Philip Hazel)
-* <phil@netpart.com> (Phil Trubey)
-* <rocky@panix.com> (R. Bernstein)
-* <rv@seins.Informatik.Uni-Dortmund.DE> (Ruediger Volk)
-* <shields@tembel.org> (Michael Shields)
-* <tanner@george.arc.nasa.gov> (Rob Tanner)
-* <vixie@vix.com> (Paul A Vixie)
-* <wag@swl.msd.ray.com> (William Gianopoulos {84718)
-* <whg@inel.gov> (Bill Gray)
-* <wolf@pasteur.fr> (Christophe Wolfhugel)
-
-Thank you !
-
diff --git a/contrib/bind/doc/misc/IPv6 b/contrib/bind/doc/misc/IPv6
deleted file mode 100644
index 49fc3f5ec37cc..0000000000000
--- a/contrib/bind/doc/misc/IPv6
+++ /dev/null
@@ -1,72 +0,0 @@
-IPv6 notes for BIND 4.9.3 Patch 2 Candidate 5 (and later?)
-Paul Vixie, May 20, 1996
-doc/misc/IPv6
-
- *** Introduction ***
-
-The IPv6 support in this release is latent, in that its presence is not
-documented. The support is not optional, since its presence ought not to
-affect anyone who does not go looking for it. The support includes:
-
- inet_ntop() new function.
- inet_pton() new function.
- RES_USE_INET6 causes gethostby*() to return either real IPv6
- addresses (if available) or mapped (::FFFF:a.b.c.d)
- addresses if only IPv4 address records are found.
- gethostbyname() can search for T_AAAA in preference to T_A.
- gethostbyaddr() can search in IP6.INT for PTR RR's.
- named can load, transfer, cache, and dump T_AAAA RRs.
-
- *** Some notes on the new functions ***
-
-The inet_pton() and inet_ntop() functions differ from the current (as of
-this writing) IPv6 BSD API draft. Discussions were held, primarily between
-myself and Rich Stevens, on the ipng@sunroof.eng.sun.com mailing list, and
-the BIND definitions of these functions are likely to go into the next draft.
-(If not, and BIND has to change its definitions of these functions, then you
-will know why I chose not to document them yet!)
-
-These functions can return error values, and as such the process of porting
-code that used inet_aton() to use inet_pton() is not just syntactic. Not all
-nonzero values indicate success; consider "-1". Likewise, inet_ntoa() is not
-just smaller than inet_ntop() -- it's a whole new approach. Inet_ntop() does
-not return a static pointer, the caller has to supply a sized buffer. Also,
-inet_ntop() can return NULL, so you should only printf() the result if you
-have verified that your arguments will be seen as error free.
-
-The inet_pton() function is much pickier about its input format than the old
-inet_aton() function has been. You can't abbreviate 10.0.0.53 as 10.53 any
-more. Hexadecimal isn't accepted. You have to supply four decimal numeric
-strings, each of whose value is within the range from 0 to 255. No spaces
-are allowed either before, after, or within an address. If you need the older
-functionality with all the shortcuts and exceptions, continue using inet_aton()
-for your IPv4 address parsing needs.
-
- *** Some notes on RES_USE_INET6 ***
-
-You can set this by modifying _res.options after calling res_init(), or you
-can turn it on globally by setting "options inet6" in /etc/resolv.conf. This
-latter option ought to be used carefully, since _all_ applications will then
-receive IPv6 style h_addr_list's from their gethostby*() calls. Once you know
-that every application on your system can cope with IPv6 addressing, it is safe
-and reasonable to turn on the global option. Otherwise, don't do it.
-
- *** Some notes on mapped IPv4 addresses ***
-
-There are two IPv6 prefixes set aside for IPv4 address encapsulation. See
-RFC 1884 for a detailed explaination. The ::a.b.c.d form is used for
-tunnelling, which means wrapping an IPv4 header around IPv6 packets and using
-the existing IPv4 routing infrastructure to reach what are actually IPv6
-endpoints. The ::FFFF:a.b.c.d form can be used on dual-stack (IPv4 and IPv6)
-hosts to signal a predominantly IPv6 stack that it should use ``native'' IPv4
-to reach a given destination, even though the socket's address family is
-AF_INET6.
-
-BIND supports both of these address forms, to the extent that inet_pton() will
-parse them, inet_ntop() will generate them, gethostby*() will map IPv4 into
-IPv6 if the RES_USE_INET6 option is set, and gethostbyaddr() will search the
-IN-ADDR.ARPA domain rather than the IP6.INT domain when it needs a PTR RR.
-This last bit of behaviour is still under discussion and it's not clear that
-tunnelled addresses should be mapped using IN-ADDR.ARPA. In other words, this
-bit of behaviour may change in a subsequent BIND release. So now you know
-another reason why none of this stuff is ``officially'' documented.
diff --git a/contrib/bind/doc/misc/dns-setup b/contrib/bind/doc/misc/dns-setup
deleted file mode 100644
index 19f0197f7e81d..0000000000000
--- a/contrib/bind/doc/misc/dns-setup
+++ /dev/null
@@ -1,1081 +0,0 @@
- Setting up a basic DNS server for a domain
- Revision 1.1.1
-
- Craig Richmond
- craig@ecel.uwa.edu.au
- 15th August 1993
-
-
-About this document
-
-I have written this file because it seems that the same questions seem to
-pop up time and time again and when I had to install DNS from scratch the
-first time, we found very little to help us.
-
-This document covers setting up a Domain Name Server with authority over
-your domain and using a few of the more useful but less well known
-(hopefully this document will take care of that) features of nslookup to
-get information about the DNS and to work out why yours isn't working.
-
-If you are using a Sun Workstation and you want to make NIS interact with
-the DNS, then this is not the FAQ for you (but it may well be when you try
-to set up the DNS). Mark J. McIntosh <Mark.McIntosh@engr.UVic.CA> points
-out that it is included in the comp.sys.sun.admin FAQ and for the benefit
-of those of you who can't get that (it is posted in comp.sys.sun.admin,
-comp.sys.sun.misc, comp.unix.solaris, comp.answers and news.answers) I have
-included the relevant parts at the bottom in appendix C.
-
-Contents:
-
- Contents
- An Overview of the DNS
- Installing the DNS
- *The Boot File
- *The Cache File
- *The Forward Mapping File
- *The Reverse Mapping File
- Delegating authority for domains within your domain
- Troubleshooting your named
- *Named doesn't work! What is wrong?
- *I changed my named database and my local machine has noticed,
- but nobody else has the new information?
- *My local machine knows about all the name server information,
- but no other sites know about me?
- *My forward domain names work, but the backward names do not?
- How to get useful information from nslookup
- *Getting number to name mappings.
- *Finding where mail goes when a machine has no IP number.
- *Getting a list of machines in a domain from nslookup.
- Appendicies
- *Appendix A sample root.cache file
- *Appendix B Excerpt from RFC 1340 - Assigned Numbers - July 1992
- *Appendix C Installing DNS on a Sun when running NIS
-
-
-An Overview of the DNS:
-
-The Domain Name System is the software that lets you have name to number
-mappings on your computers. The name decel.ecel.uwa.edu.au is the number
-130.95.4.2 and vice versa. This is achieved through the DNS. The DNS is a
-heirarchy. There are a small number of root domain name servers that are
-responsible for tracking the top level domains and who is under them. The
-root domain servers between them know about all the people who have name
-servers that are authoritive for domains under the root.
-
-Being authoritive means that if a server is asked about something in that
-domain, it can say with no ambiguity whether or not a given piece of
-information is true. For example. We have domains x.z and y.z. There are
-by definition authoritive name servers for both of these domains and we
-shall assume that the name server in both of these cases is a machine
-called nic.x.z and nic.y.z but that really makes no difference.
-
-If someone asks nic.x.z whether there is a machine called a.x.z, then
-nic.x.z can authoritively say, yes or no because it is the authoritive name
-server for that domain. If someone asks nic.x.z whether there is a machine
-called a.y.z then nic.x.z asks nic.y.z whether such a machine exists (and
-caches this for future requests). It asks nic.y.z because nic.y.z is the
-authoritive name server for the domain y.z. The information about
-authoritive name servers is stored in the DNS itself and as long as you
-have a pointer to a name server who is more knowledgable than yourself then
-you are set.
-
-When a change is made, it propogates slowly out through the internet to
-eventually reach all machines. The following was supplied by Mark Andrews
-Mark.Andrews@syd.dms.csiro.au.
-
- If both the primary and all secondaries are up and talking when
- a zone update occurs and for the refresh period after the
- update the old data will live for max(refresh + mininum)
- average (refresh/2 +mininum) for the zone. New information will
- be available from all servers after refresh.
-
-So with a refresh of 3 hours and a minimum of a day, you can expect
-everything to be working a day after it is changed. If you have a longer
-minimum, it may take a couple of days before things return to normal.
-
-There is also a difference between a zone and a domain. The domain is the
-entire set of machines that are contained within an organisational domain
-name. For example, the domain uwa.edu.au contains all the machines at the
-University of Western Australia. A Zone is the area of the DNS for which a
-server is responsible. The University of Western Australia is a large
-organisation and trying to track all changes to machines at a central
-location would be difficult. The authoritive name server for the zone
-uwa.edu.au delegates the authority for the zone ecel.uwa.edu.au to
-decel.ecel.uwa.edu.au. Machine foo.ecel.uwa.edu.au is in the zone that
-decel is authoritive for. Machine bar.uwa.edu.au is in the zone that
-uniwa.uwa.edu.au is authoritive for.
-
-Installing the DNS:
-
-First I'll assume you already have a copy of the Domain Name Server
-software. It is probably called named or in.named depending on your
-flavour of unix. I never had to get a copy, but if anyone thinks that
-information should be here then by all means tell me and I'll put it in.
-If you intend on using the package called Bind, then you should be sure
-that you get version 4.9, which is the most recent version at this point in
-time.
-
-The Boot File:
-
-First step is to create the file named.boot. This describes to named
-(we'll dispense with the in.named. Take them to be the same) where the
-information that it requires can be found. This file is normally found in
-/etc/named.boot and I personally tend to leave it there because then I know
-where to find it. If you don't want to leave it there but place it in a
-directory with the rest of your named files, then there is usually an
-option on named to specify the location of the boot file.
-
-Your typical boot file will look like this if you are an unimportant leaf
-node and there are other name servers at your site.
-
-directory /etc/namedfiles
-
-cache . root.cache
-primary ecel.uwa.edu.au ecel.uwa.domain
-primary 0.0.127.in-addr.arpa 0.0.127.domain
-primary 4.95.130.in-addr.arpa 4.95.130.domain
-forwarders 130.95.128.1
-
-Here is an alternative layout used by Christophe Wolfhugel
-<Christophe.Wolfhugel@grasp.insa-lyon.fr> He finds this easier because of
-the large number of domains he has. The structure is essentially the same,
-but the file names use the domain name rather than the IP subnet to
-describe the contents.
-
-directory /usr/local/etc/bind
-cache . p/root
-;
-; Primary servers
-;
-primary fr.net p/fr.net
-primary frmug.fr.net p/frmug.fr.net
-primary 127.in-addr.arpa p/127
-;
-; Secondary servers
-;
-secondary ensta.fr 147.250.1.1 s/ensta.fr
-secondary gatelink.fr.net 134.214.100.1 s/gatelink.fr.net
-secondary insa-lyon.fr 134.214.100.1 s/insa-lyon.fr
-secondary loesje.org 145.18.226.21 s/loesje.org
-secondary nl.loesje.org 145.18.226.21 s/nl.loesje.org
-secondary pcl.ac.uk 161.74.160.5 s/pcl.ac.uk
-secondary univ-lyon1.fr 134.214.100.1 s/univ-lyon1.fr
-secondary wmin.ac.uk 161.74.160.5 s/wmin.ac.uk
-secondary westminster.ac.uk 161.74.160.5 s/westminster.ac.uk
-;
-;
-; Secondary for addresses
-;
-secondary 74.161.in-addr.arpa 161.74.160.5 s/161.74
-secondary 214.134.in-addr.arpa 134.214.100.1 s/134.214
-secondary 250.147.in-addr.arpa 147.250.1.1 s/147.250
-;
-; Classes C
-;
-secondary 56.44.192.in-addr.arpa 147.250.1.1 s/192.44.56
-secondary 57.44.192.in-addr.arpa 147.250.1.1 s/192.44.57
-
-The lines in the named.boot file have the following meanings.
-
-directory
-
-This is the path that named will place in front of all file names
-referenced from here on. If no directory is specified, it looks for files
-relative to /etc.
-
-cache
-
-This is the information that named uses to get started. Named must know
-the IP number of some other name servers at least to get started.
-Information in the cache is treated differently depending on your version
-of named. Some versions of named use the information included in the cache
-permenantly and others retain but ignore the cache information once up and
-running.
-
-primary
-
-This is one of the domains for which this machine is authorative for. You
-put the entire domain name in. You need forwards and reverse lookups. The
-first value is the domain to append to every name included in that file.
-(There are some exceptions, but they will be explained later) The name at
-the end of the line is the name of the file (relative to /etc of the
-directory if you specified one). The filename can have slashes in it to
-refer to subdirectories so if you have a lot of domains you may want to
-split it up.
-
-BE VERY CAREFUL TO PUT THE NUMBERS BACK TO FRONT FOR THE REVERSE LOOK UP
-FILE. The example given above is for the subnet ecel.uwa.edu.au whose IP
-address is 130.95.4.*. The reverse name must be 4.95.130.in-addr.arpa.
-It must be backwards and it must end with .in-addr.arpa. If your reverse
-name lookups don't work, check this. If they still don't work, check this
-again.
-
-forwarders
-
-This is a list of IP numbers for forward requests for sites about which we
-are unsure. A good choice here is the name server which is authoritive for
-the zone above you.
-
-secondary (This line is not in the example, but is worth mentioning.)
-
-A secondary line indicates that you wish to be a secondary name server for
-this domain. You do not need to do this usually. All it does is help make
-the DNS more robust. You should have at least one secondary server for
-your site, but you do not need to be a secondary server for anyone else.
-You can by all means, but you don't need to be. If you want to be a
-secondary server for another domain, then place the line
-
-secondary gu.uwa.edu.au 130.95.100.3 130.95.128.1
-
-in your named.boot. This will make your named try the servers on both of
-the machines specified to see if it can obtain the information about those
-domains. You can specify a number of IP addresses for the machines to
-query that probably depends on your machine. Your copy of named will upon
-startup go and query all the information it can get about the domain in
-question and remember it and act as though it were authoritive for that
-domain.
-
-Next you will want to start creating the data files that contain the name
-definitions.
-
-The cache file:
-
-You can get a copy of the cache file from FTP.RS.INTERNIC.NET. The current
-copy can be found in Appendix A.
-
-The Forward Mapping file:
-The file ecel.uwa.edu.au. will be used for the example with a couple of
-machines left in for the purpose of the exercise. Here is a copy of what
-the file looks like with explanations following.
-
-; Authoritative data for ecel.uwa.edu.au
-;
-@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. (
- 93071200 ; Serial (yymmddxx)
- 10800 ; Refresh 3 hours
- 3600 ; Retry 1 hour
- 3600000 ; Expire 1000 hours
- 86400 ) ; Minimum 24 hours
- IN A 130.95.4.2
- IN MX 100 decel
- IN MX 150 uniwa.uwa.edu.au.
- IN MX 200 relay1.uu.net.
- IN MX 200 relay2.uu.net.
-
-localhost IN A 127.0.0.1
-
-decel IN A 130.95.4.2
- IN HINFO SUN4/110 UNIX
- IN MX 100 decel
- IN MX 150 uniwa.uwa.edu.au.
- IN MX 200 relay1.uu.net
- IN MX 200 relay2.uu.net
-
-gopher IN CNAME decel.ecel.uwa.edu.au.
-
-accfin IN A 130.95.4.3
- IN HINFO SUN4/110 UNIX
- IN MX 100 decel
- IN MX 150 uniwa.uwa.edu.au.
- IN MX 200 relay1.uu.net
- IN MX 200 relay2.uu.net
-
-chris-mac IN A 130.95.4.5
- IN HINFO MAC-II MACOS
-
-The comment character is ';' so the first two lines are just comments
-indicating the contents of the file.
-
-All values from here on have IN in them. This indicates that the value is
-an InterNet record. There are a couple of other types, but all you need
-concern yourself with is internet ones.
-
-The SOA record is the Start Of Authority record. It contains the
-information that other nameservers will learn about this domain and how to
-treat the information they are given about it. The '@' as the first
-character in the line indicates that you wish to define things about the
-domain for which this file is responsible. The domain name is found in the
-named.boot file in the corresponding line to this filename. All
-information listed refers to the most recent machine/domain name so all
-records from the '@' until 'localhost' refer to the '@'. The SOA record
-has 5 magic numbers. First magic number is the serial number. If you
-change the file, change the serial number. If you don't, no other name
-servers will update their information. The old information will sit around
-for a very long time.
-
-Refresh is the time between refreshing information about the SOA (correct
-me if I am wrong). Retry is the frequency of retrying if an authorative
-server cannot be contacted. Expire is how long a secondary name server
-will keep information about a zone without successfully updating it or
-confirming that the data is up to date. This is to help the information
-withstand fairly lengthy downtimes of machines or connections in the
-network without having to recollect all the information. Minimum is the
-default time to live value handed out by a nameserver for all records in
-a zone without an explicit TTL value. This is how long the data will live
-after being handed out. The two pieces of information before the 5 magic
-numbers are the machine that is considered the origin of all of this
-information. Generally the machine that is running your named is a good
-one for here. The second is an email address for someone who can fix any
-problems that may occur with the DNS. Good ones here are postmaster,
-hostmaster or root. NOTE: You use dots and not '@' for the email address.
-
-eg root.decel.ecel.uwa.edu.au is correct
- and
- root@decel.ecel.uwa.edu.au is incorrect.
-
-We now have an address to map ecel.uwa.edu.au to. The address is
-130.95.4.2 which happens to be decel, our main machine. If you try to find
-an IP number for the domain ecel.uwa.edu.au it will get you the machine
-decel.ecel.uwa.edu.au's IP number. This is a nicety which means that
-people who have non-MX record mailers can still mail fred@ecel.uwa.edu.au
-and don't have to find the name of a machine name under the domain to mail.
-
-Now we have a couple of MX records for the domain itself. The MX records
-specify where to send mail destined for the machine/domain that the MX
-record is for. In this case we would prefer if all mail for
-fred@ecel.uwa.edu.au is sent to decel.ecel.uwa.edu.au. If that does not
-work, we would like it to go to uniwa.uwa.edu.au because there are a number
-of machines that might have no idea how to get to us, but may be able to get
-to uniwa. And failing that, try the site relay1.uu.net. A small number
-indicates that this site should be tried first. The larget the number the
-further down the list of sites to try the site is. NOTE: Not all machines
-have mailers that pay attention to MX records. Some only pay attention to
-IP numbers, which is really stupid. All machines are required to have
-MX-capable Mail Transfer Agents (MTA) as there are many addresses that can
-only be reached via this means.
-
-There is an entry for localhost now. Note that this is somewhat of a
-kludge and should probably be handled far more elegantly. By placing
-localhost here, a machine comes into existance called
-localhost.ecel.uwa.edu.au. If you finger it, or telnet to it, you get your
-own machine, because the name lookup returns 127.0.0.1 which is the special
-case for your own machine. I have used a couple of different DNS packages.
-The old BSD one let you put things into the cache which would always work,
-but would not be exported to other nameservers. In the newer Sun one, they
-are left in the cache and are mostly ignored once named is up and running.
-This isn't a bad solution, its just not a good one.
-
-Decel is the main machine in our domain. It has the IP number 130.95.4.2
-and that is what this next line shows. It also has a HINFO entry. HINFO
-is Host Info which is meant to be some sort of an indication of what the
-machine is and what it runs. The values are two white space seperated
-values. First being the hardware and second being the software. HINFO is
-not compulsory, its just nice to have sometimes. We also have some MX
-records so that mail destined for decel has some other avenues before it
-bounces back to the sender if undeliverable.
-
-It is a good idea to give all machines capable of handling mail an MX
-record because this can be cached on remote machines and will help to
-reduce the load on the network.
-
-gopher.ecel.uwa.edu.au is the gopher server in our division. Now because
-we are cheapskates and don't want to go and splurge on a seperate machine
-just for handling gopher requests we have made it a CNAME to our main
-machine. While it may seem pointless it does have one main advantage.
-When we discover that our placing terrabytes of popular quicktime movies
-on our gopher server (no we haven't and we don't intend to) causes an
-unbearable load on our main machine, we can quickly move the CNAME to
-point at a new machine by changing the name mentioned in the CNAME. Then
-the slime of the world can continue to get their essential movies with a
-minimal interuption to the network. Other good CNAMEs to maintain are
-things like ftp, mailhost, netfind, archie, whois, and even dns (though the
-most obvious use for this fails). It also makes it easier for people to
-find these services in your domain.
-
-We should probably start using WKS records for things like gopher and whois
-rather than making DNS names for them. The tools are not in wide
-circulation for this to work though. (Plus all those comments in many DNS
-implementation of "Not implemented" next to the WKS record)
-
-Finally we have a macintosh which belongs to my boss. All it needs is an
-IP number, and we have included the HINFO so that you can see that it is in
-fact a macII running a Mac System. To get the list of preferred values,
-you should get a copy of RFC 1340. It lists lots of useful information
-such as /etc/services values, ethernet manufacturer hardware addresses,
-HINFO defualts and many others. I will include the list as it stands at
-the moment, but if any RFC superceeds 1340, then it will have a more
-complete list. See Appendix B for that list.
-
-NOTE: If Chris had a very high profile and wanted his mac to appear like a
-fully connected unix machine as far as internet services were concerned, he
-could simply place an MX record such as
-
- IN MX 100 decel
-
-after his machine and any mail sent to chris@chris-mac.ecel.uwa.edu.au
-would be automatically rerouted to decel.
-
-The Reverse Mapping File
-
-The reverse name lookup is handled in a most bizarre fashion. Well it all
-makes sense, but it is not immediately obvious.
-
-All of the reverse name lookups are done by finding the PTR record
-associated with the name w.x.y.z.in-addr.arpa. So to find the name
-associated with the IP number 1.2.3.4, we look for information stored in
-the DNS under the name 4.3.2.1.in-addr.arpa. They are organised this way
-so that when you are allocated a B class subnet for example, you get all of
-the IP numbers in the domain 130.95. Now to turn that into a reverse name
-lookup domain, you have to invert the numbers or your registered domains
-will be spread all over the place. It is a mess and you need not understand
-the finer points of it all. All you need to know is that you put the
-reverse name lookup files back to front.
-
-Here is the sample reverse name lookup files to go with our example.
-
-0.0.127.in-addr.arpa
---
-; Reverse mapping of domain names 0.0.127.in-addr.arpa
-; Nobody pays attention to this, it is only so 127.0.0.1 -> localhost.
-@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. (
- 91061801 ; Serial (yymmddxx)
- 10800 ; Refresh 3 hours
- 3600 ; Retry 1 hour
- 3600000 ; Expire 1000 hours
- 86400 ) ; Minimum 24 hours
-;
-1 IN PTR localhost.ecel.uwa.edu.au.
---
-
-4.95.130.in-addr.arpa
---
-; reverse mapping of domain names 4.95.130.in-addr.arpa
-;
-@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. (
- 92050300 ; Serial (yymmddxx format)
- 10800 ; Refresh 3hHours
- 3600 ; Retry 1 hour
- 3600000 ; Expire 1000 hours
- 86400 ) ; Minimum 24 hours
-2 IN PTR decel.ecel.uwa.edu.au.
-3 IN PTR accfin.ecel.uwa.edu.au.
-5 IN PTR chris-mac.ecel.uwa.edu.au.
---
-
-It is important to remember that you must have a second start of authority
-record for the reverse name lookups. Each reverse name lookup file must
-have its own SOA record. The reverse name lookup on the 127 domain is
-debatable seeing as there is likely to be only one number in the file and
-it is blatantly obvious what it is going to map to.
-
-The SOA details are the same as in the forward mapping.
-
-Each of the numbers listed down the left hand side indicates that the line
-contains information for that number of the subnet. Each of the subnets
-must be the more significant digits. eg the 130.95.4 of an IP number
-130.95.4.2 is implicit for all numbers mentioned in the file.
-
-The PTR must point to a machine that can be found in the DNS. If the name
-is not in the DNS, some versions of named just bomb out at this point.
-
-Reverse name lookups are not compulsory, but nice to have. It means that
-when people log into machines, they get names indicating where they are
-logged in from. It makes it easier for you to spot things that are wrong
-and it is far less cryptic than having lots of numbers everywhere. Also if
-you do not have a name for your machine, some brain dead protocols such as
-talk will not allow you to connect.
-
-Since I had this I had one suggestion of an alternative way to do the
-localhost entry. I think it is a matter of personal opinion so I'll
-include it here in case anyone things that this is a more appropriate
-method.
-
-The following is courtesy of jep@convex.nl (JEP de Bie)
-
- The way I did it was:
-
- 1) add in /etc/named.boot:
-
- primary . localhost
- primary 127.in-addr.ARPA. IP127
-
-(Craig: It has been suggested by Mark Andrews that this is a bad practice
- particularly if you have upgraded to Bind 4.9. You also run the risk of
- polluting the root name servers. This comes down to a battle of idealogy
- and practicality. Think twice before declaring yourself authorative for
- the root domain.)
-
- So I not only declare myself (falsely? - probably, but nobody is going to
- listen anyway most likely [CPR]:-) athorative in the 127.in-addr.ARPA domain
- but also in the . (root) domain.
-
- 2) the file localhost has:
-
- $ORIGIN .
- localhost IN A 127.0.0.1
-
- 3) and the file IP127:
-
- $ORIGIN 127.in-addr.ARPA.
- 1.0.0 IN PTR localhost.
-
- 4) and I have in my own domain file (convex.nl) the line:
-
- $ORIGIN convex.nl.
- localhost IN CNAME localhost.
-
- The advantage (elegancy?) is that a query (A) of localhost. gives the
- reverse of the query of 1.0.0.127.in-addr.ARPA. And it also shows that
- localhost.convex.nl is only a nickname to something more absolute.
- (While the notion of localhost is of course relative :-)).
-
- And I also think there is a subtle difference between the lines
-
- primary 127.in-addr.ARPA. IP127
- and
- primary 0.0.127.in-addr.ARPA. 4.95.130.domain
- =============
- JEP de Bie
- jep@convex.nl
- =============
-
-
-
-Delegating authority for domains within your domain:
-
-When you start having a very big domain that can be broken into logical and
-seperate entities that can look after their own DNS information, you will
-probably want to do this. Maintain a central area for the things that
-everyone needs to see and delegate the authority for the other parts of the
-organisation so that they can manage themselves.
-
-Another essential piece of information is that every domain that exists
-must have it NS records associated with it. These NS records denote the
-name servers that are queried for information about that zone. For your
-zone to be recognised by the outside world, the server responsible for the
-zone above you must have created a NS record for your machine in your
-domain. For example, putting the computer club onto the network and giving
-them control over their own part of the domain space we have the following.
-
-The machine authorative for gu.uwa.edu.au is mackerel and the machine
-authorative for ucc.gu.uwa.edu.au is marlin.
-
-in mackerel's data for gu.uwa.edu.au we have the following
-
-@ IN SOA ...
- IN A 130.95.100.3
- IN MX mackerel.gu.uwa.edu.au.
- IN MX uniwa.uwa.edu.au.
-
-marlin IN A 130.95.100.4
-
-ucc IN NS marlin.gu.uwa.edu.au.
- IN NS mackerel.gu.uwa.edu.au.
-
-Marlin is also given an IP in our domain as a convenience. If they blow up
-their name serving there is less that can go wrong because people can still
-see that machine which is a start. You could place "marlin.ucc" in the
-first column and leave the machine totally inside the ucc domain as well.
-
-The second NS line is because mackerel will be acting as secondary name
-server for the ucc.gu domain. Do not include this line if you are not
-authorative for the information included in the sub-domain.
-
-
-Troubleshooting your named:
-
-Named doesn't work! What is wrong?
-
-Step 1: Run nslookup and see what nameserver it tries to connect you to.
-If nslookup connects you to the wrong nameserver, create a /etc/resolv.conf
-file that points your machine at the correct nameserver. If there is no
-resolv.conf file, the the resolver uses the nameserver on the local
-machine.
-
-Step 2: Make sure that named is actually running.
-
-Step 3: Restart named and see if you get any error messages on the
-console and in also check /usr/adm/messages.
-
-Step 4: If named is running, nslookup connects to the appropriate
-nameserver and nslookup can answer simple questions, but other programs
-such as 'ping' do not work with names, then you need to install resolv+
-most likely.
-
-
-I changed my named database and my local machine has noticed, but nobody
-else has the new information?
-
-Change the serial number in the SOA for any domains that you modified and
-restart named. Wait an hour and check again. The information propogates
-out. It won't change immediately.
-
-
-My local machine knows about all the name server information, but no other
-sites know about me?
-
-Find an upstream nameserver (one that has an SOA for something in your
-domain) and ask them to be a secondary name server for you. eg if you are
-ecel.uwa.edu.au, ask someone who has an SOA for the domain uwa.edu.au.
-Get NS records (and glue) added to your parent zone for your zone. This is
-called delegating. It should be done formally like this or you will get
-inconsistant answers out of the DNS. ALL NAMSERVERS FOR YOUR ZONE SHOULD
-BE LISTED IN THIS MANNER.
-
-
-My forward domain names work, but the backward names do not?
-
-Make sure the numbers are back to front and have the in-addr.arpa on the
-end.
-Make sure you reverse zone is registered. For Class C nets this can be done
-by mailing to hostmaster@internic.net. For class A & B nets make sure that
-you are registeres with the primary for your net and that the net itself
-is registered with hostmaster@internic.net.
-
-
-How to get useful information from nslookup:
-
-Nslookup is a very useful program but I'm sure there are less than 20
-people worldwide who know how to use it to its full usefulness. I'm most
-certainly not one of them. If you don't like using nslookup, there is at
-least one other program called dig, that has most/all(?) of the
-functionality of nslookup and is a hell of a lot easier to use.
-
-I won't go into dig much here except to say that it is a lot easier to get
-this information out of. I won't bother because nslookup ships with almost
-all machines that come with network software.
-
-To run nslookup, you usually just type nslookup. It will tell you the
-server it connects to. You can specify a different server if you want.
-This is useful when you want to tell if your named information is
-consistent with other servers.
-
-Getting name to number mappings.
-
-Type the name of the machine. Typing 'decel' is enough if the machine is
-local.
-
-(Once you have run nslookup successfully)
-> decel
-Server: ecel.uwa.edu.au
-Address: 130.95.4.2
-
-Name: decel.ecel.uwa.edu.au
-Address: 130.95.4.2
-
->
-
-One curious quirk of some name resolvers is that if you type a
-machine name, they will try a number of permutations. For example if my
-machine is in the domain ecel.uwa.edu.au and I try to find a machine
-called fred, the resolver will try the following.
-
- fred.ecel.uwa.edu.au.
- fred.uwa.edu.au.
- fred.edu.au.
- fred.au.
- fred.
-
-This can be useful, but more often than not, you would simply prefer a good
-way to make aliases for machines that are commonly referenced. If you are
-running resolv+, you should just be able to put common machines into the
-host file.
-
-DIG: dig <machine name>
-
-Getting number to name mappings.
-
-Nslookup defaults to finding you the Address of the name specified. For
-reverse lookups you already have the address and you want to find the
-name that goes with it. If you read and understood the bit above where it
-describes how to create the number to name mapping file, you would guess
-that you need to find the PTR record instead of the A record. So you do
-the following.
-
-> set type=ptr
-> 2.4.95.130.in-addr.arpa
-Server: decel.ecel.uwa.edu.au
-Address: 130.95.4.2
-
-2.4.95.130.in-addr.arpa host name = decel.ecel.uwa.edu.au
->
-
-nslookup tells you that the ptr for the machine name
-2.4.95.130.in-addr.arpa points to the host decel.ecel.uwa.edu.au.
-
-DIG: dig -x <machine number>
-
-Finding where mail goes when a machine has no IP number.
-
-When a machine is not IP connected, it needs to specify to the world, where
-to send the mail so that it can dial up and collect it every now and then.
-This is accomplished by setting up an MX record for the site and not giving
-it an IP number. To get the information out of nslookup as to where the
-mail goes, do the following.
-
-> set type=mx
-> dialix.oz.au
-Server: decel.ecel.uwa.oz.au
-Address: 130.95.4.2
-
-Non-authoritative answer:
-dialix.oz.au preference = 100, mail exchanger = uniwa.uwa.OZ.AU
-dialix.oz.au preference = 200, mail exchanger = munnari.OZ.AU
-Authoritative answers can be found from:
-uniwa.uwa.OZ.AU inet address = 130.95.128.1
-munnari.OZ.AU inet address = 128.250.1.21
-munnari.OZ.AU inet address = 192.43.207.1
-mulga.cs.mu.OZ.AU inet address = 128.250.35.21
-mulga.cs.mu.OZ.AU inet address = 192.43.207.2
-dmssyd.syd.dms.CSIRO.AU inet address = 130.155.16.1
-ns.UU.NET inet address = 137.39.1.3
-
-You tell nslookup that you want to search for mx records and then you give
-it the name of the machine. It tells you the preference for the mail
-(small means more preferable), and who the mail should be sent to. It also
-includes sites that are authorative (have this name in their named database
-files) for this MX record. There are multiple sites as a backup. As can
-be seen, our local public internet access company dialix would like all of
-their mail to be sent to uniwa, where they collect it from. If uniwa is
-not up, send it to munnari and munnari will get it to uniwa eventually.
-
-NOTE: For historical reasons Australia used to be .oz which was changed to
-.oz.au to move to the ISO standard extensions upon the advent of IP. We
-are now moving to a more normal heirarchy which is where the .edu.au comes
-from. Pity, I liked having oz.
-
-DIG: dig <zone> mx
-
-Getting a list of machines in a domain from nslookup.
-
-Find a server that is authorative for the domain or just generally all
-knowing. To find a good server, find all the soa records for a given
-domain. To do this, you set type=soa and enter the domain just like in the
-two previous examples.
-
-Once you have a server type
-
-> ls gu.uwa.edu.au.
-[uniwa.uwa.edu.au]
-Host or domain name Internet address
- gu server = mackerel.gu.uwa.edu.au
- gu server = uniwa.uwa.edu.au
- gu 130.95.100.3
- snuffle-upagus 130.95.100.131
- mullet 130.95.100.2
- mackerel 130.95.100.3
- marlin 130.95.100.4
- gugate 130.95.100.1
- gugate 130.95.100.129
- helpdesk 130.95.100.180
- lan 130.95.100.0
- big-bird 130.95.100.130
-
-To get a list of all the machines in the domain.
-
-If you wanted to find a list of all of the MX records for the domain, you
-can put a -m flag in the ls command.
-
-> ls -m gu.uwa.edu.au.
-[uniwa.uwa.edu.au]
-Host or domain name Metric Host
- gu 100 mackerel.gu.uwa.edu.au
- gu 200 uniwa.uwa.edu.au
-
-This only works for a limited selection of the different types.
-
-DIG: dig axfr <zone> @<server>
-
-
-
-Appendix A
-
-
-;
-; This file holds the information on root name servers needed to
-; initialize cache of Internet domain name servers
-; (e.g. reference this file in the "cache . <file>"
-; configuration file of BIND domain name servers).
-;
-; This file is made available by InterNIC registration services
-; under anonymous FTP as
-; file /domain/named.root
-; on server FTP.RS.INTERNIC.NET
-; -OR- under Gopher at RS.INTERNIC.NET
-; under menu InterNIC Registration Services (NSI)
-; submenu InterNIC Registration Archives
-; file named.root
-;
-; last update: April 21, 1993
-; related version of root zone: 930421
-;
-. 99999999 IN NS NS.INTERNIC.NET.
-NS.INTERNIC.NET. 99999999 A 198.41.0.4
-. 99999999 NS KAVA.NISC.SRI.COM.
-KAVA.NISC.SRI.COM. 99999999 A 192.33.33.24
-. 99999999 NS C.NYSER.NET.
-C.NYSER.NET. 99999999 A 192.33.4.12
-. 99999999 NS TERP.UMD.EDU.
-TERP.UMD.EDU. 99999999 A 128.8.10.90
-. 99999999 NS NS.NASA.GOV.
-NS.NASA.GOV. 99999999 A 128.102.16.10
- 99999999 A 192.52.195.10
-. 99999999 NS NS.NIC.DDN.MIL.
-NS.NIC.DDN.MIL. 99999999 A 192.112.36.4
-. 99999999 NS AOS.ARL.ARMY.MIL.
-AOS.ARL.ARMY.MIL. 99999999 A 128.63.4.82
- 99999999 A 192.5.25.82
-. 99999999 NS NIC.NORDU.NET.
-NIC.NORDU.NET. 99999999 A 192.36.148.17
-; End of File
-
-
-Appendix B
-
-An Excerpt from
-RFC 1340 Assigned Numbers July 1992
-
-
- MACHINE NAMES
-
- These are the Official Machine Names as they appear in the Domain Name
- System HINFO records and the NIC Host Table. Their use is described in
- RFC-952 [53].
-
- A machine name or CPU type may be up to 40 characters taken from the
- set of uppercase letters, digits, and the two punctuation characters
- hyphen and slash. It must start with a letter, and end with a letter
- or digit.
-
- ALTO DEC-1080
- ALTOS-6800 DEC-1090
- AMDAHL-V7 DEC-1090B
- APOLLO DEC-1090T
- ATARI-104ST DEC-2020T
- ATT-3B1 DEC-2040
- ATT-3B2 DEC-2040T
- ATT-3B20 DEC-2050T
- ATT-7300 DEC-2060
- BBN-C/60 DEC-2060T
- BURROUGHS-B/29 DEC-2065
- BURROUGHS-B/4800 DEC-FALCON
- BUTTERFLY DEC-KS10
- C/30 DEC-VAX-11730
- C/70 DORADO
- CADLINC DPS8/70M
- CADR ELXSI-6400
- CDC-170 EVEREX-386
- CDC-170/750 FOONLY-F2
- CDC-173 FOONLY-F3
- CELERITY-1200 FOONLY-F4
- CLUB-386 GOULD
- COMPAQ-386/20 GOULD-6050
- COMTEN-3690 GOULD-6080
- CP8040 GOULD-9050
- CRAY-1 GOULD-9080
- CRAY-X/MP H-316
- CRAY-2 H-60/68
- CTIWS-117 H-68
- DANDELION H-68/80
- DEC-10 H-89
- DEC-1050 HONEYWELL-DPS-6
- DEC-1077 HONEYWELL-DPS-8/70
- HP3000 ONYX-Z8000
- HP3000/64 PDP-11
- IBM-158 PDP-11/3
- IBM-360/67 PDP-11/23
- IBM-370/3033 PDP-11/24
- IBM-3081 PDP-11/34
- IBM-3084QX PDP-11/40
- IBM-3101 PDP-11/44
- IBM-4331 PDP-11/45
- IBM-4341 PDP-11/50
- IBM-4361 PDP-11/70
- IBM-4381 PDP-11/73
- IBM-4956 PE-7/32
- IBM-6152 PE-3205
- IBM-PC PERQ
- IBM-PC/AT PLEXUS-P/60
- IBM-PC/RT PLI
- IBM-PC/XT PLURIBUS
- IBM-SERIES/1 PRIME-2350
- IMAGEN PRIME-2450
- IMAGEN-8/300 PRIME-2755
- IMSAI PRIME-9655
- INTEGRATED-SOLUTIONS PRIME-9755
- INTEGRATED-SOLUTIONS-68K PRIME-9955II
- INTEGRATED-SOLUTIONS-CREATOR PRIME-2250
- INTEGRATED-SOLUTIONS-CREATOR-8 PRIME-2655
- INTEL-386 PRIME-9955
- INTEL-IPSC PRIME-9950
- IS-1 PRIME-9650
- IS-68010 PRIME-9750
- LMI PRIME-2250
- LSI-11 PRIME-750
- LSI-11/2 PRIME-850
- LSI-11/23 PRIME-550II
- LSI-11/73 PYRAMID-90
- M68000 PYRAMID-90MX
- MAC-II PYRAMID-90X
- MASSCOMP RIDGE
- MC500 RIDGE-32
- MC68000 RIDGE-32C
- MICROPORT ROLM-1666
- MICROVAX S1-MKIIA
- MICROVAX-I SMI
- MV/8000 SEQUENT-BALANCE-8000
- NAS3-5 SIEMENS
- NCR-COMTEN-3690 SILICON-GRAPHICS
- NEXT/N1000-316 SILICON-GRAPHICS-IRIS
- NOW SGI-IRIS-2400
- SGI-IRIS-2500 SUN-3/50
- SGI-IRIS-3010 SUN-3/60
- SGI-IRIS-3020 SUN-3/75
- SGI-IRIS-3030 SUN-3/80
- SGI-IRIS-3110 SUN-3/110
- SGI-IRIS-3115 SUN-3/140
- SGI-IRIS-3120 SUN-3/150
- SGI-IRIS-3130 SUN-3/160
- SGI-IRIS-4D/20 SUN-3/180
- SGI-IRIS-4D/20G SUN-3/200
- SGI-IRIS-4D/25 SUN-3/260
- SGI-IRIS-4D/25G SUN-3/280
- SGI-IRIS-4D/25S SUN-3/470
- SGI-IRIS-4D/50 SUN-3/480
- SGI-IRIS-4D/50G SUN-4/60
- SGI-IRIS-4D/50GT SUN-4/110
- SGI-IRIS-4D/60 SUN-4/150
- SGI-IRIS-4D/60G SUN-4/200
- SGI-IRIS-4D/60T SUN-4/260
- SGI-IRIS-4D/60GT SUN-4/280
- SGI-IRIS-4D/70 SUN-4/330
- SGI-IRIS-4D/70G SUN-4/370
- SGI-IRIS-4D/70GT SUN-4/390
- SGI-IRIS-4D/80GT SUN-50
- SGI-IRIS-4D/80S SUN-100
- SGI-IRIS-4D/120GTX SUN-120
- SGI-IRIS-4D/120S SUN-130
- SGI-IRIS-4D/210GTX SUN-150
- SGI-IRIS-4D/210S SUN-170
- SGI-IRIS-4D/220GTX SUN-386i/250
- SGI-IRIS-4D/220S SUN-68000
- SGI-IRIS-4D/240GTX SYMBOLICS-3600
- SGI-IRIS-4D/240S SYMBOLICS-3670
- SGI-IRIS-4D/280GTX SYMMETRIC-375
- SGI-IRIS-4D/280S SYMULT
- SGI-IRIS-CS/12 TANDEM-TXP
- SGI-IRIS-4SERVER-8 TANDY-6000
- SPERRY-DCP/10 TEK-6130
- SUN TI-EXPLORER
- SUN-2 TP-4000
- SUN-2/50 TRS-80
- SUN-2/100 UNIVAC-1100
- SUN-2/120 UNIVAC-1100/60
- SUN-2/130 UNIVAC-1100/62
- SUN-2/140 UNIVAC-1100/63
- SUN-2/150 UNIVAC-1100/64
- SUN-2/160 UNIVAC-1100/70
- SUN-2/170 UNIVAC-1160
- UNKNOWN
- VAX-11/725
- VAX-11/730
- VAX-11/750
- VAX-11/780
- VAX-11/785
- VAX-11/790
- VAX-11/8600
- VAX-8600
- WANG-PC002
- WANG-VS100
- WANG-VS400
- WYSE-386
- XEROX-1108
- XEROX-8010
- ZENITH-148
-
- SYSTEM NAMES
-
- These are the Official System Names as they appear in the Domain Name
- System HINFO records and the NIC Host Table. Their use is described
- in RFC-952 [53].
-
- A system name may be up to 40 characters taken from the set of upper-
- case letters, digits, and the three punctuation characters hyphen,
- period, and slash. It must start with a letter, and end with a
- letter or digit.
-
- AEGIS LISP SUN OS 3.5
- APOLLO LISPM SUN OS 4.0
- AIX/370 LOCUS SWIFT
- AIX-PS/2 MACOS TAC
- BS-2000 MINOS TANDEM
- CEDAR MOS TENEX
- CGW MPE5 TOPS10
- CHORUS MSDOS TOPS20
- CHRYSALIS MULTICS TOS
- CMOS MUSIC TP3010
- CMS MUSIC/SP TRSDOS
- COS MVS ULTRIX
- CPIX MVS/SP UNIX
- CTOS NEXUS UNIX-BSD
- CTSS NMS UNIX-V1AT
- DCN NONSTOP UNIX-V
- DDNOS NOS-2 UNIX-V.1
- DOMAIN NTOS UNIX-V.2
- DOS OS/DDP UNIX-V.3
- EDX OS/2 UNIX-PC
- ELF OS4 UNKNOWN
- EMBOS OS86 UT2D
- EMMOS OSX V
- EPOS PCDOS VM
- FOONEX PERQ/OS VM/370
- FUZZ PLI VM/CMS
- GCOS PSDOS/MIT VM/SP
- GPOS PRIMOS VMS
- HDOS RMX/RDOS VMS/EUNICE
- IMAGEN ROS VRTX
- INTERCOM RSX11M WAITS
- IMPRESS RTE-A WANG
- INTERLISP SATOPS WIN32
- IOS SCO-XENIX/386 X11R3
- IRIX SCS XDE
- ISI-68020 SIMP XENIX
- ITS SUN
-
-
-
-Appendix C Installing DNS on a Sun when running NIS
-
-====================
- 2) How to get DNS to be used when running NIS ?
-
- First setup the appropriate /etc/resolv.conf file.
- Something like this should do the "trick".
-
- ;
- ; Data file for a client.
- ;
- domain local domain
- nameserver address of primary domain nameserver
- nameserver address of secondary domain nameserver
-
- where: "local domain" is the domain part of the hostnames.
- For example, if your hostname is "thor.ece.uc.edu"
- your "local domain" is "ece.uc.edu".
-
- You will need to put a copy of this resolv.conf on
- all NIS(YP) servers including slaves.
-
- Under SunOS 4.1 and greater, change the "B=" at the top
- of the /var/yp/Makefile to "B=-b" and setup NIS in the
- usual fashion.
-
- You will need reboot or restart ypserv for these changes
- to take affect.
-
- Under 4.0.x, edit the Makefile or apply the following "diff":
-
-*** Makefile.orig Wed Jan 10 13:22:11 1990
---- Makefile Wed Jan 10 13:22:01 1990
-***************
-*** 63 ****
-! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byname; \
---- 63 ----
-! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byname; \
-***************
-*** 66 ****
-! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byaddr; \
---- 66 ----
-! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byaddr; \
-====================
-
diff --git a/contrib/bind/doc/misc/style.txt b/contrib/bind/doc/misc/style.txt
deleted file mode 100644
index a966066074dd3..0000000000000
--- a/contrib/bind/doc/misc/style.txt
+++ /dev/null
@@ -1,172 +0,0 @@
-Path: vixie!vixie
-From: vixie@vix.com (Paul A Vixie)
-Newsgroups: comp.protocols.tcp-ip.domains
-Subject: Re: Format of DNS files (style question)
-Date: 28 Aug 94 03:17:08
-Organization: Vixie Enterprises
-Lines: 159
-Distribution: inet
-Message-ID: <VIXIE.94Aug28031708@office.home.vix.com>
-References: <33onnr$i4u@zombie.ncsc.mil>
-NNTP-Posting-Host: office.home.vix.com
-In-reply-to: sjr@zombie.ncsc.mil's message of 27 Aug 1994 21:02:51 -0400
-
-> (Style) Suggestions for how to layout DNS configuration files (both
-> forward and reverse)?
-
-I've gone back and forth on the question of whether the BOG should include a
-section on this topic. I know what I myself prefer, but I'm wary of ramming
-my own stylistic preferences down the throat of every BOG reader. But since
-you ask :-)...
-
-Create /var/named. If your system is too old to have a /var, either create
-one or use /usr/local/adm/named instead. Put your named.boot in it, and make
-/etc/named.boot a symlink to it. If your system doesn't have symlinks, you're
-S-O-L (but you knew that). In named.boot, put a "directory" directive that
-specifies your actual BIND working directory:
-
- directory /var/named
-
-All relative pathnames used in "primary", "secondary", and "cache" directives
-will be evaluated relative to this directory. Create two subdirectories,
-/var/named/pri and /var/named/sec. Whenever you add a "primary" directive
-to your named.boot, use "pri/WHATEVER" as the path name. And then put the
-primary zone file into "pri/WHATEVER". Likewise when you add "secondary"
-directives, use "sec/WHATEVER" and BIND (really named-xfer) will create the
-files in that subdirectory.
-
-(Variations: (1) make a midlevel directory "zones" and put "pri" and "sec"
-into it; (2) if you tend to pick up a lot of secondaries from a few hosts,
-group them together in their own subdirectories -- something like
-/var/named/zones/uucp if you're a UUCP Project name server.)
-
-For your forward files, name them after the zone. dec.com becomes
-"/var/named/zones/pri/dec.com". For your reverse files, name them after the
-network number. 0.1.16.in-addr.arpa becomes "/var/named/zones/pri/16.1.0".
-
-When creating or maintaining primary zone files, try to use the same SOA
-values everywhere, except for the serial number which varies per zone. Put
-a $ORIGIN directive at the top of the primary zone file, not because it's
-needed (it's not since the default origin is the zone named in the "primary"
-directive) but because it make it easier to remember what you're working on
-when you have a lot of primary zones. Put some comments up there indicating
-contact information for the real owner if you're proxying. Use RCS and put
-the "$Id: style.txt,v 8.1 1995/12/22 21:59:52 vixie Exp $" in a ";" comment near the top of the zone file.
-
-The SOA and other top level information should all be listed together. But
-don't put IN on every line, it defaults nicely. For example:
-
-==============
-@ IN SOA gw.home.vix.com. postmaster.vix.com. (
- 1994082501 ; serial
- 3600 ; refresh (1 hour)
- 1800 ; retry (30 mins)
- 604800 ; expire (7 days)
- 3600 ) ; minimum (1 hour)
-
- NS gw.home.vix.com.
- NS ns.uu.net.
- NS uucp-gw-1.pa.dec.com.
- NS uucp-gw-2.pa.dec.com.
-
- MX 10 gw.home.vix.com.
- MX 20 uucp-gw-1.pa.dec.com.
- MX 20 uucp-gw-1.pa.dec.com.
-==============
-
-I don't necessarily recommend those SOA values. Not every zone is as volatile
-as the example shown. I do recommend that serial number format; it's in date
-format with a 2-digit per-day revision number. This format will last us until
-2147 A.D. at which point I expect a better solution will have been found :-).
-(Note that it would last until 4294 A.D. except that there are some old BINDs
-out there that use a signed quantity for representing serial number interally;
-I suppose that as long as none of these are still running after 2047 A.D.,
-that we can use the above serial number format until 4294 A.D., at which point
-a better solution will HAVE to be found.)
-
-You'll note that I use a tab stop for "IN" even though I never again specify
-it. This leaves room for names longer than 7 bytes without messing up the
-columns. You might also note that I've put the MX priority and destination
-in the same tab stop; this is because both are part of the RRdata and both
-are very different from MX which is an RRtype. Some folks seem to prefer to
-group "MX" and the priority together in one tab stop. While this looks neat
-it's very confusing to newcomers and for them it violates the law of least
-astonishment.
-
-If you have a multi-level zone (one which contains names that have dots in
-them), you can use additional $ORIGIN statements but I recommend against it
-since there is no "back" operator. That is, given the above example you can
-add:
-
-=============
-$ORIGIN home
-gw A 192.5.5.1
-=============
-
-The problem with this is that subsequent RR's had better be somewhere under
-the "home.vix.com" name or else the $ORIGIN that introduces them will have
-to use a fully qualified name. FQDN $ORIGIN's aren't bad and I won't be mad
-if you use them. Unqualified ones as shown above are real trouble. I usually
-stay away from them and just put the whole name in:
-
-=============
-gw.home A 192.5.5.1
-=============
-
-In your reverse zones, you're usually in some good luck because the owner name
-is usually a single short token or sometimes two.
-
-=============
-$ORIGIN 5.5.192.in-addr.arpa.
-@ IN SOA ...
- NS ...
-1 PTR gw.home.vix.com.
--------------
-$ORIGIN 1.16.in-addr.arpa.
-@ IN SOA ...
- NS ...
-2.0 PTR gatekeeper.dec.com.
-=============
-
-It is usually pretty hard to keep your forward and reverse zones in synch.
-You can avoid that whole problem by just using "h2n" (see the ORA book, DNS
-and BIND, and its sample toolkit, included in the BIND distribution or on
-ftp.uu.net (use the QUOTE SITE EXEC INDEX command there to find this -- I
-never can remember where it's at). "h2n" and many tools like it can just
-read your old /etc/hosts file and churn it into DNS zone files. (May I
-recommend contrib/decwrl/mkdb.pl from the BIND distribution?) However, if
-you (like me) prefer to edit these things by hand, you need to follow the
-simple convention of making all of your holes consistent. If you use
-192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in your forward file
-you will have something like
-
-=============
-...
-gw.home A 192.5.5.1
-;avail A 192.5.5.2
-pc.home A 192.5.5.3
-=============
-
-and in your reverse file you will have something like
-
-=============
-...
-1 PTR gw.home.vix.com.
-;2 PTR avail
-3 PTR pc.home.vix.com.
-=============
-
-This convention will allow you to keep your sanity and make fewer errors.
-Any kind of automation (h2n, mkdb, or your own perl/tcl/awk/python tools)
-will help you maintain a consistent universe even if it's also a complex
-one. Editing by hand doesn't have to be deadly but you MUST take care.
-
-Anyone who wants to know how to maintain nonleaf zones, i.e., zones which
-have few or no hosts in them but have hundreds or thousands of delegations,
-should attend Usenix LISA in San Diego and be there for the SENDS talk.
-Contact office@usenix.org for conference information.
---
-Paul Vixie
-Redwood City, CA
-decwrl!vixie!paul
-<paul@vix.com>
diff --git a/contrib/bind/doc/notes/data b/contrib/bind/doc/notes/data
deleted file mode 100644
index e522392a38303..0000000000000
--- a/contrib/bind/doc/notes/data
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * We need a registy of name server addresses. For each, we retain an RTT
- * and a list of name server names which have used this address.
- */
-tree_t *by_nsaddr;
-struct by_nsaddr {
- u_int32_t rtt; /* measured. */
- char **names; /* NULL terminated array; strdup'd. */
-};
-
-/*
- * "struct server" is a name server, which can have many addresses. There
- * is no central registry of servers, since each creator can have a different
- * idea of what the addresses are.
- */
-struct server {
- char *name; /* made with strdup. */
- struct sockaddr_in *addrs; /* counted array. */
- int n_addrs; /* array size. */
-};
-
-/*
- * "struct zone" is a zone cut.
- */
-tree_t *by_class; /* zone[class]. */
-struct zone {
- enum {master, slave, cache, boot}
- type;
-
- /* Servers learned from boot cache, a parent zone, or !auth answer. */
- struct server *servers_notauth;
-
- /* Servers learned from authoritative answer or local zone. */
- struct server *servers_auth;
-
- /* Root node of zone. */
- struct node *root;
-};
-
-struct node {
- char *label; /* made with strdup. */
- tree_t *subs; /* subdomains (node[label]). */
- /* really this is "data" since for the zone cut tree we have no sets.*/
- tree_t *rrsets; /* rr sets (rrset[type]). */
-};
-
-struct rrset {
- rrtype type;
- u_int32_t ttl;
- u_char data[1]; /* struct size constrains this. */
-};
diff --git a/contrib/bind/doc/notes/db_names.c b/contrib/bind/doc/notes/db_names.c
deleted file mode 100644
index 0b4e62c78b833..0000000000000
--- a/contrib/bind/doc/notes/db_names.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright (c) 1996,1999 by Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-
-#include <ctype.h>
-#include <errno.h>
-#include <resolv.h>
-#include <stdio.h>
-
-#include "named.h"
-#include "tree.h"
-
-struct node {
- struct node *parent; /* NULL for "."'s node. */
- tree *children; /* Nodes using us as parent. */
- /*void *userdata;*/ /* For future use. */
- char name[sizeof(void*)]; /* Open array. */
-};
-
-static struct node rootNode;
-
-static int
-nodeCompare(t1, t2)
- const tree_t t1, t2;
-{
- const char *n1 = ((struct node *)t1)->name + sizeof(u_char),
- *n2 = ((struct node *)t2)->name + sizeof(u_char);
-
- return (strcasecmp(n1, n2));
-}
-
-/* void *
- * db_findname(const char *name, int storeflag)
- * find or store a presentation format domain name.
- * returns:
- * NULL if an error occurred (check errno)
- * else, node's unique, opaque address.
- */
-void *
-db_findname(name, storeflag)
- const char *name;
- int storeflag;
-{
- struct node *node, *tnode;
- const char *tname;
- size_t len;
- int ch;
-
- /* The root domain has its own static node. */
- if (name[0] == '\0')
- return (&rootNode);
-
- /* Locate the end of the first label. */
- for (tname = name; (ch = *tname) != '\0'; tname++) {
- /* Is this the end of the first label? */
- if (ch == '.')
- break;
- /* Is it an escaped character? */
- if (ch == '\\') {
- ch = *++tname;
- if (ch == '\0')
- break;
- }
- }
-
- /* Make sure the label's length will fit in our length byte. */
- len = tname - name;
- if (len > 255) {
- errno = ENAMETOOLONG;
- return (NULL);
- }
-
- /* If nothing but unescaped dots after this, elide them. */
- while (ch == '.')
- ch = *tname++;
-
- /*
- * Make a new node since the comparison function needs it
- * and we may yet end up adding it to our parent's tree.
- *
- * Note that by recursing for tnode->parent, we might be
- * creating our parents and grandparents and so on.
- */
- tnode = (struct node *)malloc(sizeof(struct node) - sizeof(void *)
- + sizeof(u_char) + len + sizeof(char));
- tnode->parent = db_findname(tname);
- tnode->children = NULL;
- *((u_char *)tnode->name) = (u_char)len;
- memcpy(tnode->name + sizeof(u_char), name, len);
- tnode->name[sizeof(u_char) + len] = '\0';
-
- /* If our first label isn't in our parent's tree, put it there. */
- node = tree_srch(&tnode->parent->children, nodeCompare, (tree_t)tnode);
- if (node == NULL)
- if (storeflag)
- if (tree_add(&tnode->parent->children, nodeCompare,
- (tree_t)tnode, NULL))
- node = tnode, tnode = NULL;
- else
- errno = ENOMEM;
- else
- errno = ENOENT;
-
- /* Get rid of tnode if we didn't consume it. */
- if (tnode != NULL)
- free(tnode);
-
- /* Return the (possibly new) node, or NULL, as appropriate. */
- return (node);
-}
-
-/* int
- * db_getname(void *node, char *name, size_t size)
- * given a node's unique, opaque address, format its name.
- * returns:
- * -1 = error occurred, check errno
- * 0 = success
- */
-int
-db_getname(vnode, name, size)
- const void *vnode;
- char *name;
- size_t size;
-{
- const struct node *node = vnode;
-
- while (node != NULL) {
- size_t len = (size_t)node->name[0];
-
- if (size < len + 1)
- goto too_long;
- memcpy(name, node->name + sizeof(u_char), len);
- name += len;
- *name++ = '.';
- size -= len + sizeof(char);
- node = node->parent;
- }
-
- if (size < sizeof(char)) {
- too_long:
- errno = ENAMETOOLONG;
- return (-1);
- }
- *name = '\0';
- return (0);
-}
-
-/*
- * char *
- * db_makename(void *node)
- * given a node's unique, opaque address, format and return its name.
- * returns:
- * pointer to the name or NULL on errors (check errno).
- * notes:
- * returns pointer to a static buffer, be careful how you call it.
- */
-char *
-db_makename(vnode)
- void *vnode;
-{
- static char name[MAXDNAME*2];
-
- if (db_getname(vnode, name, sizeof name) < 0)
- return (NULL);
- return (name);
-}
diff --git a/contrib/bind/doc/notes/irp.txt b/contrib/bind/doc/notes/irp.txt
deleted file mode 100644
index f2b59e263ea1f..0000000000000
--- a/contrib/bind/doc/notes/irp.txt
+++ /dev/null
@@ -1,521 +0,0 @@
-IRP Commands
-
-This document describes version 1 of IRP.
-
-IRP is a text-based command/response protocol like NNTP or SMTP.
-
-1.0 Response types: textual and status.
-
-1.1 Textual responses
-
-Textual responses are sent after a status response which indicates the text
-will follow. The text is a series of CR-LF terminated lines. On the last line a
-single period ``.'' will appear. If a normal text line starts with a period
-then this will be doubled before sending.
-
-There is no maximum line length for responses. Commands have a maximum line
-length of 1024 characters.
-
-The lines that make up the transmitted data are divided into fields. The fields
-are spearated by the colon character ``:'', except in one case (for host data)
-where the at-sign ``@'' is used instead. Some fields, such as alias names for
-hosts, can have multiple values, and these values are separated by commas.
-
-Most transmission of data requires no special character changes. The field
-separators and subfield separators don't normally appear in the data. However
-in one case they can (network names). So to avoid trouble, all ``special''
-characters found in any data fields are encoded in URL-encoding form. That is
-they are replaced with the 3-character sequence ``%xx'', where xx is the
-hexidecimal value of the ascii-code for the chatacter. i,e, ``:'' becomes
-``%58'', ``,'' becomes ``%44'' and ``%'' becomes ``%37''.
-
-For version 1 of IRP the set of special characters for purposes of encoding,
-is:
-
- `,', '%', ':', '@'
-
-In a couple cases (password structure and group structure), there may be
-encrypted passwords as part of the data. If the client is a privileged user
-that the server can verify (e.g. through the use of SunOS doors(2)), then the
-encrypted password will be sent back to the client. If the client is not
-privileged the password will be replaced with the string ``*''.
-
-
-1.2 Status responses.
-
-Status responses follow a numbering pattern similar to NNTP.
-
- 1xx - Informative message
- 2xx - Command ok
- 3xx - Command ok so far, send the rest of it.
- 4xx - Command was correct, but couldn't be performed for
- some reason.
- 5xx - Command unimplemented, or incorrect, or a serious
- program error occurred.
-
- The next digit in the code indicates the function response category.
-
- x0x - Connection, setup, and miscellaneous messages
- x1x - Host lookup
- x2x - Network lookup
- x3x - User lookup
- x4x - Group lookup
- x5x - Service lookup
- x6x - Protocol lookup
- x7x - Netgroup lookup
- x8x - Misc. Information Lookup
- x9x - Debugging output
-
- The final digit in the code indicates whether textual data follows
-
- xx0 - No textual data follows.
- xx1 - Textual data follows.
-
-2.0 Connection Establishment
-
- When the client connects to the server, the server will issue a welcome
- banner. If the server will accetp commands, then the banner will start with
- a status code indicating this, followed by a version number of the protocol
- it accepts. Other words may come on the line afterwards to indicate to
- humans the state of the server,
-
- If the server wont accept commands then it will issue a banner indicating
- that and will then drop the connection.
-
-2.1 Responses
-
- 200 1 Ready to go. ; note: The server handles version 1 of the protocol
- 200 2 Ready ; note: The server handles version 2 of the protocol
- 400 Sorry. Down to due to nightly backups.
-
-3.0 Commands
-
-3.1 The HOST commands
-
-3.1.1 GETHOSTBYNAME hostname
-3.1.2 GETHOSTBYNAME2 hostname address-family
-3.1.2 GETHOSTBYADDR address address-family
-3.1.3 GETHOSTENT
-
- Returns a textual response containing the information for the given host(s)
- (a struct hostent) encoded in an ascii format. gethostbyaddr and
- gethostbyname look up a specific host. GETHOSTENT returns the contents
- of the /etc/hosts file. The GETHOSTENT command is optional may not be
- supported by the server. The address-family paramater is the value
- "AF_INET" or "AF_INET6"
-
-{ XXX GETHOSTENT is optional as the gethostent(3) call isn't always available }
-
-3.1.4 Responses
-
- 210 No such host
- 211 Host found
-
- If the hostname given as the command argument doesn't exist, then the 210
- response will be returned. If the host is successfully looked up, then the
- 211 response is sent and a textual message is sent after. The textual
- message contains the host information encoded in an ascii form. The fields
- of the host data are separated by at-signs. Fields that have multiple values
- (like the aliases field) have their sub values separated by commas.
-
- hostname@aliases@address-type@address-length@address-list@
-
- - hostname is the FQDN of the host.
-
- - aliases is a comma separated list of FQDNs for the host aliases.
-
- - address-type is either the strings "AF_INET" or "AF_INET6"
-
- - address-length is the length of each address in bytes (after conversion
- back to binary form).
-
- - address-list is a comma separated list of dotted IPv4 if IPv6 addresses.
-
-{ XXX if we're going to include TTLs where should they go? Perhaps the
-address-list field should be "addr/ttl,addr/ttl,..." }
-
- For example:
-
- C: GETHOSTBYNAME gw.downtown.vix.com
-
- S: 210 No such host.
-
- C: GETHOSTBYNAME gw.home.vix.com
-
- S: 211 OK
- gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@
- .
-
- C: GETHOSTBYNAME2 gw.home.vix.com AF_INET6
- gw.home.vix.com@@AF_INET6@ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255@
- .
-
- C: GETHOSTBYADDR 192.5.5.1
-
- S: 211 OK
- gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@
- .
-
- C: GETHOSTENT
-
- S: 211 OK
- gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@
- data.pa.vix.com@@AF_INET@4@204.152.184.37@
- .
-
-
-3.2 The USER commands.
-
-3.2.1 GETPWNAM username
-3.2.2 GETPWUID uid
-3.2.3 GETPWENT
-
- Returns a textual response with the user information (a struct passwd)
- enocoded in an ascii format. The optional GETPWENT command transmits the
- entire /etc/password file
-
-{ XXX It's optional only cause it doesn't seem right to spit the password out
-to whoever wants it, even with encrypted passwords not being sent }
-
-3.2.4 Reponses
-
- 230 No such user
- 231 User found
-
- If the username or uid given as the command argument doesn't exist, then
- the 230 response will be returned. If the user is successfully looked up,
- then the 231 response is sent and a textual message is sent after. The
- textual message contains the user information encoded in an ascii form. The
- fields of the user data are separated by colons. The format is very similar
- to the /etc/password format (see passwd(5))
-
- username:password:uid:gid:class:change:expire:gecos:home_dir:shell:
-
- - username is the user's login name
-
- - password User's encrypted password (or the string "*" if the client is
- unprivileged)
-
- - uid User's numeric id.
-
- - gid User's numeric login group id.
-
- - class User's general classification (a string)
-
- - change Password change time (integer seconds from epoch)
-
- - expire Account expiration time (integer seconds from epoch)
-
- - gecos General information about the user.
-
- - home_dir User's home directory.
-
- - shell User's login shell.
-
- For example. Client being a non-privileged user:
-
- C: GETPWNAM brister
-
- S: 231 User found
- brister:*:1364:100:James Brister:/udir/brister:/bin/csh:
- .
-
- C: GETPWUID 6
- games:*:7:13:Games Pseudo-user:/usr/games:nologin
- .
-
- S: GETPWENT
- root:*:0:0:System Administrator:/root:/bin/csh
- postmast:*:4:4:Postmaster:/:/nologin
- daemon:*:1:1:System Daemon:/:nologin
- sys:*:2:2:Operating System:/tmp:nologin
- bin:*:3:7:BSDI Software:/usr/bsdi:nologin
- operator:*:5:5:System Operator:/usr/opr:/bin/csh
- uucp:*:6:6:UNIX-to-UNIX Copy:/var/spool/uucppublic:/usr/libexec/uucico
- .
-
- If a priviled user looks up a username:
-
- C: GETPWNAM www
-
- S: 231 User found
- www:WZajcgFCaAd8s:51:84::0:0:WWW-server:/var/www:/bin/sh
- .
-
-3.3 The NETWORK commands
-
-3.3.1 GETNETBYNAME network
-3.3.2 GETNETBYADDR dotted-ip-address address-family
-3.3.4 GETNETENT
-
- Returns a textual response with the network information (an IRS struct
- nwent, *not* a struct netent) enocoded in an ascii format. The optionally
- supported GETNETENT command transmits the entire /etc/networks file
-
-{ XXX should it be optional? }
-
-3.2.4 Reponses
-
- 220 No such network
- 221 Netork found
-
- If the network given as the command argument doesn't exist, then the 220
- response will be returned. If the network is successfully looked up, then
- the 221 response is sent and a textual message is sent after. The textual
- message contains the network information encoded in an ascii form. The fields
- of the network data are separated by colons.
-
- network-name:aliases:address-type:address-length:network-address:
-
- - network-name is the name of the network
-
- - aliases is a comma separated list of aliases for the network
-
- - address-type is ``AF_INET'' or ``AF_INET6''.
-
- - address-length is the number of bits the following network address uses.
-
- - address is the network address in a dotted ascii format. AF_INET address
- are padded with 0 bits to the full 32 bits before conversion to ascii for
- transmission. AF_INET6 addresses are padded to the full 128 bits with 0
- bits before conversion.
-
- For example:
-
- C: GETNETBYNAME vixie-net
-
- S: 221 Network found
- vixie-net::AF_INET:24:192.5.5.0:
- .
-
- C: GETNETBYADDR 10.0.0.1
-
- S: 221 Network found
- private-net:home-net,upstairs-net:AF_INET:8:10.0.0.0:
- .
-
- C: GETNETENT
-
- S: 221 OK
- vixie-net::AF_INET:24:192.5.5.0:
- private-net:home-net,upstairs-net:AF_INET:8:10.0.0.0:
- lookback-net::AF_INET:8:127.0.0.0
- .
-
-3.4 The GROUP commands
-
-3.4.1 GETGRNAM group
-3.4.2 GETGRGID gid
-3.4.3 GETGRENT
-
- Returns a textual response with the group information (a struct group)
- enocoded in an ascii format. The optionally supported GETGRENT command
- transmits the entire /etc/group file.
-
-3.4.4 Reponses
-
- 240 No such group
- 241 Group found
-
- If the group given as the command argument doesn't exist, then the 240
- response will be returned. If the group is successfully looked up, then
- the 241 response is sent and a textual message is sent after. The textual
- message contains the group information encoded in an ascii form. The fields
- of the group data are separated by colons.
-
- group-name:group-password:group-gid:group-members:
-
- - group-name is the name of the group.
-
- - group-password is the group's password. This will be correct if the
- client has appropriate privileges (see discussion above on the USER
- commands). Otherwise it will be the string ``*''
-
- - group-gid is the numeric id for the group
-
- - group-members is a comma separated list of usernames for all the members
- of the group.
-
- For example:
-
- C: GETGRNAM wheel
-
- S: 241 Group found
- wheel:*:0:root,brister,nathalie,tester:
-
- C: GETGRGID 20
-
- S: 241 Group found
- staff:*:20:root,brister:
-
- C: GETGRENT
-
- S: 241 OK
- wheel:*:0:root,brister,nathalie,tester:
- daemon:*:1:daemon:
- kmem:*:2:root:
- sys:*:3:root:
- tty:*:4:root:
- operator:*:5:root:
- uucp:*:6:brister:
- bin:*:7::
- news:*:8:brister:
- utmp:*:12::
- games:*:13::
- mail:*:14::
- staff:*:20:root,brister:
- .
-
-3.5 The SERVICE commands
-
-3.5.1 GETSERVBYNAME name protocol
-3.5.2 GETSERVBYPORT port protocol
-3.5.3 GETSERVENT
-
- Returns a textual response with the service information (a struct servent)
- enocoded in an ascii format. The optionally supported GETSERVENT command
- transmits the entire /etc/services file.
-
-3.5.4 Reponses
-
- 250 No such service
- 251 Group found
-
- If the group given as the command argument doesn't exist, then the 250
- response will be returned. If the service is successfully looked up, then
- the 251 response is sent and a textual message is sent after. The textual
- message contains the service information encoded in an ascii form. The fields
- of the service data are separated by colons.
-
- service-name:aliases:port-number:protocol:
-
- - The service name is the offical name of the services.
-
- - aliases is a comma separated list of aliases for the service.
-
- - port-number is the decimal number of the port used for the service.
-
- - protocol is the name of the protocol the service operates under. Usually
- either ``TCP'' or ``UCP''
-
- For example:
-
- C: GETSERVBYNAME nntp tcp
-
- S: 251 Service found
- nntp:readnews,untp:119:tcp:
- .
-
- C: GETSERVBYPORT 514 udp
- syslog::514:ucp:
- .
-
- C: GETSERVENT
- 251 OK
- tcpmux::1:tcp:
- echo::7:tcp:
- echo::7:udp:
- discard:sink,null:9:tcp:
- discard:sink,null:9:udp:
- systat:users:11:tcp:
- systat:users:11:udp:
- daytime::13:tcp:
- daytime::13:udp:
- netstat::15:tcp:
- qotd:quote:17:tcp:
- qotd:quote:17:udp:
- .
-
-3.6 The PROTOCOL commands
-
-3.6.1 GETPROTOBYNAME protocol-name
-3.6.2 GETPROTOBYNUMBER protocol-number
-3.6.3 GETPROTOENT
-
- Returns a textual response with the protocol information (a struct protoent)
- enocoded in an ascii format. The optionally supported GETPROTOENT command
- transmits the entire /etc/protocols file.
-
-3.6.4 Reponses
-
- 260 No such protocol
- 261 Protocol found
-
- If the protocol given as the command argument doesn't exist, then the 260
- response will be returned. If the service is successfully looked up, then
- the 261 response is sent and a textual message is sent after. The textual
- message contains the protocol information encoded in an ascii form. The fields
- of the protocol data are separated by colons.
-
- protocol-name:aliases:protocol-number:
-
- - protocol-name is the offical name of the protocol
-
- - aliases is a comma separated list of aliases for the protocol
-
- - protocol-nunber is the number of the protocol in decimal.
-
-
- For example:
-
- C: GETPROTOBYNAME ip
-
- S: 261 Protocol found
- ip:IP:0:
- .
-
- C: GETPROTOBYNUMBER 17
-
- S: 261 Protocol found
- udp:UDP:17:
- .
-
- C: GETPROTOENT
-
- S: 261 OK
- ip:IP:0:
- icmp:ICMP:1:
- igmp:IGMP:2:
- ggp:GGP:3:
- tcp:TCP:6:
- egp:EGP:8:
- pup:PUP:12:
- udp:UDP:17:
- hmp:HMP:20:
- xns-idp:XNS-IDP:22:
- rdp:RDP:27:
- iso-tp4:ISO-TP4:29:
- iso-ip:ISO-IP:80:
- encap:ENCAP:98:
- .
-
-3.7 The NETGROUP commands
-
-3.7.1 GETNETGRENT netgrouup
-
- Returns a textual response with the netgroup information enocoded in an
- ascii format.
-
-3.6.4 Reponses
-
- 270 No such netgroup
- 271 Netgroups found
-
- For the given netgroup a list of the netgroup entries will be
- returned. Each netgroup entry is three fields separated by colons. A field
- may be empty to indicate wildcarding.
-
- :hostname:username:domainname:
-
- For example:
-
- C: GETNETGRENT devlopers
-
- S: 271 OK
- :gw.home.vix.com:brister:vix.com:
- :bb.rc.vix.com:vixie::
- .
-
-
-
-
diff --git a/contrib/bind/doc/secure/copyright.txt b/contrib/bind/doc/secure/copyright.txt
deleted file mode 100644
index cc38356089062..0000000000000
--- a/contrib/bind/doc/secure/copyright.txt
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Portions Copyright (c) 1995,1996 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TRUSTED INFORMATION
- * SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- *
- * Trusted Information Systems, Inc. has received approval from the
- * United States Government for export and reexport of TIS/DNSSEC
- * software from the United States of America under the provisions of
- * the Export Administration Regulations (EAR) General Software Note
- * (GSN) license exception for mass market software. Under the
- * provisions of this license, this software may be exported or
- * reexported to all destinations except for the embargoed countries of
- * Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export
- * or reexport of TIS/DNSSEC software to the embargoed countries
- * requires additional, specific licensing approval from the United
- * States Government.
- */
diff --git a/contrib/bind/doc/secure/install.txt b/contrib/bind/doc/secure/install.txt
deleted file mode 100644
index bb5bc94c211d9..0000000000000
--- a/contrib/bind/doc/secure/install.txt
+++ /dev/null
@@ -1,155 +0,0 @@
-
-INSTALL_SEC
-
- Bind with Secure DNS (TIS/DNSSEC)
- Version 1.3.0 Beta
- September 1996
-
-This version has been compiled and tested on SUNOS 4.1.3,
-FreeBSD-2.1.5-REL and Linux 2.0.11.
-There may be still be portability problems.
-If you have access to other hardware platforms please let us know if
-there are any problems porting and send us patches, to include in
-future releases.
-
-This version of secure Bind uses RSAREF-2.0 library from RSA,
-First you should get/read the RSAREF FAQ
- http://www.consensus.com/rsaref-faq.html
-Then you can copy RSAREF from
- ftp://ftp.rsa.com/rsaref/README
-
-You need to read this README file carefully for further instructions.
-
-Installation: (this version is based on 4.9.4-REL-P1).
-
-1. The tar ball will create a directory sec_bind in the current directory
- untar the archive
- The content of the sec_bind directory has the same directory
- structure as bind distribution with the addition of the directories
- dnssec_lib/ and signer/, some named directories have been
- deleted from the distribution.
-
- dnssec_lib/ contains the library files for signature generation
- signer/ contains tools for signing bind boot files and
- generating keys.
-
- In addition, there is a new file, "res/res_sign.c", which
- contains library routines that are required in the resolver
- for displaying new RR types.
-
- You need to tailor sec_bind/Makefile to your system as you do
- with bind distributions.
-
- The sec_bind distribution expects to find RSAREF in the
- rsaref/ subdirectory. If you install RSAREF in a different
- place you can place a pointer to the RSAREF installation
- directory in place of sec_bind/rsaref.
-
- sec_bind/Makefile expects to find the RSAREF library file
- at sec_bind/rsaref/lib/rsaref.a. The RSAREF distribution
- does not contain that directory. If you are installing RSAREF
- for the first time create that directory copy the correct
- Makefile from the appropriate rsaref/install/ subdirectory.
- Sec_bind will compile RSAREF for you.
-
- We recommend that you use an ANSI C compliant compiler to
- compile this distribution.
-
-2. Follow Bind installation guidelines on your system
-
- Set your normal configuration in conf/options.h with the
- following exceptions/additions:
- ROUND_ROBIN must be OFF (for right now)
- DNS_SECURITY must be ON
- RSAREF must be ON if you have a copy of RSAREF.
- This version of sec_bind does not work well without RSAREF.
-
-3. make
- If you are going to use make install everything will work right
- out of the box. If you are going to run programs out of the
- sec_bind directory you need to set the DESTEXEC variables
- accordingly.
-
-4. Once everything compiles you can run the simple test that is include in
- the distribution.
-
- First you need to edit the file signer/simple_test/test.boot to
- set directory directive to the full path of the directory this
- file is in.
-
- Now the signer program can be run to sign the simple_test data.
- The signed zone will be written to /tmp
- % cd sec_bind/signer
- % make test
- The passwords for the keys in the distribution are:
- Key: Password:
- foo.bar foo.bar
- mobile.foo.bar mobile
- fix.foo.bar fix.foo.bar
- sub.foo.bar sub.foo.bar
- some.bar some.bar
-
- Notice the differences between simple_test/test.boot and
- /tmp/test.boot. The pubkey directive are required for correct
- behavior of new named.
-
- To check the if named can read the new zone files and verify
- the signatures run following commands
- % cd ../named
- % make test
-
- Exit/error code 66 indicates that program completed normally
- in "load-only" mode (new -l flag).
-
- If you want to load up named run same command as make test does
- without -l flag. (the -d 3 flag is to make sure the process
- does not do a fork).
- % ./named -p 12345 -b /tmp/test.boot -d 3
-
- % cd ../tools
- % ./dig @localhost snore.foo.bar. -p 12345
- This should return an A record + SIG(A) record
- % ./dig @localhost no_such_name.foo.bar. -p 12345
- This should return a NXT record +SIG(NXT) for *.foo.bar.
-
- You can also test against our nameserver for zone sd-bogus.tis.com
- the host is uranus.hq.tis.com(192.94.214.95)
- % ./dig @uranus.hq.tis.com sd-bogus.tis.com. soa
- will return the SOA and SIG(SOA) + KEY
- % ./dig @uranus.hq.tis.com sd-bogus.tis.com. mb
- will return NXT for sd-bogus.tis.com
- % ./dig @uranus.hq.tis.com foo.sd-bogus.tis.com. ns
- will NS +KEY for foo.sd-bog.tis.com.
-
-5. Converting your setup to secure DNS zones.
- need to create a key for your zone.
- If you have a copy of the last release of sec_bind the key file
- format has changed and you need to regenerate all your keys, Sorry.
- The new format for private key files is portable between
- different architectures and operating systems, the encryption
- of the key file is compatible with the des program.
-
- To generate key use sec_bind/signer/key_gen. To generate zone key
- for name you.bar, with 512 bit modulus and exponent of 3,
- execute following command
-
- % cd signer
- % ./key_gen -z -g 512 you.bar
-
- key_gen will ask for an encryption password for the private
- key file, if you do not want to encrypt the key hit <Return>.
- The program will output resource record suitable for zone file.
- key_gen creates two files you.bar.priv and foo.bar.public.
-
- If you want, at any time, to display the public key for foo.bar
- run key_gen without the -g flag or cat file foo.bar.public.
- key_gen without any flags will print out the usage information.
- key_gen has extensive error checking on flags.
-
- To modify the flags field for an existing key run key_gen with
- the new flags but without the -g flag.
-
- Note: The key above is suitable for signing records but not for
- encrypting data.
-
-6. Send problems, fixes and suggestions to dns-security@tis.com.
diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt
deleted file mode 100644
index d7b422ab1caab..0000000000000
--- a/contrib/bind/doc/secure/readme.txt
+++ /dev/null
@@ -1,93 +0,0 @@
-
- Secure DNS (TIS/DNSSEC)
- September 1996
-
-Copyright (C) 1995,1996 Trusted Information Systems, Incorporated
-
-Trusted Information Systems, Inc. has received approval from the
-United States Government for export and reexport of TIS/DNSSEC
-software from the United States of America under the provisions of
-the Export Administration Regulations (EAR) General Software Note
-(GSN) license exception for mass market software. Under the
-provisions of this license, this software may be exported or
-reexported to all destinations except for the embargoed countries of
-Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export
-or reexport of TIS/DNSSEC software to the embargoed countries
-requires additional, specific licensing approval from the United
-States Government.
-
-Trusted Information Systems, Inc., is pleased to
-provide a reference implementation of the secure Domain Name System
-(TIS/DNSSEC). In order to foster acceptance of secure DNS and provide
-the community with a usable, working version of this technology,
-TIS/DNSSEC is being made available for broad use on the following basis.
-
-- Trusted Information Systems makes no representation about the
- suitability of this software for any purpose. It is provided "as is"
- without express or implied warranty.
-
-- TIS/DNSSEC is distributed in source code form, with all modules written
- in the C programming language. It runs on many UNIX derived platforms
- and is integrated with the Bind implementation of the DNS protocol.
-
-- This beta version of TIS/DNSSEC may be used, copied, and modified for
- testing and evaluation purposes without fee during the beta test
- period, provided that this notice appears in supporting documentation
- and is retained in all software modules in which it appears. Any other
- use requires specific, written prior permission from Trusted Information
- Systems.
-
-TIS maintains the email distribution list dns-security@tis.com for
-discussion of secure DNS. To join, send email to
- dns-security-request@tis.com.
-
-TIS/DNSSEC technical questions and bug reports should be addressed to
- dns-security@tis.com.
-
-To reach the maintainers of TIS/DNSSEC send mail to
- tisdnssec-support@tis.com
-
-TIS/DNSSEC is a product of Trusted Information Systems, Inc.
-
-This is an beta version of Bind with secure DNS extensions it uses
-RSAREF which you must obtain separately.
-
-Implemented and tested in this version:
- Portable key storage format.
- Improved authentication API
- Support for using different authentication packages.
- All Security RRs including KEY SIG, NXT, and support for wild cards
- tool for generating KEYs
- tool for signing RRs in boot files
- verification of RRs on load
- verification of RRs over the wire
- transmission of SIG RRs
- returns NXT when name and/or type does not exist
- storage of NXT, KEY, and SIG RRs with CNAME RR
- AD/ID bits added to header and setting of these bits
- key storage and retrieval
- dig and nslookup can display new header bits and RRs
- AXFR signature RR
- keyfile directive
- $SIGNER directive (to turn on and off signing)
- adding KEY to answers with NS or SOA
- SOA sequence numbers are now set each time zone is signed
- SIG AXFR ignores label count of names
- generation and inclusion of .PARENT files
- Returns only one NXT at delegation points unless two are required
- Expired SIG records are now returned in response to query
-
-Implemented but not fully tested:
-
-Known bugs:
-
-Not implemented:
- ROUND_ROBIN behaviour
- zone transfer in SIG(AXFR) sort order.
- transaction SIGs
- verification in resolver. (stub resolvers must trust local servers
- resolver library is to low level to implement security)
- knowing when to trust the AD bit in responses
-
-Read files INSTALL_SEC and USAGE_SEC for installation and user
-instructions, respectively.
diff --git a/contrib/bind/doc/secure/usage.txt b/contrib/bind/doc/secure/usage.txt
deleted file mode 100644
index aa8eebc670aa9..0000000000000
--- a/contrib/bind/doc/secure/usage.txt
+++ /dev/null
@@ -1,215 +0,0 @@
-
- USAGE_SEC
- Secure DNS (TIS/DNSSEC)
- September 1996
-
-This is the usage documentation for TIS' Secure DNS (TIS/DNSSEC) version
-BETA-1.3. This looks like a standard named distribution, with
-the following exceptions
-
- this version is coded against BIND-4.9.4-P1
-
- there are three new directories in this distribution
- dnssec_lib
- signer
- rsaref
-
-
- rsaref/ is place holder directory for RSAREF distribution.
- You must get RSAREF on your own.
-
- signer/ contains two applications needed by DNSSEC:
- signer: tool to sign zones
- key_gen: tool to generate keys
- dnssec_lib/ contains common library routines that are used by
- named, key_gen and signer.
- This is where most of the DNSSEC work is done.
-
-Before compiling you need to do your standard configurations for named
-and the edits explained in INSTALL_SEC. This version has been tested
-on SUNOS4.1.3. This version includes portability fixes from previous
-beta releases for Linux, Solaris-2.4, HPUX-9 and FreeBSD.
-
-CHANGES TO BIND
-
-res/
-
- There are minor changes to the files in the res directory. Most of
- the changes have to do with displaying NXT
- records. There are also some changes related to translating
- domain names into uncompressed lower case names upon request.
-
-tools/
- Minor changes to recognize NXT records and display them.
-
-named/
- Added code to read and write new record types.
- Added code to do signature validation on read.
- Added code to return appropriate SIG records.
- Added security flags to databuf and zoneinfo structures.
- Names can now have CNAME record and security RR's.
- Records are stored and transmitted in DNS SEC sort order.
-
-conf/
-
- Turned off ROUND_ROBIN option and installed new sorting required
- for signature verification.
-
-signer/
- NXT record generation.
- Key generation
- Signing of zones
- Converting data records to format required for signatures.
-
-dnssec_lib/
- Interfacing with Crypto library.
- Verifying signatures,
- preparing data for signing and verification
-
-The role of <zone>.PARENT files:
-
-DNSSEC specification requires change who is authorative for certain
-resource records. In order to support certification hierarchy each
-zone KEY RR must be signed by parent zone. The parent signed KEY RR
-must be distributed by the zone itself as it is the most authorative
-for its own records.
-
-To facilitate this TIS/DNSSEC signer program creates a <name>.PARENT
-file for every name in a zone that has a NS record. This file contains
-the KEY records stored under this name and
-NXT record and corresponding SIG records. If no KEY record is found
-for a name with a NS record a NULL-KEY record is generated to indicate
-that the child is INSECURE.
-
-Each <zone>.PARENT file must be sent via an out of band mechanism to
-the appropriate primary for the zone, for inclusion. signer program
-adds an $INCLUDE <zone>.PARENT command at the end of each zone file,
-if no file exists an warning message is printed.
-
-Potential PROBLEM: It is likely that the parent and child are on a
-different signing schedule. If new <zone>.PARENT file is put on the
-primary, due to the fact that the zone data changed but the SOA did
-not, it may take a long time for new records to propagate to the
-secondaries. This is only a problem if zone has added/deleted a KEY
-or if the the signatures will expire in the near future. To overcome
-this problem, resign your zone when any of above conditions is true.
-DNS NOTIFY and/or DNS DYNUPDATE may fix this problem in the future.
-
-TIS/DNSSEC SOA serial numbers. To facilitate prompt distribution of
-zone data to secondaries, signer takes over the management of SOA
-serial numbers. Each time signer signs a zone it sets the serial
-number to a value reflecting the time the zone was signed, in standard
-Unix time seconds since 1970/1/1 0:0:0 GMT.
-
-How to configure a secure zone.
- Create a directory <zone> to contain your zone files.
- Create a output directory <outdir> for the signer output.
- Put in <zone> a boot file that includes the files from that zone.
- Create a KEY for the zone by running key_gen, Name the key <domain>.
-
- Run signer on your zone writing to the output directory <outdir>.
- Signer will rewrite the boot file to include new directive
- "pubkey" of the key used to sign the file. If there where
- any pubkey declarations in the input boot file they will be
- deleted.
- Signer generates files that correspond to the load files specified.
-
- In case of load file that $INCLUDEs another load file, signer will
- merge them to the output file.
- You will notice that the output files are significantly larger.
- The output files will be in a different order than the input files,
- all records are sorted into DNSSEC sort order.
- NXT and SIG records have been added.
-
- If there are any NS records for a name other than the zone name of
- each input file you will see messages that NULL KEY records
- have been created, if this is not correct behavior, add
- the correct KEY RRs.
- For each domain name that has a NS record but is not a zone name
- of load file you will see a file named <name>.PARENT,
- this file contains the KEY record for that name and an
- NXT record + 2 SIG records.
- This file needs to be sent to the nameserver that is primary for that
- zone. There are two reasons for this:
- 1. To support Certification Hierarchy, each zone key is
- signed by the parent zone key.
- 2. Zone is the most trustworthy source for itself unless
- these records are loaded into the primary server for
- the zone, the records may not get propagated.
-
-how to run SEC_NAMED:
-
-Included in the distribution there is a small test setup:
-
-# run signer
-./signer boot-f simple_test/test.boot [out-dir /tmp]
-# or
-make test
-# This takes few minutes to run depending on your machine and the size
-# of the key selected
-# all output files will be stored in /tmp unless out-dir is specified
-
-#
-# Now we are ready to run named
-cd ../named
-./named -p 12345 -b /tmp/test.boot.save [-d x]
-
-#
-# you can now check for data in the data base
-# using the new dig.
-#
-cd ../tools
-./dig @yourhost snore.foo.bar. any in -p 12345
-
-#
-# Output from new dig will be something like this
-#
-; <<>> DiG 2.1 <<>> @dnssrv snore.foo.bar. any in -p
-; (1 server found)
-;; res options: init recurs defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
-;; flags: qr rd ra; Ques: 1, Ans: 11, Auth: 0, Addit: 1
-;; QUESTIONS:
-;; snore.foo.bar, type = ANY, class = IN
-
-;; ANSWERS:
-snore.foo.bar. 259200 A 10.17.3.20
-snore.foo.bar. 259200 SIG A (
- 1 3; alg labels
- 259200 ; TTL
- 19950506200636 ; Signature expiration
- 19950406200659 ; time signed
- 47437 ; Key foot print
- foo.bar. ; Signers name
- FsqeW3hstM8Q6v8PMCGPsVMfO6dEpHjFgKm2dJRaofFtCQ/CT9O6Vo7J5zgkV+5ciWQwuZwvzW071jnZ1i27Ip/8vqdKGHC63tjWkCHSZV0=
- ) ; END Signature
-snore.foo.bar. 259200 MX 96 who.foo.bar.
-snore.foo.bar. 259200 MX 100 foo.bar.
-snore.foo.bar. 259200 MX 120 xxx.foo.bar.
-snore.foo.bar. 259200 MX 130 maGellan.foo.bar.
-snore.foo.bar. 259200 MX 140 bozo.foo.bar.
-snore.foo.bar. 259200 SIG MX (
- 1 3; alg labels
- 259200 ; TTL
- 19950506200636 ; Signature expiration
- 19950406200659 ; time signed
- 47437 ; Key foot print
- foo.bar. ; Signers name
- EV0cJqF3pUOgktggTrFf55YGwQFbUqPJAMTnAkHK3+Z/Ya6GgwwNOGRzq/FYm5P4E+yIj6WUYFh9Ex5eX5TwiIsjM/hy173lSa3qm/ljDk8=
- ) ; END Signature
-snore.foo.bar. 259200 NXT xxx.foo.bar.
-snore.foo.bar. 259200 SIG NXT (
- 1 3; alg labels
- 259200 ; TTL
- 19950506200636 ; Signature expiration
- 19950406200659 ; time signed
- 47437 ; Key foot print
- foo.bar. ; Signers name
- eJUHVm5Q5qYQYFVOW0L5Of67HQvQ9+7T7sQqHv7ayTT2sMnXudxviYv43vALMMwBcJFXFEhLhwYwN7pUDssD/w5si/6JJQTi1o30S8si3zE=
- ) ; END Signature
-
-;; Total query time: 195 msec
-;; FROM: dnssrv to SERVER: dnssrv 10.17.3.1
-;; WHEN: Thu Apr 6 16:20:32 1995
-;; MSG SIZE sent: 31 rcvd: 662