summaryrefslogtreecommitdiff
path: root/FAQ
diff options
context:
space:
mode:
Diffstat (limited to 'FAQ')
-rw-r--r--FAQ675
1 files changed, 675 insertions, 0 deletions
diff --git a/FAQ b/FAQ
new file mode 100644
index 000000000000..ba87de21652d
--- /dev/null
+++ b/FAQ
@@ -0,0 +1,675 @@
+Frequently Asked Questions about BIND 9
+
+Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+
+Copyright © 2000-2003 Internet Software Consortium.
+
+-------------------------------------------------------------------------------
+
+Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
+
+A: Linux threads do not fully implement the Posix threads (pthreads) standard. In
+ particular, setuid() operates only on the current thread, not the full process.
+ Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on
+ all other supported platforms. setuid() cannot be called before creating
+ threads, since the server does not start listening on reserved ports until
+ after threads have started.
+
+ In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
+ capabilities across a setuid() call is present. This allows BIND 9 to call
+ setuid() early, while retaining the ability to bind reserved ports. This is a
+ Linux-specific hack.
+
+ On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of
+ a security risk than a root process that has not dropped privileges.
+
+ If Linux threads ever work correctly, this restriction will go away.
+
+ Configuring BIND9 with the --disable-threads option (the default) causes a
+ non-threaded version to be built, which will allow -u to be used.
+
+Q: Why do I get the following errors:
+
+ general: errno2result.c:109: unexpected error:
+ general: unable to convert errno to isc_result: 14: Bad address
+ client: UDP client handler shutting down due to fatal receive error: unexpected error
+
+A: This is the result of a Linux kernel bug.
+
+ See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+
+Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
+ instead"?
+
+A: Your zone file is illegal according to RFC1035. It must either have a line
+ like:
+
+ $TTL 86400
+
+ at the beginning, or the first record in it must have a TTL field, like the
+ "84600" in this example:
+
+ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
+
+Q: Why do I see 5 (or more) copies of named on Linux?
+
+A: Linux threads each show up as a process under ps. The approximate number of
+ threads running is n+4, where n is the number of CPUs. Note that the amount of
+ memory used is not cumulative; if each process is using 10M of memory, only a
+ total of 10M is used.
+
+ Newer versions of Linux's ps command hide the individual threads and require -L
+ to display them.
+
+Q: Why does BIND 9 log "permission denied" errors accessing its configuration
+ files or zones on my Linux system even though it is running as root?
+
+A: On Linux, BIND 9 drops most of its root privileges on startup. This including
+ the privilege to open files owned by other users. Therefore, if the server is
+ running as root, the configuration files and zone files should also be owned by
+ root.
+
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar:
+ ran out of space"?
+
+A: This is often caused by TXT records with missing close quotes. Check that all
+ TXT records containing quoted strings have both open and close quotes.
+
+Q: How do I produce a usable core file from a multithreaded named on Linux?
+
+A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
+ (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
+ apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
+ kernel. This patch will cause multithreaded programs to dump the correct
+ thread.
+
+Q: How do I restrict people from looking up the server version?
+
+A: Put a "version" option containing something other than the real version in the
+ "options" section of named.conf. Note doing this will not prevent attacks and
+ may impede people trying to diagnose problems with your server. Also it is
+ possible to "fingerprint" nameservers to determine their version.
+
+Q: How do I restrict only remote users from looking up the server version?
+
+A: The following view statement will intercept lookups as the internal view that
+ holds the version information will be matched last. The caveats of the previous
+ answer still apply, of course.
+
+ view "chaos" chaos {
+ match-clients { <those to be refused>; };
+ allow-query { none; };
+ zone "." {
+ type hint;
+ file "/dev/null"; // or any empty file
+ };
+ };
+
+Q: What do "no source of entropy found" or "could not open entropy source foo"
+ mean?
+
+A: The server requires a source of entropy to perform certain operations, mostly
+ DNSSEC related. These messages indicate that you have no source of entropy. On
+ systems with /dev/random or an equivalent, it is used by default. A source of
+ entropy can also be defined using the random-device option in named.conf.
+
+Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
+
+A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
+ under /usr. Check that the correct named is running.
+
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm
+ sure I have the keys set up correctly, but the server is rejecting the TSIG.
+ Why?
+
+A: This may be a clock skew problem. Check that the the clocks on the client and
+ server are properly synchronised (e.g., using ntp).
+
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
+ found. Why?
+
+A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
+ doesn't work. If you are using one of these, use normal make or gmake instead.
+
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error
+ messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's
+ wrong?
+
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND
+ 8.2.4. It can be safely ignored - the notify has been acted on by the slave
+ despite the error message.
+
+Q: I keep getting log messages like the following. Why?
+
+ Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
+ failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
+
+A: DNS updates allow the update request to test to see if certain conditions are
+ met prior to proceeding with the update. The message above is saying that
+ conditions were not met and the update is not proceeding. See doc/rfc/
+ rfc2136.txt for more details on prerequisites.
+
+Q: I keep getting log messages like the following. Why?
+
+ Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
+
+A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
+ protocol. Windows 2000 machines have a habit of sending dynamic update requests
+ to DNS servers without being specifically configured to do so. If the update
+ requests are coming from a Windows 2000 machine, see http://
+ support.microsoft.com/support/kb/articles/q246/8/04.asp for information about
+ how to turn them off.
+
+Q: I see a log message like the following. Why?
+
+ couldn't open pid file '/var/run/named.pid': Permission denied
+
+A: You are most likely running named as a non-root user, and that user does not
+ have permission to write in /var/run. The common ways of fixing this are to
+ create a /var/run/named directory owned by the named user and set pid-file to "
+ /var/run/named/named.pid", or set pid-file to "named.pid", which will put the
+ file in the directory specified by the directory option (which, in this case,
+ must be writable by the named user).
+
+Q: When I do a "dig . ns", many of the A records for the root servers are missing.
+ Why?
+
+A: This is normal and harmless. It is a somewhat confusing side effect of the way
+ BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid
+ promoting glue into answers.
+
+ When BIND 9 first starts up and primes its cache, it receives the root server
+ addresses as additional data in an authoritative response from a root server,
+ and these records are eligible for inclusion as additional data in responses.
+ Subsequently it receives a subset of the root server addresses as additional
+ data in a non-authoritative (referral) response from a root server. This causes
+ the addresses to now be considered non-authoritative (glue) data, which is not
+ eligible for inclusion in responses.
+
+ The server does have a complete set of root server addresses cached at all
+ times, it just may not include all of them as additional data, depending on
+ whether they were last received as answers or as glue. You can always look up
+ the addresses with explicit queries like "dig a.root-servers.net A".
+
+Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
+
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages
+ larger than 16K are not handled properly. This can be worked around by setting
+ the option "transfer-format one-answer;". Also check whether your zone contains
+ domain names with embedded spaces or other special characters, like "John\
+ 032Doe\213s\032Computer", since such names have been known to cause Windows
+ 2000 slaves to incorrectly reject the zone.
+
+Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
+
+A: A zone can be updated either by editing zone files and reloading the server or
+ by dynamic update, but not both. If you have enabled dynamic update for a zone
+ using the "allow-update" option, you are not supposed to edit the zone file by
+ hand, and the server will not attempt to reload it.
+
+Q: I can query the nameserver from the nameserver but not from other machines.
+ Why?
+
+A: This is usually the result of the firewall configuration stopping the queries
+ and / or the replies.
+
+Q: How can I make a server a slave for both an internal and an external view at
+ the same time? When I tried, both views on the slave were transferred from the
+ same view on the master.
+
+A: You will need to give the master and slave multiple IP addresses and use those
+ to make sure you reach the correct view on the other machine.
+
+ Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.1;
+ transfer-source 10.0.1.1;
+ query-source address 10.0.1.1;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.2;
+ transfer-source 10.0.1.2;
+ query-source address 10.0.1.2;
+
+ Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
+ internal:
+ match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+ notify-source 10.0.1.3;
+ transfer-source 10.0.1.3;
+ query-source address 10.0.1.3;
+ external:
+ match-clients { any; };
+ recursion no; // don't offer recursion to the world
+ notify-source 10.0.1.4;
+ transfer-source 10.0.1.4;
+ query-source address 10.0.1.4;
+
+ You put the external address on the alias so that all the other dns clients on
+ these boxes see the internal view by default.
+
+A: BIND 9.3 and later: Use TSIG to select the appropriate view.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.1.2 { keys external; };
+ recursion no;
+ ...
+ };
+
+ Slave 10.0.1.2:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+ view "internal" {
+ match-clients { !key external; 10.0.1/24; };
+ ...
+ };
+ view "external" {
+ match-clients { key external; any; };
+ server 10.0.1.1 { keys external; };
+ recursion no;
+ ...
+ };
+
+Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
+
+A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
+ certain interrupts as a source of random events. You can make this permanent by
+ setting rand_irqs in /etc/rc.conf.
+
+ /etc/rc.conf
+ rand_irqs="3 14 15"
+
+ See also http://people.freebsd.org/~dougb/randomness.html
+
+Q: Why is named listening on UDP port other than 53?
+
+A: Named uses a system selected port to make queries of other nameservers. This
+ behaviour can be overridden by using query-source to lock down the port and/or
+ address. See also notify-source and transfer-source.
+
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other
+ data" when transferring a zone. What does this mean?
+
+A: These indicate a malformed master zone. You can identify the exact records
+ involved by transferring the zone using dig then running named-checkzone on it.
+
+ dig axfr example.com @master-server > tmp
+ named-checkzone example.com tmp
+
+ A CNAME record cannot exist with the same name as another record except for the
+ DNSSEC records which prove its existance (NSEC).
+
+ RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
+ should be present; this ensures that the data for a canonical name and its
+ aliases cannot be different. This rule also insures that a cached CNAME can be
+ used without checking with an authoritative server for other RR types."
+
+Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is
+ the last line of named.conf.
+
+A: Some text editors (notepad and wordpad) fail to put a line title indication
+ (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a
+ blank line to the end of the file. Named expects to see EOF immediately after
+ EOL and treats text files where this is not met as truncated.
+
+Q: I get warning messages like "zone example.com/IN: refresh: failure trying
+ master 1.2.3.4#53: timed out".
+
+A: Check that you can make UDP queries from the slave to the master
+
+ dig +norec example.com soa @1.2.3.4
+
+ You could be generating queries faster than the slave can cope with. Lower the
+ serial query rate.
+
+ serial-query-rate 5; // default 20
+
+Q: How do I share a dynamic zone between multiple views?
+
+A: You choose one view to be master and the second a slave and transfer the zone
+ between views.
+
+ Master 10.0.1.1:
+ key "external" {
+ algorithm hmac-md5;
+ secret "xxxxxxxx";
+ };
+
+ key "mykey" {
+ algorithm hmac-md5;
+ secret "yyyyyyyy";
+ };
+
+ view "internal" {
+ match-clients { !external; 10.0.1/24; };
+ server 10.0.1.1 {
+ /* Deliver notify messages to external view. */
+ keys { external; };
+ };
+ zone "example.com" {
+ type master;
+ file "internal/example.db";
+ allow-update { key mykey; };
+ notify-also { 10.0.1.1; };
+ };
+ };
+
+ view "external" {
+ match-clients { external; any; };
+ zone "example.com" {
+ type slave;
+ file "external/example.db";
+ masters { 10.0.1.1; };
+ transfer-source { 10.0.1.1; };
+ // allow-update-forwarding { any; };
+ // allow-notify { ... };
+ };
+ };
+
+Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
+ file primaries/wireless.ietf56.ietf.org: no owner".
+
+A: This error is produced when a line in the master file contains leading white
+ space (tab/space) but the is no current record owner name to inherit the name
+ from. Usually this is the result of putting white space before a comment.
+ Forgeting the "@" for the SOA record or indenting the master file.
+
+Q: Why are my logs in GMT (UTC).
+
+A: You are running chrooted (-t) and have not supplied local timzone information
+ in the chroot area.
+
+ FreeBSD: /etc/localtime
+ Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
+ OSF: /etc/zoneinfo/localtime
+
+ See also tzset(3) and zic(8).
+
+Q: I get the error message "named: capset failed: Operation not permitted" when
+ starting named.
+
+A: The capability module, part of "Linux Security Modules/LSM", has not been
+ loaded into the kernel. See insmod(8).
+
+Q: I get "rndc: connect failed: connection refused" when I try to run rndc.
+
+A: This is usually a configuration error.
+
+ First ensure that named is running and no errors are being reported at startup
+ (/var/log/messages or equivalent). Running "named -g <usual arguments>" from a
+ title can help at this point.
+
+ Secondly ensure that named is configured to use rndc either by "rndc-confgen
+ -a", rndc-confgen or manually. The Administrators Reference manual has details
+ on how to do this.
+
+ Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
+ rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
+ the default server listed in /etc/rndc.conf matches the addresses used in
+ named.conf. "localhost" has two address (127.0.0.1 and ::1).
+
+ If you use "rndc-confgen -a" and named is running with -t or -u ensure that /
+ etc/rndc.conf has the correct ownership and that a copy is in the chroot area.
+ You can do this by re-running "rndc-confgen -a" with appropriate -t and -u
+ arguments.
+
+Q: I don't get RRSIG's returned when I use "dig +dnssec".
+
+A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
+
+Q: I get "Error 1067" when starting named under Windows.
+
+A: This is the service manager saying that named exited. You need to examine the
+ Application log in the EventViewer to find out why.
+
+ Common causes are that you failed to create "named.conf" (usually "C:\windows\
+ dns\etc\named.conf") or failed to specify the directory in named.conf.
+
+ options {
+ Directory "C:\windows\dns\etc";
+ };
+
+Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
+ receiving responses: permission denied" error messages.
+
+A: These indicate a filesystem permission error preventing named creating /
+ renaming the temporary file. These will usually also have other associated
+ error messages like
+
+ "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
+
+ Named needs write permission on the directory containing the file. Named writes
+ the new cache file to a temporary file then renames it to the name specified in
+ named.conf to ensure that the contents are always complete. This is to prevent
+ named loading a partial zone in the event of power failure or similar
+ interrupting the write of the master file.
+
+ Note file names are relative to the directory specified in options and any
+ chroot directory ([<chroot dir>/][<options dir>]).
+
+ If named is invoked as "named -t /chroot/DNS" with the following named.conf
+ then "/chroot/DNS/var/named/sl" needs to be writable by the user named is
+ running as.
+
+ options {
+ directory "/var/named";
+ };
+
+ zone "example.net" {
+ type slave;
+ file "sl/example.net";
+ masters { 192.168.4.12; };
+ };
+
+Q: How do I intergrate BIND 9 and Solaris SMF
+
+A: Sun has a blog entry describing how to do this.
+
+ http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+
+Q: Can a NS record refer to a CNAME.
+
+A: No. The rules for glue (copies of the *address* records in the parent zones)
+ and additional section processing do not allow it to work.
+
+ You would have to add both the CNAME and address records (A/AAAA) as glue to
+ the parent zone and have CNAMEs be followed when doing additional section
+ processing to make it work. No namesever implementation supports either of
+ these requirements.
+
+Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
+
+A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
+ using then you have failed to follow RFC 1918 usage rules and are leaking
+ queries to the Internet. You should establish your own zones for these
+ addresses to prevent you quering the Internet's name servers for these
+ addresses. Please see http://as112.net/ for details of the problems you are
+ causing and the counter measures that have had to be deployed.
+
+ If you are not using these private addresses then a client has queried for
+ them. You can just ignore the messages, get the offending client to stop
+ sending you these messages as they are most probably leaking them or setup your
+ own zones empty zones to serve answers to these queries.
+
+ zone "10.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
+
+ zone "16.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
+
+ ...
+
+ zone "31.172.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
+
+ zone "168.192.IN-ADDR.ARPA" {
+ type master;
+ file "empty";
+ };
+
+ empty:
+ @ 10800 IN SOA <name-of-server>. <contact-email>. (
+ 1 3600 1200 604800 10800 )
+ @ 10800 IN NS <name-of-server>.
+
+ Note
+
+ Future versions of named are likely to do this automatically.
+
+Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
+
+ Why can't named update slave zone database files?
+
+ Why can't named create DDNS journal files or update the master zones from
+ journals?
+
+ Why can't named create custom log files?
+
+A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
+
+ Red Hat have adopted the National Security Agency's SELinux security policy (
+ see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
+ are more secure than running named in a chroot and make use of the bind-chroot
+ environment unecessary .
+
+ By default, named is not allowed by the SELinux policy to write, create or
+ delete any files EXCEPT in these directories:
+
+ $ROOTDIR/var/named/slaves
+ $ROOTDIR/var/named/data
+ $ROOTDIR/var/tmp
+
+
+ where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
+
+ The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var
+ /named directory, the default location for master zone database files.
+
+ SELinux policy overrules file access permissions - so even if all the files
+ under /var/named have ownership named:named and mode rw-rw-r--, named will
+ still not be able to write or create files except in the directories above,
+ with SELinux in Enforcing mode.
+
+ So, to allow named to update slave or DDNS zone files, it is best to locate
+ them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as:
+
+ zone "slave.zone." IN {
+ type slave;
+ file "slaves/slave.zone.db";
+ ...
+ };
+ zone "ddns.zone." IN {
+ type master;
+ allow-updates {...};
+ file "slaves/ddns.zone.db";
+ };
+
+
+ To allow named to create its cache dump and statistics files, for example, you
+ could use named.conf options statements such as:
+
+ options {
+ ...
+ dump-file "/var/named/data/cache_dump.db";
+ statistics-file "/var/named/data/named_stats.txt";
+ ...
+ };
+
+
+ You can also tell SELinux to allow named to update any zone database files, by
+ setting the SELinux tunable boolean parameter 'named_write_master_zones=1',
+ using the system-config-securitylevel GUI, using the 'setsebool' command, or in
+ /etc/selinux/targeted/booleans.
+
+ You can disable SELinux protection for named entirely by setting the
+ 'named_disable_trans=1' SELinux tunable boolean parameter.
+
+ The SELinux named policy defines these SELinux contexts for named:
+
+ named_zone_t : for zone database files - $ROOTDIR/var/named/*
+ named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
+ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
+
+
+ If you want to retain use of the SELinux policy for named, and put named files
+ in different locations, you can do so by changing the context of the custom
+ file locations .
+
+ To create a custom configuration file location, eg. '/root/named.conf', to use
+ with the 'named -c' option, do:
+
+ # chcon system_u:object_r:named_conf_t /root/named.conf
+
+
+ To create a custom modifiable named data location, eg. '/var/log/named' for a
+ log file, do:
+
+ # chcon system_u:object_r:named_cache_t /var/log/named
+
+
+ To create a custom zone file location, eg. /root/zones/, do:
+
+ # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
+
+
+ See these man-pages for more information : selinux(8), named_selinux(8), chcon
+ (1), setsebool(8)
+
+Q: I want to forward all DNS queries from my caching nameserver to another server.
+ But there are some domains which have to be served locally, via rbldnsd.
+
+ How do I achieve this ?
+
+A: options {
+ forward only;
+ forwarders { <ip.of.primary.nameserver>; };
+ };
+
+ zone "sbl-xbl.spamhaus.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+ zone "list.dsbl.org" {
+ type forward; forward only;
+ forwarders { <ip.of.rbldns.server> port 530; };
+ };
+
+
+Q: Will named be affected by the 2007 changes to daylight savings rules in the US.
+
+A: No, so long as the machines internal clock (as reported by "date -u") remains
+ at UTC. The only visible change if you fail to upgrade your OS, if you are in a
+ affected area, will be that log messages will be a hour out during the period
+ where the old rules do not match the new rules.
+
+ For most OS's this change just means that you need to update the conversion
+ rules from UTC to local time. Normally this involves updating a file in /etc
+ (which sets the default timezone for the machine) and possibly a directory
+ which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
+ When updating the OS do not forget to update any chroot areas as well. See your
+ OS's documetation for more details.
+
+ The local timezone conversion rules can also be done on a individual basis by
+ setting the TZ envirionment variable appropriately. See your OS's documentation
+ for more details.
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-04 23:46:44 +0000