[deployment-guide/comm-rel: 144/727] Corrections in the 8.2 section.
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 12:36:22 UTC 2010
commit 9ce1f0d47bf809cd6c93ccd05bc22e99964abcb3
Author: Adam Tkac <atkac at redhat.com>
Date: Thu Jul 8 16:51:48 2010 +0200
Corrections in the 8.2 section.
en-US/The_BIND_DNS_Server.xml | 24 +++++++++++++++++++++++-
1 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/en-US/The_BIND_DNS_Server.xml b/en-US/The_BIND_DNS_Server.xml
index 4c3e281..a30bdcd 100644
--- a/en-US/The_BIND_DNS_Server.xml
+++ b/en-US/The_BIND_DNS_Server.xml
@@ -339,7 +339,11 @@ options {
allow-query-cache { red-hats; };
}
</screen>
- <para>This example contains two access control lists, <command>black-hats</command> and <command>red-hats</command>. Hosts in the <command>black-hats</command> list are denied access to the nameserver, while hosts in the <command>red-hats</command> list are given normal access.</para>
+ <para>This example contains two access control lists, <command>black-hats</command> and <command>red-hats</command>. Hosts in the <command>black-hats</command> list are on the blacklist, while hosts in the <command>red-hats</command> list are given normal access.</para>
+ <important>
+ <title>Important</title>
+ <para>It is recommended to restrict recursive DNS services for only a particular subset of clients via allow-query-cache option. Otherwise nameserver will be easy target for DDoS attack.</para>
+ </important>
</section>
<section
id="s3-bind-namedconf-state-inc">
@@ -511,6 +515,24 @@ server is a master server for the zone.</para>
<para>Specifies an alternate location for statistics files. By default, <command>named</command> statistics are saved to the <filename>/var/named/named.stats</filename> file.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <command>dnssec-enable</command>
+ </term>
+ <listitem>
+ <para>Specifies if <command>named</command> returns DNSSEC related RRs. The default is <command>yes</command>.</para>
+ <screen>options { dnssec-enable yes; };</screen>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <command>dnssec-validation</command>
+ </term>
+ <listitem>
+ <para>Specifies if <command>named</command> should prove that RRs are authentic via DNSSEC. The default is <command>yes</command>.</para>
+ <screen>options { dnssec-validation yes; };</screen>
+ </listitem>
+ </varlistentry>
</variablelist>
<!-- RHEL5: ddomingo at redhat.com: above <variablelist> replaces below <itemizedlist>:
<itemizedlist>
More information about the docs-commits
mailing list