[deployment-guide/comm-rel: 144/727] Corrections in the 8.2 section.

[Jaromir Hradilek]

commit 9ce1f0d47bf809cd6c93ccd05bc22e99964abcb3
Author: Adam Tkac <atkac at redhat.com>
Date:   Thu Jul 8 16:51:48 2010 +0200

    Corrections in the 8.2 section.

 en-US/The_BIND_DNS_Server.xml |   24 +++++++++++++++++++++++-
 1 files changed, 23 insertions(+), 1 deletions(-)
---
diff --git a/en-US/The_BIND_DNS_Server.xml b/en-US/The_BIND_DNS_Server.xml
index 4c3e281..a30bdcd 100644
--- a/en-US/The_BIND_DNS_Server.xml
+++ b/en-US/The_BIND_DNS_Server.xml
@@ -339,7 +339,11 @@ options {
 	allow-query-cache { red-hats; };
 }
 </screen>
-        <para>This example contains two access control lists, <command>black-hats</command> and <command>red-hats</command>. Hosts in the <command>black-hats</command> list are denied access to the nameserver, while hosts in the <command>red-hats</command> list are given normal access.</para>
+        <para>This example contains two access control lists, <command>black-hats</command> and <command>red-hats</command>. Hosts in the <command>black-hats</command> list are on the blacklist, while hosts in the <command>red-hats</command> list are given normal access.</para>
+        <important>
+          <title>Important</title>
+          <para>It is recommended to restrict recursive DNS services for only a particular subset of clients via allow-query-cache option. Otherwise nameserver will be easy target for DDoS attack.</para>
+        </important>
       </section>
       <section
         id="s3-bind-namedconf-state-inc">
@@ -511,6 +515,24 @@ server is a master server for the zone.</para>
               <para>Specifies an alternate location for statistics files. By default, <command>named</command> statistics are saved to the <filename>/var/named/named.stats</filename> file.</para>
             </listitem>
           </varlistentry>
+          <varlistentry>
+            <term>
+              <command>dnssec-enable</command>
+            </term>
+            <listitem>
+              <para>Specifies if <command>named</command> returns DNSSEC related RRs. The default is <command>yes</command>.</para>
+              <screen>options { dnssec-enable yes; };</screen>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>
+              <command>dnssec-validation</command>
+            </term>
+            <listitem>
+              <para>Specifies if <command>named</command> should prove that RRs are authentic via DNSSEC. The default is <command>yes</command>.</para>
+              <screen>options { dnssec-validation yes; };</screen>
+            </listitem>
+          </varlistentry>
         </variablelist>
 				<!-- RHEL5:   ddomingo at redhat.com: above <variablelist> replaces below <itemizedlist>:
 				<itemizedlist>