Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6]: src/external/bsd/bind/dist Pull up following revision(s) (req...
details: https://anonhg.NetBSD.org/src/rev/8c7f43903da6
branches: netbsd-6
changeset: 776909:8c7f43903da6
user: msaitoh <msaitoh%NetBSD.org@localhost>
date: Mon Feb 23 06:59:54 2015 +0000
description:
Pull up following revision(s) (requested by spz in ticket #1259):
external/bsd/bind/dist/CHANGES patch
external/bsd/bind/dist/README patch
external/bsd/bind/dist/srcid patch
external/bsd/bind/dist/version patch
external/bsd/bind/dist/bin/tests/system/ans.pl patch
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html patch
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html patch
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html patch
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html patch
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html patch
external/bsd/bind/dist/doc/arm/Bv9ARM.html patch
external/bsd/bind/dist/doc/arm/man.arpaname.html patch
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html patch
external/bsd/bind/dist/doc/arm/man.dig.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html patch
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html patch
external/bsd/bind/dist/doc/arm/man.genrandom.html patch
external/bsd/bind/dist/doc/arm/man.host.html patch
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html patch
external/bsd/bind/dist/doc/arm/man.named-checkconf.html patch
external/bsd/bind/dist/doc/arm/man.named-checkzone.html patch
external/bsd/bind/dist/doc/arm/man.named-journalprint.html patch
external/bsd/bind/dist/doc/arm/man.named.html patch
external/bsd/bind/dist/doc/arm/man.nsec3hash.html patch
external/bsd/bind/dist/doc/arm/man.nsupdate.html patch
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html patch
external/bsd/bind/dist/doc/arm/man.rndc.conf.html patch
external/bsd/bind/dist/doc/arm/man.rndc.html patch
external/bsd/bind/dist/lib/dns/api patch
external/bsd/bind/dist/lib/dns/zone.c patch
Security patch for bind from ISC (to 9.9.6-P2).
Only the change to lib/dns/zone.c is security relevant
(CVE-2015-1349).
diffstat:
external/bsd/bind/dist/CHANGES | 9 +
external/bsd/bind/dist/README | 10 +
external/bsd/bind/dist/bin/tests/system/ans.pl | 24 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html | 96 ++--
external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html | 87 ++--
external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html | 12 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html | 16 +-
external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html | 218 ++++++------
external/bsd/bind/dist/doc/arm/Bv9ARM.html | 98 ++--
external/bsd/bind/dist/doc/arm/man.arpaname.html | 6 +-
external/bsd/bind/dist/doc/arm/man.ddns-confgen.html | 8 +-
external/bsd/bind/dist/doc/arm/man.dig.html | 18 +-
external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html | 10 +-
external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html | 10 +-
external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html | 14 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html | 14 +-
external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html | 8 +-
external/bsd/bind/dist/doc/arm/man.dnssec-settime.html | 12 +-
external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html | 10 +-
external/bsd/bind/dist/doc/arm/man.dnssec-verify.html | 8 +-
external/bsd/bind/dist/doc/arm/man.genrandom.html | 8 +-
external/bsd/bind/dist/doc/arm/man.host.html | 8 +-
external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html | 8 +-
external/bsd/bind/dist/doc/arm/man.named-checkconf.html | 10 +-
external/bsd/bind/dist/doc/arm/man.named-checkzone.html | 10 +-
external/bsd/bind/dist/doc/arm/man.named-journalprint.html | 6 +-
external/bsd/bind/dist/doc/arm/man.named.html | 14 +-
external/bsd/bind/dist/doc/arm/man.nsec3hash.html | 8 +-
external/bsd/bind/dist/doc/arm/man.nsupdate.html | 12 +-
external/bsd/bind/dist/doc/arm/man.rndc-confgen.html | 10 +-
external/bsd/bind/dist/doc/arm/man.rndc.conf.html | 10 +-
external/bsd/bind/dist/doc/arm/man.rndc.html | 12 +-
external/bsd/bind/dist/lib/dns/api | 2 +-
external/bsd/bind/dist/lib/dns/zone.c | 10 +-
external/bsd/bind/dist/srcid | 2 +-
external/bsd/bind/dist/version | 2 +-
37 files changed, 435 insertions(+), 397 deletions(-)
diffs (truncated from 2796 to 300 lines):
diff -r 0ae870605ff9 -r 8c7f43903da6 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES Sat Feb 21 13:12:01 2015 +0000
+++ b/external/bsd/bind/dist/CHANGES Mon Feb 23 06:59:54 2015 +0000
@@ -1,3 +1,12 @@
+ --- 9.9.6-P2 released ---
+
+4053. [security] Revoking a managed trust anchor and supplying
+ an untrusted replacement could cause named
+ to crash with an assertion failure.
+ (CVE-2015-1349) [RT #38344]
+
+4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
+
--- 9.9.6-P1 released ---
4006. [security] A flaw in delegation handling could be exploited
diff -r 0ae870605ff9 -r 8c7f43903da6 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README Sat Feb 21 13:12:01 2015 +0000
+++ b/external/bsd/bind/dist/README Mon Feb 23 06:59:54 2015 +0000
@@ -51,6 +51,16 @@
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
+BIND 9.9.6-P2
+
+ BIND 9.9.6-P2 is a security release and addresses the security
+ flaw described in CVE-2015-1349.
+
+BIND 9.9.6-P1
+
+ BIND 9.9.6-P1 is a security release and addresses the security
+ flaw described in CVE-2014-8500.
+
BIND 9.9.6
BIND 9.9.6 is a maintenance release, and also includes
diff -r 0ae870605ff9 -r 8c7f43903da6 external/bsd/bind/dist/bin/tests/system/ans.pl
--- a/external/bsd/bind/dist/bin/tests/system/ans.pl Sat Feb 21 13:12:01 2015 +0000
+++ b/external/bsd/bind/dist/bin/tests/system/ans.pl Mon Feb 23 06:59:54 2015 +0000
@@ -327,6 +327,8 @@
my $qclass = $questions[0]->qclass;
my $id = $request->header->id;
+ my $opaque;
+
my $packet = new Net::DNS::Packet($qname, $qtype, $qclass);
$packet->header->qr(1);
$packet->header->aa(1);
@@ -336,9 +338,11 @@
my $prev_tsig;
my $signer;
my $continuation = 0;
- while (my $rr = $request->pop("additional")) {
- if ($rr->type eq "TSIG") {
- $prev_tsig = $rr;
+ if ($Net::DNS::VERSION < 0.81) {
+ while (my $rr = $request->pop("additional")) {
+ if ($rr->type eq "TSIG") {
+ $prev_tsig = $rr;
+ }
}
}
@@ -356,7 +360,7 @@
foreach $a (@{$r->{answer}}) {
$packet->push("answer", $a);
}
- if(defined($key_name) && defined($key_data)) {
+ if (defined($key_name) && defined($key_data)) {
my $tsig;
# sign the packet
print " Signing the data with " .
@@ -365,6 +369,8 @@
if ($Net::DNS::VERSION < 0.69) {
$tsig = Net::DNS::RR->new(
"$key_name TSIG $key_data");
+ } elsif ($Net::DNS::VERSION >= 0.81 &&
+ $continuation) {
} elsif ($Net::DNS::VERSION >= 0.75 &&
$continuation) {
$tsig = $prev_tsig;
@@ -394,7 +400,7 @@
$prev_tsig->mac);
$tsig->{"request_mac"} =
unpack("H*", $rmac);
- } else {
+ } elsif ($Net::DNS::VERSION < 0.81) {
$tsig->request_mac(
$prev_tsig->mac);
}
@@ -404,7 +410,13 @@
$tsig->continuation($continuation) if
($Net::DNS::VERSION >= 0.71 &&
$Net::DNS::VERSION <= 0.74 );
- $packet->sign_tsig($tsig);
+ if ($Net::DNS::VERSION < 0.81) {
+ $packet->sign_tsig($tsig);
+ } elsif ($continuation) {
+ $opaque = $packet->sign_tsig($opaque);
+ } else {
+ $opaque = $packet->sign_tsig($request);
+ }
$signer = \&sign_tcp_continuation
if ($Net::DNS::VERSION < 0.70);
$continuation = 1;
diff -r 0ae870605ff9 -r 8c7f43903da6 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Sat Feb 21 13:12:01 2015 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html Mon Feb 23 06:59:54 2015 +0000
@@ -70,33 +70,33 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609345">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563643">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563680">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563920">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563957">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563970">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564003">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2581915">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2581925">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2581934">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2581947">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608745">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608755">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609283">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563718">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563926">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564032">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564044">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564077">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583628">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583638">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583648">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583660">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583766">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583776">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582096">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582118">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583945">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583831">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612122">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610030">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612545">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612576">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636531">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636577">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612129">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609969">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612483">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612582">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636537">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636583">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571499">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
@@ -1074,7 +1074,7 @@
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2609345"></a>Converting from insecure to secure</h3></div></div></div></div>
+<a name="id2609283"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1100,7 +1100,7 @@
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563643"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563718"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1136,7 +1136,7 @@
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563680"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563754"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@@ -1192,7 +1192,7 @@
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563920"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563926"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1233,12 +1233,12 @@
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563957"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2564032"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563970"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2564044"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1260,7 +1260,7 @@
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564003"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2564077"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@@ -1275,27 +1275,27 @@
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2581915"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2583628"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2581925"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2583638"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2581934"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2583648"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2581947"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2583660"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1310,14 +1310,14 @@
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2608745"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2583766"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2608755"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2583776"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@@ -1339,7 +1339,7 @@
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2582096"></a>Validating Resolver</h3></div></div></div>
+<a name="id2583945"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1350,7 +1350,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2582118"></a>Authoritative Server</h3></div></div></div>
+<a name="id2583831"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1424,7 +1424,7 @@
Debian Linux, Solaris x86 and Windows Server 2003.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2612122"></a>Prerequisites</h3></div></div></div>
+<a name="id2612129"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@@ -1503,7 +1503,7 @@
Home |
Main Index |
Thread Index |
Old Index