Update the section on named (currently 29.6):

1. s/Internet Software Consortium/Internet Systems Consortium/ 2. Tighten up a few sections, improve wording, modernize terminology 3. Remove references to the make-localhost program which is long gone [1] 4. Update the included named.conf file to match current reality 5. Change all references to default TTL in the example zone files to refer to the TTL for a negative response 6. Simplify the CNAME example 7. Update URLs PR: docs/122604 [1] Submitted by: keramida [1]
svn path=/head/; revision=34282
2009-05-17 02:45:49 +00:00 · 2009-05-17 02:45:49 +00:00 · 06864915c7 · 2020-12-08 03:00:23 +00:00
commit 06864915c7
parent f5ed1eaf48
1 changed files with 239 additions and 111 deletions
--- a/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/network-servers/chapter.sgml
@ -2532,13 +2532,13 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
        <see>DHCP</see>
      </indexterm>
      <indexterm>
-        <primary>Internet Software Consortium (ISC)</primary>
+        <primary>Internet Systems Consortium (ISC)</primary>
      </indexterm>
      <para>DHCP, the Dynamic Host Configuration Protocol, describes
        the means by which a system can connect to a network and obtain the
        necessary information for communication upon that network.  FreeBSD
-	versions prior to 6.0 use the ISC (Internet Software
+	versions prior to 6.0 use the ISC (Internet Systems
 	Consortium) DHCP client (&man.dhclient.8;) implementation.
 	Later versions use the OpenBSD <command>dhclient</command>
 	taken from OpenBSD&nbsp;3.7.  All
@ -2724,7 +2724,7 @@ dhclient_flags=""</programlisting>
 	  <para>This section provides information on how to configure
 	    a FreeBSD system to act as a DHCP server using the ISC
-	    (Internet Software Consortium) implementation of the DHCP
+	    (Internet Systems Consortium) implementation of the DHCP
 	    server.</para>
 	  <para>The server is not provided as part of
@ -2997,8 +2997,8 @@ dhcpd_ifaces="dc0"</programlisting>
 	information.</para>
      <para>Currently, BIND is maintained by the
-	Internet Software Consortium
+	Internet Systems Consortium
-	<ulink url="http://www.isc.org/"></ulink>.</para>
+	<ulink url="https://www.isc.org/"></ulink>.</para>
    </sect2>
    <sect2>
@ -3036,7 +3036,7 @@ dhcpd_ifaces="dc0"</programlisting>
 	    </row>
 	    <row>
-	      <entry><application>named</application>, BIND, name server</entry>
+	      <entry><application>named</application>, BIND</entry>
 	      <entry>Common names for the BIND name server package within
 		&os;.</entry>
 	    </row>
@ -3049,8 +3049,7 @@ dhcpd_ifaces="dc0"</programlisting>
 	    <row>
 	      <entry>Reverse <acronym>DNS</acronym></entry>
-	      <entry>The opposite of forward <acronym>DNS</acronym>;
+	      <entry>Mapping of <acronym>IP</acronym> addresses to
 		mapping of <acronym>IP</acronym> addresses to
 		hostnames.</entry>
 	    </row>
@ -3082,7 +3081,8 @@ dhcpd_ifaces="dc0"</programlisting>
      <itemizedlist>
 	<listitem>
-	  <para><hostid>.</hostid> is the root zone.</para>
+	  <para><hostid>.</hostid> is how the root zone is usually
 	    referred to in documentation.</para>
 	</listitem>
 	<listitem>
@ -3100,7 +3100,7 @@ dhcpd_ifaces="dc0"</programlisting>
 	  <para><hostid>1.168.192.in-addr.arpa</hostid> is a zone
 	    referencing all <acronym>IP</acronym> addresses which fall
 	    under the <hostid role="ipaddr">192.168.1.*</hostid>
-	    <acronym>IP</acronym> space.</para>
+	    <acronym>IP</acronym> address space.</para>
 	</listitem>
      </itemizedlist>
@ -3171,7 +3171,7 @@ dhcpd_ifaces="dc0"</programlisting>
    <sect2>
      <title>How It Works</title>
      <para>In &os;, the BIND daemon is called
-	<application>named</application> for obvious reasons.</para>
+	<application>named</application>.</para>
      <informaltable frame="none" pgwide="1">
 	<tgroup cols="2">
@ -3228,10 +3228,12 @@ dhcpd_ifaces="dc0"</programlisting>
      <para>The default <application>named</application> configuration
 	is that of a basic resolving name server, running in a
-	&man.chroot.8; environment.  To start the server one time with
+	&man.chroot.8; environment, and restricted to listening on
 	the local IPv4 loopback address (127.0.0.1).
 	To start the server one time with
 	this configuration, use the following command:</para>
-      <screen>&prompt.root; <userinput>/etc/rc.d/named forcestart</userinput></screen>
+      <screen>&prompt.root; <userinput>/etc/rc.d/named onestart</userinput></screen>
      <para>To ensure the <application>named</application> daemon is
         started at boot each time, put the following line into the
@ -3260,28 +3262,10 @@ dhcpd_ifaces="dc0"</programlisting>
      <para>Configuration files for <application>named</application>
 	currently reside in
 	<filename class="directory">/etc/namedb</filename> directory and
-	will need modification before use, unless all that is needed is
+	will need modification before use unless all that is needed is
 	a simple resolver.  This is where most of the configuration will
 	be performed.</para>
      <sect3>
 	<title>Using <command>make-localhost</command></title>
 	<para>To configure a master zone for the localhost visit the
 	  <filename class="directory">/etc/namedb</filename> directory
 	  and run the following command:</para>
 	<screen>&prompt.root; <userinput>sh make-localhost</userinput></screen>
 	<para>If all went well, a new file should exist in the
 	  <filename class="directory">master</filename> subdirectory.
 	  The filenames should be <filename>localhost.rev</filename> for
 	  the local domain name and <filename>localhost-v6.rev</filename>
 	  for <acronym>IPv6</acronym> configurations.  As the default
 	  configuration file, required information will
 	  be present in the <filename>named.conf</filename> file.</para>
      </sect3>
      <sect3>
 	<title><filename>/etc/namedb/named.conf</filename></title>
@ -3296,6 +3280,7 @@ dhcpd_ifaces="dc0"</programlisting>
 // or cause huge amounts of useless Internet traffic.
 options {
 	// Relative to the chroot directory, if any
 	directory	"/etc/namedb";
 	pid-file	"/var/run/named/pid";
 	dump-file	"/var/dump/named_dump.db";
@ -3311,11 +3296,11 @@ options {
 // an IPv6 address, or the keyword "any".
 //	listen-on-v6	{ ::1; };
-// In addition to the "forwarders" clause, you can force your name
+// These zones are already covered by the empty zones listed below.
-// server to never initiate queries of its own, but always ask its
+// If you remove the related empty zones below, comment these lines out.
-// forwarders only, by enabling the following line:
+	disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
-//
+	disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
-//	forward only;
+	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
@ -3324,7 +3309,21 @@ options {
 	forwarders {
 		127.0.0.1;
 	};
-*/</programlisting>
+*/
 // If the 'forwarders' clause is not empty the default is to 'forward first'
 // which will fall back to sending a query from your local server if the name
 // servers in 'forwarders' do not have the answer.  Alternatively you can
 // force your name server to never initiate queries of its own by enabling the
 // following line:
 //	forward only;
 // If you wish to have forwarding configured automatically based on
 // the entries in /etc/resolv.conf, uncomment the following line and
 // set named_auto_forward=yes in /etc/rc.conf.  You can also enable
 // named_auto_forward_only (the effect of which is described above).
 //	include "/etc/namedb/auto_forward.conf";
 </programlisting>
 	<para>Just as the comment says, to benefit from an uplink's
 	  cache, <literal>forwarders</literal> can be enabled here.
@ -3344,34 +3343,187 @@ options {
 	</warning>
 	<programlisting>	/*
-	 * If there is a firewall between you and nameservers you want
+	   Modern versions of BIND use a random UDP port for each outgoing
-	 * to talk to, you might need to uncomment the query-source
+	   query by default in order to dramatically reduce the possibility
-	 * directive below.  Previous versions of BIND always asked
+	   of cache poisoning.  All users are strongly encouraged to utilize
-	 * questions using port 53, but BIND versions 8 and later
+	   this feature, and to configure their firewalls to accommodate it.
-	 * use a pseudo-random unprivileged UDP port by default.
+
-	 */
+	   AS A LAST RESORT in order to get around a restrictive firewall
-	 // query-source address * port 53;
+	   policy you can try enabling the option below.  Use of this option
 	   will significantly reduce your ability to withstand cache poisoning
 	   attacks, and should be avoided if at all possible.
 	   Replace NNNNN in the example with a number between 49160 and 65530.
 	*/
 	// query-source address * port NNNNN;
 };
 // If you enable a local name server, don't forget to enter 127.0.0.1
 // first in your /etc/resolv.conf so this server will be queried.
 // Also, make sure to enable it in /etc/rc.conf.
 // The traditional root hints mechanism. Use this, OR the slave zones below.
 zone "." { type hint; file "named.root"; };
 /*	Slaving the following zones from the root name servers has some
 	significant advantages:
 	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 	3. Greater resilience to any potential root server failure/DDoS
 	On the other hand, this method requires more monitoring than the
 	hints file to be sure that an unexpected failure mode has not
 	incapacitated your server.  Name servers that are serving a lot
 	of clients will benefit more from this approach than individual
 	hosts.  Use with caution.
 	To use this mechanism, uncomment the entries below, and comment
 	the hint zone above.
 */
 /*
 zone "." {
-	type hint;
+	type slave;
-	file "named.root";
+	file "slave/root.slave";
 	masters {
 		192.5.5.241;	// F.ROOT-SERVERS.NET.
 	};
 	notify no;
 };
 zone "arpa" {
 	type slave;
 	file "slave/arpa.slave";
 	masters {
 		192.5.5.241;	// F.ROOT-SERVERS.NET.
 	};
 	notify no;
 };
 zone "in-addr.arpa" {
 	type slave;
 	file "slave/in-addr.arpa.slave";
 	masters {
 		192.5.5.241;	// F.ROOT-SERVERS.NET.
 	};
 	notify no;
 };
 */
-zone "0.0.127.IN-ADDR.ARPA" {
+/*	Serving the following zones locally will prevent any queries
-	type master;
+	for these zones leaving your network and going to the root
-	file "master/localhost.rev";
+	name servers.  This has two significant advantages:
-};
+	1. Faster local resolution for your users
 	2. No spurious traffic will be sent from your network to the roots
 */
 // RFC 1912
 zone "localhost"	{ type master; file "master/localhost-forward.db"; };
 zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db"; };
 zone "255.in-addr.arpa"	{ type master; file "master/empty.db"; };
-// RFC 3152
+// RFC 1912-style zone for IPv6 localhost address
-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" {
+zone "0.ip6.arpa"	{ type master; file "master/localhost-reverse.db"; };
-	type master;
+
-	file "master/localhost-v6.rev";
+// "This" Network (RFCs 1912 and 3330)
-};
+zone "0.in-addr.arpa"		{ type master; file "master/empty.db"; };
 // Private Use Networks (RFC 1918)
 zone "10.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "16.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "17.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "18.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "19.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "20.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "21.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "22.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "23.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "24.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "25.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "26.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "27.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "28.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "29.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "30.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "31.172.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "168.192.in-addr.arpa"	{ type master; file "master/empty.db"; };
 // Link-local/APIPA (RFCs 3330 and 3927)
 zone "254.169.in-addr.arpa"	{ type master; file "master/empty.db"; };
 // TEST-NET for Documentation (RFC 3330)
 zone "2.0.192.in-addr.arpa"	{ type master; file "master/empty.db"; };
 // Router Benchmark Testing (RFC 3330)
 zone "18.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
 zone "19.198.in-addr.arpa"	{ type master; file "master/empty.db"; };
 // IANA Reserved - Old Class E Space
 zone "240.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "241.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "242.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "243.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "244.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "245.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "246.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "247.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "248.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "249.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "250.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "251.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "252.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "253.in-addr.arpa"		{ type master; file "master/empty.db"; };
 zone "254.in-addr.arpa"		{ type master; file "master/empty.db"; };
 // IPv6 Unassigned Addresses (RFC 4291)
 zone "1.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "3.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "4.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "5.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "6.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "7.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "8.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "9.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "a.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "b.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "c.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "d.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "e.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "0.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "1.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "2.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "3.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "4.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "5.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "6.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "7.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "8.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "9.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "a.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "b.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "0.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "1.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "2.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "3.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "4.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "5.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "6.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "7.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 // IPv6 ULA (RFC 4193)
 zone "c.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "d.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 // IPv6 Link Local (RFC 4291)
 zone "8.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "9.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "a.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "b.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 // IPv6 Deprecated Site-Local Addresses (RFC 3879)
 zone "c.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "d.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "e.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 zone "f.e.f.ip6.arpa"		{ type master; file "master/empty.db"; };
 // IP6.INT is Deprecated (RFC 4159)
 zone "ip6.int"			{ type master; file "master/empty.db"; };
 // NB: Do not use the IP addresses below, they are faked, and only
 // serve demonstration/documentation purposes!
@ -3379,26 +3531,19 @@ zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
 // Example slave zone config entries.  It can be convenient to become
 // a slave at least for the zone your own domain is in.  Ask
 // your network administrator for the IP address of the responsible
-// primary.
+// master name server.
 //
-// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
+// Do not forget to include the reverse lookup zone!
-// (This is named after the first bytes of the IP address, in reverse
+// This is named after the first bytes of the IP address, in reverse
-// order, with ".IN-ADDR.ARPA" appended.)
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
 //
-// Before starting to set up a primary zone, make sure you fully
+// Before starting to set up a master zone, make sure you fully
-// understand how DNS and BIND works.  There are sometimes
+// understand how DNS and BIND work.  There are sometimes
-// non-obvious pitfalls.  Setting up a slave zone is simpler.
+// non-obvious pitfalls.  Setting up a slave zone is usually simpler.
 //
 // NB: Don't blindly enable the examples below. :-)  Use actual names
 // and addresses instead.
 /* An example master zone
 zone "example.net" {
 	type master;
 	file "master/example.net";
 };
 */
 /* An example dynamic zone
 key "exampleorgkey" {
 	algorithm hmac-md5;
@ -3413,14 +3558,7 @@ zone "example.org" {
 };
 */
-/* Examples of forward and reverse slave zones
+/* Example of a slave reverse zone
 zone "example.com" {
 	type slave;
 	file "slave/example.com";
 	masters {
 		192.168.1.1;
 	};
 };
 zone "1.168.192.in-addr.arpa" {
 	type slave;
 	file "slave/1.168.192.in-addr.arpa";
@ -3475,13 +3613,13 @@ zone "1.168.192.in-addr.arpa" {
 	  <filename>/etc/namedb/master/example.org</filename>) is as
 	  follows:</para>
-	<programlisting>&dollar;TTL 3600        ; 1 hour
+	<programlisting>&dollar;TTL 3600        ; 1 hour default TTL
 example.org.    IN      SOA      ns1.example.org. admin.example.org. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
-                                86400           ; Minimum TTL
+                                300             ; Negative Reponse TTL
                        )
 ; DNS Servers
@ -3502,17 +3640,14 @@ mx              IN      A       192.168.1.4
 mail            IN      A       192.168.1.5
 ; Aliases
-www             IN      CNAME   @</programlisting>
+www             IN      CNAME   example.org.<programlisting>
        <para>
          Note that every hostname ending in a <quote>.</quote> is an
          exact hostname, whereas everything without a trailing
-          <quote>.</quote> is referenced to the origin.  For example,
+          <quote>.</quote> is relative to the origin.  For example,
-          <literal>www</literal> is translated into
+          <literal>ns1</literal> is translated into
-          <literal>www.<replaceable>origin</replaceable></literal>.
+          <literal>ns1.<replaceable>example.org.</replaceable></literal>
          In our fictitious zone file, our origin is
          <hostid>example.org.</hostid>, so <literal>www</literal>
          would translate to <hostid>www.example.org.</hostid>
        </para>
        <para>
@ -3573,9 +3708,7 @@ example.org. IN SOA ns1.example.org. admin.example.org. (
                        10800           ; Refresh after 3 hours
                        3600            ; Retry after 1 hour
                        604800          ; Expire after 1 week
-                        86400 )         ; Minimum TTL of 1 day</programlisting>
+                        300 )           ; Negative Reponse TTL</programlisting>
 	<variablelist>
 	  <varlistentry>
@ -3653,12 +3786,12 @@ www             IN CNAME        @</programlisting>
        <para>
          The canonical name record is usually used for giving aliases
          to a machine.  In the example, <hostid>www</hostid> is
-          aliased to the <quote>master</quote> machine which name equals
+          aliased to the <quote>master</quote> machine whose name happens
-          to domain name <hostid role="domainname">example.org</hostid>
+          to be the same as the domain name
          <hostid role="domainname">example.org</hostid>
          (<hostid role="ipaddr">192.168.1.1</hostid>).
-          CNAMEs can be used to provide alias
+          CNAMEs can never be used together with another kind of record
-          hostnames, or round robin one hostname among multiple
+	  for the same hostname.
          machines.
        </para>
 	<indexterm>
@ -3698,7 +3831,7 @@ www             IN CNAME        @</programlisting>
                        10800           ; Refresh
                        3600            ; Retry
                        604800          ; Expire
-                        3600 )          ; Minimum
+                        300 )           ; Negative Reponse TTL
        IN      NS      ns1.example.org.
        IN      NS      ns2.example.org.
@ -3711,6 +3844,9 @@ www             IN CNAME        @</programlisting>
        <para>This file gives the proper IP address to hostname
          mappings of our above fictitious domain.</para>
 	<para>It is worth noting that all names on the right side
 	  of a PTR record need to be fully qualified (i.e., end in
 	  a <quote>.</quote>).</para>
      </sect3>
    </sect2>
@ -3721,11 +3857,9 @@ www             IN CNAME        @</programlisting>
        <secondary>caching name server</secondary>
      </indexterm>
-      <para>A caching name server is a name server that is not
+      <para>A caching name server is a name server whose primary role
-        authoritative for any zones.  It simply asks queries of its
+	is to resolve recursive queries.  It simply asks queries of its
-        own, and remembers them for later use.  To set one up, just
+        own, and remembers the answers for later use.</para>
        configure the name server as usual, omitting any inclusions of
        zones.</para>
    </sect2>
    <sect2>
@ -3763,22 +3897,16 @@ www             IN CNAME        @</programlisting>
      <itemizedlist>
 	<listitem>
 	  <para><ulink
-	      url="http://www.isc.org/products/BIND/">Official ISC BIND
+	      url="https://www.isc.org/software/bind">Official ISC BIND
 	      Page</ulink></para>
 	</listitem>
 	<listitem>
 	  <para><ulink
-	      url="http://www.isc.org/sw/guild/bf/">Official ISC BIND
+	      url="https://www.isc.org/software/guild">Official ISC BIND
 	      Forum</ulink></para>
 	</listitem>
 	<listitem>
 	  <para><ulink
 	      url="http://www.isc.org/index.pl?/sw/bind/FAQ.php">
 	      BIND9 FAQ</ulink></para>
 	</listitem>
 	<listitem>
 	  <para><ulink url="http://www.oreilly.com/catalog/dns5/">O'Reilly
 	      DNS and BIND 5th Edition</ulink></para>
@ -3786,13 +3914,13 @@ www             IN CNAME        @</programlisting>
 	<listitem>
 	  <para><ulink
-	      url="ftp://ftp.isi.edu/in-notes/rfc1034.txt">RFC1034
+	      url="http://www.rfc-editor.org/rfc/rfc1034.txt">RFC1034
 	      - Domain Names - Concepts and Facilities</ulink></para>
 	</listitem>
 	<listitem>
 	  <para><ulink
-	      url="ftp://ftp.isi.edu/in-notes/rfc1035.txt">RFC1035
+	      url="http://www.rfc-editor.org/rfc/rfc1035.txt">RFC1035
 	      - Domain Names - Implementation and Specification</ulink></para>
 	</listitem>
      </itemizedlist>