Initial shuffle of the DHCP section. This patch does the following:

- fixes acronym tags for DHCP, IP, and UDP
- removes superfluous headings
- shuffles existing content to organize it into a client section and a server section
- replaces deprecated dhcp.org address

Subsequent patches will clean up the white space and then move on to review and clarify the content in this section.
This commit is contained in:
Dru Lavigne 2013-10-16 19:40:27 +00:00
parent 28378719d4
commit 7f49336cd6
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=42976

View file

@ -200,7 +200,7 @@
<literal>inetd_flags</literal> is set to
<literal>-wW -C 60</literal>, which turns on TCP wrapping for
<application>inetd</application>'s services, and prevents any
single IP address from requesting any service more than 60
single <acronym>IP</acronym> address from requesting any service more than 60
times in any given minute.</para>
<para>Although we mention rate-limiting options below, novice
@ -227,7 +227,7 @@
<listitem>
<para>Specify the default maximum number of times a
service can be invoked from a single IP address in one
service can be invoked from a single <acronym>IP</acronym> address in one
minute; the default is unlimited. May be overridden on
a per-service basis with the
<option>max-connections-per-ip-per-minute</option>
@ -250,7 +250,7 @@
<listitem>
<para>Specify the maximum number of times a service can be
invoked from a single IP address at any one time; the
invoked from a single <acronym>IP</acronym> address at any one time; the
default is unlimited. May be overridden on a
per-service basis with the
<option>max-child-per-ip</option> parameter.</para>
@ -347,7 +347,7 @@ server-program-arguments</programlisting>
<row>
<entry>udp, udp4</entry>
<entry>UDP IPv4</entry>
<entry><acronym>UDP</acronym> IPv4</entry>
</row>
<row>
@ -357,7 +357,7 @@ server-program-arguments</programlisting>
<row>
<entry>udp6</entry>
<entry>UDP IPv6</entry>
<entry><acronym>UDP</acronym> IPv6</entry>
</row>
<row>
@ -367,7 +367,7 @@ server-program-arguments</programlisting>
<row>
<entry>udp46</entry>
<entry>Both UDP IPv4 and v6</entry>
<entry>Both <acronym>UDP</acronym> IPv4 and v6</entry>
</row>
</tbody>
</tgroup>
@ -403,12 +403,12 @@ server-program-arguments</programlisting>
options which limit the maximum connections from a
single place to a particular daemon can be enabled.
<option>max-connections-per-ip-per-minute</option>
limits the number of connections from any particular IP
limits the number of connections from any particular <acronym>IP</acronym>
address per minutes, e.g., a value of ten would limit
any particular IP address connecting to a particular
any particular <acronym>IP</acronym> address connecting to a particular
service to ten attempts per minute.
<option>max-child-per-ip</option> limits the number of
children that can be started on behalf on any single IP
children that can be started on behalf on any single <acronym>IP</acronym>
address at any moment. These options are useful to
prevent intentional or unintentional excessive resource
consumption and Denial of Service (DoS) attacks to a
@ -430,7 +430,7 @@ server-program-arguments</programlisting>
would read: <literal>nowait/10</literal>.</para>
<para>The same setup with a limit of twenty connections
per IP address per minute and a maximum total limit of
per <acronym>IP</acronym> address per minute and a maximum total limit of
ten child daemons would read:
<literal>nowait/10/20</literal>.</para>
@ -442,7 +442,7 @@ server-program-arguments</programlisting>
<para>Finally, an example of this field with a maximum of
100 children in total, with a maximum of 5 for any one
IP address would read:
<acronym>IP</acronym> address would read:
<literal>nowait/100/0/5</literal>.</para>
</listitem>
</varlistentry>
@ -723,7 +723,7 @@ mountd_flags="-r"</programlisting>
<para>The next example exports
<filename class="directory">/home</filename> to three clients
by IP address. This can be useful for networks without
by <acronym>IP</acronym> address. This can be useful for networks without
<acronym>DNS</acronym>. Optionally,
<filename>/etc/hosts</filename> could be configured for
internal hostnames; please review &man.hosts.5; for more
@ -953,7 +953,7 @@ rpc_statd_enable="YES"</programlisting>
<application>amd</application> looks up the corresponding
remote mount and automatically mounts it.
<filename class="directory">/net</filename> is used to mount
an exported file system from an IP address, while
an exported file system from an <acronym>IP</acronym> address, while
<filename class="directory">/host</filename> is used to mount
an export from a remote hostname.</para>
@ -1251,7 +1251,7 @@ Exports list on foobar:
<thead>
<row>
<entry>Machine name</entry>
<entry>IP address</entry>
<entry><acronym>IP</acronym> address</entry>
<entry>Machine role</entry>
</row>
</thead>
@ -1768,7 +1768,7 @@ nis_client_enable="YES"</programlisting>
for providing access control instead of
<filename>securenets</filename>. While either access control
mechanism adds some security, they are both vulnerable to
<quote>IP spoofing</quote> attacks. All
<quote><acronym>IP</acronym> spoofing</quote> attacks. All
<acronym>NIS</acronym>-related traffic should be blocked at
the firewall.</para>
@ -2617,92 +2617,55 @@ result: 0 Success
</authorgroup>
</sect1info>
-->
<title>Automatic Network Configuration (DHCP)</title>
<title>Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>)</title>
<indexterm>
<primary>Dynamic Host Configuration Protocol</primary>
<see>DHCP</see>
<see><acronym>DHCP</acronym></see>
</indexterm>
<indexterm>
<primary>Internet Systems Consortium (ISC)</primary>
</indexterm>
<para>DHCP, the Dynamic Host Configuration Protocol, describes
the means by which a system can connect to a network and
obtain the necessary information for communication upon that
network. &os; uses the OpenBSD <command>dhclient</command>
taken from OpenBSD&nbsp;3.7. All information here regarding
<command>dhclient</command> is for use with either of the ISC
or OpenBSD DHCP clients. The DHCP server is the one included
in the ISC distribution.</para>
<para>The Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>) allows
a system to connect to a network in order to be assigned
the necessary addressing information for communication on that
network. &os; includes the OpenBSD version of <command>dhclient</command>
which is used by the client to obtain the addressing information.
&os; does not install a <acronym>DHCP</acronym> server, but several
servers are available in the &os; Ports Collection.
The <acronym>DHCP</acronym> protocol is fully described in
<ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
2131</ulink>. Informational resources are also available at
<ulink url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>
<para>This section describes both the client-side components of
the ISC and OpenBSD DHCP client and server-side components of
the ISC DHCP system. The client-side program,
<command>dhclient</command>, comes integrated within &os;,
and the server-side portion is available from the <filename
role="package">net/isc-dhcp42-server</filename> port. Refer to
&man.dhclient.8;, &man.dhcp-options.5;, and
&man.dhclient.conf.5;, in addition to the
references below, for more information.</para>
<para>This section describes how to use the built-in <acronym>DHCP</acronym> client.
It then describes how to install and configure a
<acronym>DHCP</acronym> server.</para>
<sect2>
<title>How It Works</title>
<sect2>
<title>Configuring a <acronym>DHCP</acronym> Client</title>
<indexterm><primary>UDP</primary></indexterm>
<para>When <command>dhclient</command>, the DHCP client, is
executed on the client machine, it begins broadcasting
requests for configuration information. By default, these
requests are on UDP port 68. The server replies on UDP 67,
giving the client an IP address and other relevant network
information such as netmask, router, and DNS servers. All of
this information comes in the form of a DHCP
<quote>lease</quote> and is only valid for a certain time
(configured by the DHCP server maintainer). In this manner,
stale IP addresses for clients no longer connected to the
network can be automatically reclaimed.</para>
<para><acronym>DHCP</acronym> client support is included in the &os;
installer, making it easy to configure a system to automatically
receive its networking addressing information from an existing
<acronym>DHCP</acronym> server.</para>
<indexterm><primary><acronym>UDP</acronym></primary></indexterm>
<para>When <command>dhclient</command> is
executed on the client machine, it begins broadcasting
requests for configuration information. By default, these
requests use <acronym>UDP</acronym> port 68. The server replies on <acronym>UDP</acronym> port 67,
giving the client an <acronym>IP</acronym> address and other relevant network
information such as a subnet mask, default gateway, and <acronym>DNS</acronym> server addresses.
This information is in the form of a <acronym>DHCP</acronym>
<quote>lease</quote> and is valid for a configurable time. This allows
stale <acronym>IP</acronym> addresses for clients no longer connected to the
network to automatically be reused.</para>
<para>DHCP clients can obtain a great deal of information from
the server. An exhaustive list may be found in
&man.dhcp-options.5;.</para>
</sect2>
<sect2>
<title>&os; Integration</title>
<para>&os; fully integrates the OpenBSD DHCP client,
<command>dhclient</command>. DHCP client support is provided
within both the installer and the base system, obviating the
need for detailed knowledge of network configurations on any
network that runs a DHCP server.</para>
<indexterm>
<primary><application>sysinstall</application></primary>
</indexterm>
<para>DHCP is supported by
<application>sysinstall</application>. When configuring a
network interface within
<application>sysinstall</application>, the second question
asked is: <quote>Do you want to try DHCP configuration of the
interface?</quote>. Answering affirmatively will execute
<command>dhclient</command>, and if successful, will fill in
the network configuration information automatically.</para>
<para>There are two things required to have the system use
DHCP upon startup:</para>
<indexterm>
<primary>DHCP</primary>
<secondary>requirements</secondary>
</indexterm>
<itemizedlist>
<listitem>
<para>Make sure that the <devicename>bpf</devicename> device
is compiled into the kernel. To do this, add
<literal>device bpf</literal> to the kernel configuration
file, and rebuild the kernel. For more information about
building kernels, see
<xref linkend="kernelconfig"/>.</para>
<para><acronym>DHCP</acronym> clients can obtain a great deal of information from
the server. An exhaustive list may be found in
&man.dhcp-options.5;.</para>
<para>The <devicename>bpf</devicename> device is already
part of the <filename>GENERIC</filename> kernel that is
@ -2719,37 +2682,35 @@ result: 0 Success
(although they still have to be run as
<username>root</username>).
<devicename>bpf</devicename> <emphasis>is</emphasis>
required to use DHCP; however, the security sensitive
required to use <acronym>DHCP</acronym>; however, the security sensitive
types should probably not add
<devicename>bpf</devicename> to the kernel in the
expectation that at some point in the future the system
will be using DHCP.</para>
will be using <acronym>DHCP</acronym>.</para>
</note>
</listitem>
<listitem>
<para>By default, DHCP configuration on &os; runs in the
<para>By default, <acronym>DHCP</acronym> configuration on &os; runs in the
background, or <firstterm>asynchronously</firstterm>.
Other startup scripts continue to run while DHCP
Other startup scripts continue to run while <acronym>DHCP</acronym>
completes, speeding up system startup.</para>
<para>Background DHCP works well when the DHCP server
responds quickly to requests and the DHCP configuration
process goes quickly. However, DHCP may take a long time
<para>Background <acronym>DHCP</acronym> works well when the <acronym>DHCP</acronym> server
responds quickly to requests and the <acronym>DHCP</acronym> configuration
process goes quickly. However, <acronym>DHCP</acronym> may take a long time
to complete on some systems. If network services attempt
to run before DHCP has completed, they will fail. Using
DHCP in <firstterm>synchronous</firstterm> mode prevents
the problem, pausing startup until DHCP configuration has
to run before <acronym>DHCP</acronym> has completed, they will fail. Using
<acronym>DHCP</acronym> in <firstterm>synchronous</firstterm> mode prevents
the problem, pausing startup until <acronym>DHCP</acronym> configuration has
completed.</para>
<para>To connect to a DHCP server in the background while
<para>To connect to a <acronym>DHCP</acronym> server in the background while
other startup continues (asynchronous mode), use the
<quote><literal>DHCP</literal></quote> value in
<filename>/etc/rc.conf</filename>:</para>
<programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
<para>To pause startup while DHCP completes, use
<para>To pause startup while <acronym>DHCP</acronym> completes, use
synchronous mode with the
<quote><literal>SYNCDHCP</literal></quote> value:</para>
@ -2769,27 +2730,14 @@ result: 0 Success
<programlisting>dhclient_program="/sbin/dhclient"
dhclient_flags=""</programlisting>
</listitem>
</itemizedlist>
<indexterm>
<primary>DHCP</primary>
<secondary>server</secondary>
</indexterm>
<para>The DHCP server, <application>dhcpd</application>, is
included as part of the
<filename role="package">net/isc-dhcp42-server</filename> port
in the ports collection. This port contains the ISC DHCP
server and documentation.</para>
</sect2>
<sect2>
<title>Files</title>
<indexterm>
<primary>DHCP</primary>
<primary><acronym>DHCP</acronym></primary>
<secondary>configuration files</secondary>
</indexterm>
<para>The <acronym>DHCP</acronym> client uses the following files:</para>
<itemizedlist>
<listitem>
<para><filename>/etc/dhclient.conf</filename></para>
@ -2812,7 +2760,7 @@ dhclient_flags=""</programlisting>
<para><filename>/sbin/dhclient-script</filename></para>
<para><command>dhclient-script</command> is the
&os;-specific DHCP client configuration script. It
&os;-specific <acronym>DHCP</acronym> client configuration script. It
is described in &man.dhclient-script.8;, but should not
need any user modification to function properly.</para>
</listitem>
@ -2820,50 +2768,47 @@ dhclient_flags=""</programlisting>
<listitem>
<para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
<para>The DHCP client keeps a database of valid leases in
<para>The <acronym>DHCP</acronym> client keeps a database of valid leases in
this file, which is written as a log.
&man.dhclient.leases.5; gives a slightly longer
description.</para>
description. Refer to
&man.dhclient.8;, &man.dhcp-options.5;, and
&man.dhclient.conf.5;, in addition to the
references below, for more information.</para>
</listitem>
</itemizedlist>
</sect2>
<sect2>
<title>Further Reading</title>
<para>The DHCP protocol is fully described in
<ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
2131</ulink>. An informational resource has also been set
up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
</sect2>
<sect2 id="network-dhcp-server">
<title>Installing and Configuring a DHCP Server</title>
<sect3>
<title>What This Section Covers</title>
<title>Installing and Configuring a <acronym>DHCP</acronym> Server</title>
<para>This section provides information on how to configure a
&os; system to act as a DHCP server using the ISC
(Internet Systems Consortium) implementation of the DHCP
&os; system to act as a <acronym>DHCP</acronym> server using the ISC
(Internet Systems Consortium) implementation of the <acronym>DHCP</acronym>
server.</para>
<indexterm>
<primary><acronym>DHCP</acronym></primary>
<secondary>server</secondary>
</indexterm>
<para>The <acronym>DHCP</acronym> server, <application>dhcpd</application>, is
included as part of the
<filename role="package">net/isc-dhcp42-server</filename> port
in the ports collection. This port contains the ISC <acronym>DHCP</acronym>
server and documentation.</para>
<para>The server is not provided as part of &os;, and so the
<filename role="package">net/isc-dhcp42-server</filename>
port must be installed to provide this service. See
<xref linkend="ports"/> for more information on using the
Ports Collection.</para>
</sect3>
<sect3>
<title>DHCP Server Installation</title>
<indexterm>
<primary>DHCP</primary>
<primary><acronym>DHCP</acronym></primary>
<secondary>installation</secondary>
</indexterm>
<para>In order to configure the &os; system as a DHCP server,
<para>In order to configure the &os; system as a <acronym>DHCP</acronym> server,
first ensure that the &man.bpf.4; device is compiled into
the kernel. To do this, add <literal>device bpf</literal>
to the kernel configuration file, and rebuild the kernel.
@ -2881,7 +2826,7 @@ dhclient_flags=""</programlisting>
that allows packet sniffers to function correctly
(although such programs still need privileged access).
The <devicename>bpf</devicename> device
<emphasis>is</emphasis> required to use DHCP, but if the
<emphasis>is</emphasis> required to use <acronym>DHCP</acronym>, but if the
sensitivity of the system's security is high, this device
should not be included in the kernel purely because the
use of <acronym>DHCP</acronym> may, at some point in the
@ -2895,13 +2840,12 @@ dhclient_flags=""</programlisting>
to the actual configuration file,
<filename>/usr/local/etc/dhcpd.conf</filename>. Edits
will be made to this new file.</para>
</sect3>
<sect3>
<title>Configuring the DHCP Server</title>
<title>Configuring the <acronym>DHCP</acronym> Server</title>
<indexterm>
<primary>DHCP</primary>
<primary><acronym>DHCP</acronym></primary>
<secondary>dhcpd.conf</secondary>
</indexterm>
<para><filename>dhcpd.conf</filename> is comprised of
@ -2936,7 +2880,7 @@ host mailhost {
<callout arearefs="domain-name-servers">
<para>This option specifies a comma separated list of
DNS servers that the client should use.</para>
<acronym>DNS</acronym> servers that the client should use.</para>
</callout>
<callout arearefs="subnet-mask">
@ -2960,15 +2904,15 @@ host mailhost {
</callout>
<callout arearefs="ddns-update-style">
<para>This option specifies whether the DHCP server
should attempt to update DNS when a lease is accepted
<para>This option specifies whether the <acronym>DHCP</acronym> server
should attempt to update <acronym>DNS</acronym> when a lease is accepted
or released. In the ISC implementation, this option
is <emphasis>required</emphasis>.</para>
</callout>
<callout arearefs="range">
<para>This denotes which IP addresses should be used in
the pool reserved for allocating to clients. IP
<para>This denotes which <acronym>IP</acronym> addresses should be used in
the pool reserved for allocating to clients. <acronym>IP</acronym>
addresses between, and including, the ones stated are
handed out to clients.</para>
</callout>
@ -2980,14 +2924,14 @@ host mailhost {
<callout arearefs="hardware">
<para>The hardware MAC address of a host (so that the
DHCP server can recognize a host when it makes a
<acronym>DHCP</acronym> server can recognize a host when it makes a
request).</para>
</callout>
<callout arearefs="fixed-address">
<para>Specifies that the host should always be given the
same IP address. Note that using a hostname is
correct here, since the DHCP server will resolve the
same <acronym>IP</acronym> address. Note that using a hostname is
correct here, since the <acronym>DHCP</acronym> server will resolve the
hostname itself before returning the lease
information.</para>
</callout>
@ -2995,7 +2939,7 @@ host mailhost {
<para>Once the configuration of
<filename>dhcpd.conf</filename> has been completed,
enable the DHCP server in
enable the <acronym>DHCP</acronym> server in
<filename>/etc/rc.conf</filename>, i.e., by adding:</para>
<programlisting>dhcpd_enable="YES"
@ -3003,7 +2947,7 @@ dhcpd_ifaces="dc0"</programlisting>
<para>Replace the <literal>dc0</literal> interface name with
the interface (or interfaces, separated by whitespace)
that the DHCP server should listen on for DHCP client
that the <acronym>DHCP</acronym> server should listen on for <acronym>DHCP</acronym> client
requests.</para>
<para>Proceed to start the server by issuing
@ -3023,7 +2967,7 @@ dhcpd_ifaces="dc0"</programlisting>
<title>Files</title>
<indexterm>
<primary>DHCP</primary>
<primary><acronym>DHCP</acronym></primary>
<secondary>configuration files</secondary>
</indexterm>
<itemizedlist>
@ -3056,7 +3000,7 @@ dhcpd_ifaces="dc0"</programlisting>
<listitem>
<para><filename>/var/db/dhcpd.leases</filename></para>
<para>The DHCP server keeps a database of leases it has
<para>The <acronym>DHCP</acronym> server keeps a database of leases it has
issued in this file, which is written as a log. The
port installs &man.dhcpd.leases.5;, which gives a
slightly longer description.</para>
@ -3066,8 +3010,8 @@ dhcpd_ifaces="dc0"</programlisting>
<para><filename>/usr/local/sbin/dhcrelay</filename></para>
<para><application>dhcrelay</application> is used in
advanced environments where one DHCP server forwards a
request from a client to another DHCP server on a
advanced environments where one <acronym>DHCP</acronym> server forwards a
request from a client to another <acronym>DHCP</acronym> server on a
separate network. If this functionality is required,
then install the
<filename role="package">net/isc-dhcp42-relay</filename>
@ -3150,7 +3094,7 @@ dhcpd_ifaces="dc0"</programlisting>
<acronym>DNS</acronym> must be understood.</para>
<indexterm><primary>resolver</primary></indexterm>
<indexterm><primary>reverse DNS</primary></indexterm>
<indexterm><primary>reverse <acronym>DNS</acronym></primary></indexterm>
<indexterm><primary>root zone</primary></indexterm>
<informaltable frame="none" pgwide="1">
@ -3168,7 +3112,7 @@ dhcpd_ifaces="dc0"</programlisting>
<tbody>
<row>
<entry>Forward <acronym>DNS</acronym></entry>
<entry>Mapping of hostnames to IP addresses.</entry>
<entry>Mapping of hostnames to <acronym>IP</acronym> addresses.</entry>
</row>
<row>
@ -3492,7 +3436,7 @@ options {
</warning>
<programlisting> /*
Modern versions of BIND use a random UDP port for each outgoing
Modern versions of BIND use a random <acronym>UDP</acronym> port for each outgoing
query by default in order to dramatically reduce the possibility
of cache poisoning. All users are strongly encouraged to utilize
this feature, and to configure their firewalls to accommodate it.
@ -3817,11 +3761,11 @@ www IN CNAME example.org.</programlisting>
<programlisting>recordname IN recordtype value</programlisting>
<indexterm>
<primary>DNS</primary>
<primary><acronym>DNS</acronym></primary>
<secondary>records</secondary>
</indexterm>
<para>The most commonly used DNS records:</para>
<para>The most commonly used <acronym>DNS</acronym> records:</para>
<variablelist>
<varlistentry>
@ -3861,7 +3805,7 @@ www IN CNAME example.org.</programlisting>
<listitem>
<para>a domain name pointer (used in reverse
DNS)</para>
<acronym>DNS</acronym>)</para>
</listitem>
</varlistentry>
</variablelist>
@ -3940,7 +3884,7 @@ mail IN A 192.168.1.5</programlisting>
<programlisting> IN A 192.168.1.1</programlisting>
<para>This line assigns IP address
<para>This line assigns <acronym>IP</acronym> address
<hostid role="ipaddr">192.168.1.1</hostid> to the current
origin, in this case
<hostid role="domainname">example.org</hostid>.</para>
@ -3975,7 +3919,7 @@ mail IN A 192.168.1.5</programlisting>
priority number), then the second highest, etc, until the
mail can be properly delivered.</para>
<para>For in-addr.arpa zone files (reverse DNS), the same
<para>For in-addr.arpa zone files (reverse <acronym>DNS</acronym>), the same
format is used, except with PTR entries instead of A or
CNAME.</para>
@ -3997,7 +3941,7 @@ mail IN A 192.168.1.5</programlisting>
4 IN PTR mx.example.org.
5 IN PTR mail.example.org.</programlisting>
<para>This file gives the proper IP address to hostname
<para>This file gives the proper <acronym>IP</acronym> address to hostname
mappings for the above fictitious domain.</para>
<para>It is worth noting that all names on the right side
@ -4026,7 +3970,7 @@ mail IN A 192.168.1.5</programlisting>
<indexterm>
<primary>BIND</primary>
<secondary>DNS security extensions</secondary>
<secondary><acronym>DNS</acronym> security extensions</secondary>
</indexterm>
<para>Domain Name System Security Extensions, or <acronym
@ -4391,7 +4335,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<sect2>
<title>Security</title>
<para>Although BIND is the most common implementation of DNS,
<para>Although BIND is the most common implementation of <acronym>DNS</acronym>,
there is always the issue of security. Possible and
exploitable security holes are sometimes found.</para>
@ -4437,7 +4381,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<listitem>
<para><ulink
url="http://www.oreilly.com/catalog/dns5/">O'Reilly
DNS and BIND 5th Edition</ulink></para>
<acronym>DNS</acronym> and BIND 5th Edition</ulink></para>
</listitem>
<listitem>
@ -4469,21 +4413,21 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc4033">RFC4033
- DNS Security Introduction and
- <acronym>DNS</acronym> Security Introduction and
Requirements</ulink></para>
</listitem>
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc4034">RFC4034
- Resource Records for the DNS Security
- Resource Records for the <acronym>DNS</acronym> Security
Extensions</ulink></para>
</listitem>
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc4035">RFC4035
- Protocol Modifications for the DNS Security
- Protocol Modifications for the <acronym>DNS</acronym> Security
Extensions</ulink></para>
</listitem>
@ -4496,7 +4440,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc5011">RFC 5011
- Automated Updates of DNS Security
- Automated Updates of <acronym>DNS</acronym> Security
(<acronym>DNSSEC</acronym>
Trust Anchors</ulink></para>
</listitem>
@ -4686,7 +4630,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
types of Virtual Hosting. The first method is Name-based
Virtual Hosting. Name-based virtual hosting uses the clients
HTTP/1.1 headers to figure out the hostname. This allows many
different domains to share the same IP address.</para>
different domains to share the same <acronym>IP</acronym> address.</para>
<para>To setup <application>Apache</application> to use
Name-based Virtual Hosting add an entry like the following to
@ -5252,7 +5196,7 @@ DocumentRoot /www/someotherdomain.tld
<para>This sets the NetBIOS name by which a
<application>Samba</application> server is known.
By default it is the same as the first component of
the host's DNS name.</para>
the host's <acronym>DNS</acronym> name.</para>
</listitem>
</varlistentry>
@ -5580,7 +5524,7 @@ driftfile /var/db/ntp.drift</programlisting>
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
<para>instead, where
<hostid role="ipaddr">192.168.1.0</hostid> is an IP address
<hostid role="ipaddr">192.168.1.0</hostid> is an <acronym>IP</acronym> address
on the network and
<hostid role="netmask">255.255.255.0</hostid> is the
network's netmask.</para>
@ -6207,7 +6151,7 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</
iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting>
<para>The following suggests network-level problem, such as
wrong IP address or port:</para>
wrong <acronym>IP</acronym> address or port:</para>
<programlisting>Target name Target addr State
iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting>