svn commit: r42977 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Wed Oct 16 20:19:57 UTC 2013
Author: dru
Date: Wed Oct 16 20:19:56 2013
New Revision: 42977
URL: http://svnweb.freebsd.org/changeset/doc/42977
Log:
White space fix only. Translators can ignore.
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 19:40:27 2013 (r42976)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Oct 16 20:19:56 2013 (r42977)
@@ -200,8 +200,8 @@
<literal>inetd_flags</literal> is set to
<literal>-wW -C 60</literal>, which turns on TCP wrapping for
<application>inetd</application>'s services, and prevents any
- single <acronym>IP</acronym> address from requesting any service more than 60
- times in any given minute.</para>
+ single <acronym>IP</acronym> address from requesting any
+ service more than 60 times in any given minute.</para>
<para>Although we mention rate-limiting options below, novice
users may be pleased to note that these parameters usually do
@@ -227,9 +227,10 @@
<listitem>
<para>Specify the default maximum number of times a
- service can be invoked from a single <acronym>IP</acronym> address in one
- minute; the default is unlimited. May be overridden on
- a per-service basis with the
+ service can be invoked from a single
+ <acronym>IP</acronym> address in one minute; the default
+ is unlimited. May be overridden on a per-service basis
+ with the
<option>max-connections-per-ip-per-minute</option>
parameter.</para>
</listitem>
@@ -250,9 +251,9 @@
<listitem>
<para>Specify the maximum number of times a service can be
- invoked from a single <acronym>IP</acronym> address at any one time; the
- default is unlimited. May be overridden on a
- per-service basis with the
+ invoked from a single <acronym>IP</acronym> address at
+ any one time; the default is unlimited. May be
+ overridden on a per-service basis with the
<option>max-child-per-ip</option> parameter.</para>
</listitem>
</varlistentry>
@@ -403,14 +404,15 @@ server-program-arguments</programlisting
options which limit the maximum connections from a
single place to a particular daemon can be enabled.
<option>max-connections-per-ip-per-minute</option>
- limits the number of connections from any particular <acronym>IP</acronym>
- address per minutes, e.g., a value of ten would limit
- any particular <acronym>IP</acronym> address connecting to a particular
- service to ten attempts per minute.
- <option>max-child-per-ip</option> limits the number of
- children that can be started on behalf on any single <acronym>IP</acronym>
- address at any moment. These options are useful to
- prevent intentional or unintentional excessive resource
+ limits the number of connections from any particular
+ <acronym>IP</acronym> address per minutes, e.g., a value
+ of ten would limit any particular <acronym>IP</acronym>
+ address connecting to a particular service to ten
+ attempts per minute. <option>max-child-per-ip</option>
+ limits the number of children that can be started on
+ behalf on any single <acronym>IP</acronym> address at
+ any moment. These options are useful to prevent
+ intentional or unintentional excessive resource
consumption and Denial of Service (DoS) attacks to a
machine.</para>
@@ -430,8 +432,8 @@ server-program-arguments</programlisting
would read: <literal>nowait/10</literal>.</para>
<para>The same setup with a limit of twenty connections
- per <acronym>IP</acronym> address per minute and a maximum total limit of
- ten child daemons would read:
+ per <acronym>IP</acronym> address per minute and a
+ maximum total limit of ten child daemons would read:
<literal>nowait/10/20</literal>.</para>
<para>These options are utilized by the default
@@ -723,8 +725,8 @@ mountd_flags="-r"</programlisting>
<para>The next example exports
<filename class="directory">/home</filename> to three clients
- by <acronym>IP</acronym> address. This can be useful for networks without
- <acronym>DNS</acronym>. Optionally,
+ by <acronym>IP</acronym> address. This can be useful for
+ networks without <acronym>DNS</acronym>. Optionally,
<filename>/etc/hosts</filename> could be configured for
internal hostnames; please review &man.hosts.5; for more
information. The <literal>-alldirs</literal> flag allows
@@ -951,11 +953,11 @@ rpc_statd_enable="YES"</programlisting>
<filename class="directory">/net</filename> directories. When
a file is accessed within one of these directories,
<application>amd</application> looks up the corresponding
- remote mount and automatically mounts it.
- <filename class="directory">/net</filename> is used to mount
- an exported file system from an <acronym>IP</acronym> address, while
- <filename class="directory">/host</filename> is used to mount
- an export from a remote hostname.</para>
+ remote mount and automatically mounts it. <filename
+ class="directory">/net</filename> is used to mount an
+ exported file system from an <acronym>IP</acronym> address,
+ while <filename class="directory">/host</filename> is used to
+ mount an export from a remote hostname.</para>
<para>For instance, an attempt to access a file within
<filename class="directory">/host/foobar/usr</filename> would
@@ -2617,7 +2619,8 @@ result: 0 Success
</authorgroup>
</sect1info>
-->
- <title>Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>)</title>
+ <title>Dynamic Host Configuration Protocol
+ (<acronym>DHCP</acronym>)</title>
<indexterm>
<primary>Dynamic Host Configuration Protocol</primary>
@@ -2627,108 +2630,115 @@ result: 0 Success
<primary>Internet Systems Consortium (ISC)</primary>
</indexterm>
- <para>The Dynamic Host Configuration Protocol (<acronym>DHCP</acronym>) allows
- a system to connect to a network in order to be assigned
- the necessary addressing information for communication on that
- network. &os; includes the OpenBSD version of <command>dhclient</command>
- which is used by the client to obtain the addressing information.
- &os; does not install a <acronym>DHCP</acronym> server, but several
- servers are available in the &os; Ports Collection.
- The <acronym>DHCP</acronym> protocol is fully described in
- <ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
- 2131</ulink>. Informational resources are also available at
- <ulink url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>
-
- <para>This section describes how to use the built-in <acronym>DHCP</acronym> client.
- It then describes how to install and configure a
- <acronym>DHCP</acronym> server.</para>
+ <para>The Dynamic Host Configuration Protocol
+ (<acronym>DHCP</acronym>) allows a system to connect to a
+ network in order to be assigned the necessary addressing
+ information for communication on that network. &os; includes
+ the OpenBSD version of <command>dhclient</command> which is used
+ by the client to obtain the addressing information. &os; does
+ not install a <acronym>DHCP</acronym> server, but several
+ servers are available in the &os; Ports Collection. The
+ <acronym>DHCP</acronym> protocol is fully described in <ulink
+ url="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</ulink>.
+ Informational resources are also available at <ulink
+ url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>
+
+ <para>This section describes how to use the built-in
+ <acronym>DHCP</acronym> client. It then describes how to
+ install and configure a <acronym>DHCP</acronym> server.</para>
- <sect2>
- <title>Configuring a <acronym>DHCP</acronym> Client</title>
+ <sect2>
+ <title>Configuring a <acronym>DHCP</acronym> Client</title>
- <para><acronym>DHCP</acronym> client support is included in the &os;
- installer, making it easy to configure a system to automatically
- receive its networking addressing information from an existing
- <acronym>DHCP</acronym> server.</para>
-
- <indexterm><primary><acronym>UDP</acronym></primary></indexterm>
- <para>When <command>dhclient</command> is
- executed on the client machine, it begins broadcasting
- requests for configuration information. By default, these
- requests use <acronym>UDP</acronym> port 68. The server replies on <acronym>UDP</acronym> port 67,
- giving the client an <acronym>IP</acronym> address and other relevant network
- information such as a subnet mask, default gateway, and <acronym>DNS</acronym> server addresses.
- This information is in the form of a <acronym>DHCP</acronym>
- <quote>lease</quote> and is valid for a configurable time. This allows
- stale <acronym>IP</acronym> addresses for clients no longer connected to the
- network to automatically be reused.</para>
-
- <para><acronym>DHCP</acronym> clients can obtain a great deal of information from
- the server. An exhaustive list may be found in
- &man.dhcp-options.5;.</para>
-
- <para>The <devicename>bpf</devicename> device is already
- part of the <filename>GENERIC</filename> kernel that is
- supplied with &os;, thus there is no need to build a
- custom kernel for <acronym>DHCP</acronym>. In the case of
- a custom kernel configuration file, this device must be
- present for <acronym>DHCP</acronym> to function
- properly.</para>
+ <para><acronym>DHCP</acronym> client support is included in the
+ &os; installer, making it easy to configure a system to
+ automatically receive its networking addressing information
+ from an existing <acronym>DHCP</acronym> server.</para>
+
+ <indexterm><primary><acronym>UDP</acronym></primary></indexterm>
+ <para>When <command>dhclient</command> is executed on the client
+ machine, it begins broadcasting requests for configuration
+ information. By default, these requests use
+ <acronym>UDP</acronym> port 68. The server replies on
+ <acronym>UDP</acronym> port 67, giving the client an
+ <acronym>IP</acronym> address and other relevant network
+ information such as a subnet mask, default gateway, and
+ <acronym>DNS</acronym> server addresses. This information is
+ in the form of a <acronym>DHCP</acronym>
+ <quote>lease</quote> and is valid for a configurable time.
+ This allows stale <acronym>IP</acronym> addresses for clients
+ no longer connected to the network to automatically be
+ reused.</para>
+
+ <para><acronym>DHCP</acronym> clients can obtain a great deal of
+ information from the server. An exhaustive list may be found
+ in &man.dhcp-options.5;.</para>
+
+ <para>The <devicename>bpf</devicename> device is already
+ part of the <filename>GENERIC</filename> kernel that is
+ supplied with &os;, thus there is no need to build a
+ custom kernel for <acronym>DHCP</acronym>. In the case of
+ a custom kernel configuration file, this device must be
+ present for <acronym>DHCP</acronym> to function
+ properly.</para>
- <note>
- <para>For those who are particularly security conscious,
- take note that <devicename>bpf</devicename> is also the
- device that allows packet sniffers to work correctly
- (although they still have to be run as
- <username>root</username>).
- <devicename>bpf</devicename> <emphasis>is</emphasis>
- required to use <acronym>DHCP</acronym>; however, the security sensitive
- types should probably not add
- <devicename>bpf</devicename> to the kernel in the
- expectation that at some point in the future the system
- will be using <acronym>DHCP</acronym>.</para>
- </note>
+ <note>
+ <para>For those who are particularly security conscious,
+ take note that <devicename>bpf</devicename> is also the
+ device that allows packet sniffers to work correctly
+ (although they still have to be run as
+ <username>root</username>).
+ <devicename>bpf</devicename> <emphasis>is</emphasis>
+ required to use <acronym>DHCP</acronym>; however, the
+ security sensitive types should probably not add
+ <devicename>bpf</devicename> to the kernel in the
+ expectation that at some point in the future the system
+ will be using <acronym>DHCP</acronym>.</para>
+ </note>
- <para>By default, <acronym>DHCP</acronym> configuration on &os; runs in the
- background, or <firstterm>asynchronously</firstterm>.
- Other startup scripts continue to run while <acronym>DHCP</acronym>
- completes, speeding up system startup.</para>
-
- <para>Background <acronym>DHCP</acronym> works well when the <acronym>DHCP</acronym> server
- responds quickly to requests and the <acronym>DHCP</acronym> configuration
- process goes quickly. However, <acronym>DHCP</acronym> may take a long time
- to complete on some systems. If network services attempt
- to run before <acronym>DHCP</acronym> has completed, they will fail. Using
- <acronym>DHCP</acronym> in <firstterm>synchronous</firstterm> mode prevents
- the problem, pausing startup until <acronym>DHCP</acronym> configuration has
- completed.</para>
-
- <para>To connect to a <acronym>DHCP</acronym> server in the background while
- other startup continues (asynchronous mode), use the
- <quote><literal>DHCP</literal></quote> value in
- <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
-
- <para>To pause startup while <acronym>DHCP</acronym> completes, use
- synchronous mode with the
- <quote><literal>SYNCDHCP</literal></quote> value:</para>
-
- <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting>
-
- <note>
- <para>Replace the <replaceable>fxp0</replaceable> shown
- in these examples with the name of the interface to be
- dynamically configured, as described in
- <xref linkend="config-network-setup"/>.</para>
- </note>
+ <para>By default, <acronym>DHCP</acronym> configuration on &os;
+ runs in the background, or
+ <firstterm>asynchronously</firstterm>. Other startup scripts
+ continue to run while <acronym>DHCP</acronym> completes,
+ speeding up system startup.</para>
+
+ <para>Background <acronym>DHCP</acronym> works well when the
+ <acronym>DHCP</acronym> server responds quickly to requests
+ and the <acronym>DHCP</acronym> configuration process goes
+ quickly. However, <acronym>DHCP</acronym> may take a long
+ time to complete on some systems. If network services attempt
+ to run before <acronym>DHCP</acronym> has completed, they will
+ fail. Using <acronym>DHCP</acronym> in
+ <firstterm>synchronous</firstterm> mode prevents the problem,
+ pausing startup until <acronym>DHCP</acronym> configuration
+ has completed.</para>
+
+ <para>To connect to a <acronym>DHCP</acronym> server in the
+ background while other startup continues (asynchronous mode),
+ use the <quote><literal>DHCP</literal></quote> value in
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>ifconfig_<replaceable>fxp0</replaceable>="DHCP"</programlisting>
+
+ <para>To pause startup while <acronym>DHCP</acronym> completes,
+ use synchronous mode with the
+ <quote><literal>SYNCDHCP</literal></quote> value:</para>
+
+ <programlisting>ifconfig_<replaceable>fxp0</replaceable>="SYNCDHCP"</programlisting>
+
+ <note>
+ <para>Replace the <replaceable>fxp0</replaceable> shown
+ in these examples with the name of the interface to be
+ dynamically configured, as described in
+ <xref linkend="config-network-setup"/>.</para>
+ </note>
- <para>When using a different file system location for
- <command>dhclient</command>, or if additional flags must
- be passed to <command>dhclient</command>, include (editing
- as necessary):</para>
+ <para>When using a different file system location for
+ <command>dhclient</command>, or if additional flags must
+ be passed to <command>dhclient</command>, include (editing
+ as necessary):</para>
- <programlisting>dhclient_program="/sbin/dhclient"
+ <programlisting>dhclient_program="/sbin/dhclient"
dhclient_flags=""</programlisting>
<indexterm>
@@ -2736,7 +2746,8 @@ dhclient_flags=""</programlisting>
<secondary>configuration files</secondary>
</indexterm>
- <para>The <acronym>DHCP</acronym> client uses the following files:</para>
+ <para>The <acronym>DHCP</acronym> client uses the following
+ files:</para>
<itemizedlist>
<listitem>
@@ -2760,86 +2771,90 @@ dhclient_flags=""</programlisting>
<para><filename>/sbin/dhclient-script</filename></para>
<para><command>dhclient-script</command> is the
- &os;-specific <acronym>DHCP</acronym> client configuration script. It
- is described in &man.dhclient-script.8;, but should not
- need any user modification to function properly.</para>
+ &os;-specific <acronym>DHCP</acronym> client configuration
+ script. It is described in &man.dhclient-script.8;, but
+ should not need any user modification to function
+ properly.</para>
</listitem>
<listitem>
<para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
- <para>The <acronym>DHCP</acronym> client keeps a database of valid leases in
- this file, which is written as a log.
+ <para>The <acronym>DHCP</acronym> client keeps a database of
+ valid leases in this file, which is written as a log.
&man.dhclient.leases.5; gives a slightly longer
- description. Refer to
- &man.dhclient.8;, &man.dhcp-options.5;, and
- &man.dhclient.conf.5;, in addition to the
- references below, for more information.</para>
+ description. Refer to &man.dhclient.8;,
+ &man.dhcp-options.5;, and &man.dhclient.conf.5;, in
+ addition to the references below, for more
+ information.</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 id="network-dhcp-server">
- <title>Installing and Configuring a <acronym>DHCP</acronym> Server</title>
+ <title>Installing and Configuring a <acronym>DHCP</acronym>
+ Server</title>
- <para>This section provides information on how to configure a
- &os; system to act as a <acronym>DHCP</acronym> server using the ISC
- (Internet Systems Consortium) implementation of the <acronym>DHCP</acronym>
- server.</para>
+ <para>This section provides information on how to configure a
+ &os; system to act as a <acronym>DHCP</acronym> server using
+ the ISC (Internet Systems Consortium) implementation of the
+ <acronym>DHCP</acronym> server.</para>
<indexterm>
<primary><acronym>DHCP</acronym></primary>
<secondary>server</secondary>
</indexterm>
- <para>The <acronym>DHCP</acronym> server, <application>dhcpd</application>, is
- included as part of the
+ <para>The <acronym>DHCP</acronym> server,
+ <application>dhcpd</application>, is included as part of the
<filename role="package">net/isc-dhcp42-server</filename> port
- in the ports collection. This port contains the ISC <acronym>DHCP</acronym>
- server and documentation.</para>
- <para>The server is not provided as part of &os;, and so the
- <filename role="package">net/isc-dhcp42-server</filename>
- port must be installed to provide this service. See
- <xref linkend="ports"/> for more information on using the
- Ports Collection.</para>
+ in the ports collection. This port contains the ISC
+ <acronym>DHCP</acronym> server and documentation.</para>
- <indexterm>
- <primary><acronym>DHCP</acronym></primary>
+ <para>The server is not provided as part of &os;, and so the
+ <filename role="package">net/isc-dhcp42-server</filename>
+ port must be installed to provide this service. See
+ <xref linkend="ports"/> for more information on using the
+ Ports Collection.</para>
+
+ <indexterm>
+ <primary><acronym>DHCP</acronym></primary>
<secondary>installation</secondary>
- </indexterm>
+ </indexterm>
- <para>In order to configure the &os; system as a <acronym>DHCP</acronym> server,
- first ensure that the &man.bpf.4; device is compiled into
- the kernel. To do this, add <literal>device bpf</literal>
- to the kernel configuration file, and rebuild the kernel.
- For more information about building kernels, see
- <xref linkend="kernelconfig"/>.</para>
-
- <para>The <devicename>bpf</devicename> device is already part
- of the <filename>GENERIC</filename> kernel that is supplied
- with &os;, so there is no need to create a custom kernel in
- order to get <acronym>DHCP</acronym> working.</para>
+ <para>In order to configure the &os; system as a
+ <acronym>DHCP</acronym> server, first ensure that the
+ &man.bpf.4; device is compiled into the kernel. To do this,
+ add <literal>device bpf</literal> to the kernel configuration
+ file, and rebuild the kernel. For more information about
+ building kernels, see <xref linkend="kernelconfig"/>.</para>
+
+ <para>The <devicename>bpf</devicename> device is already part
+ of the <filename>GENERIC</filename> kernel that is supplied
+ with &os;, so there is no need to create a custom kernel in
+ order to get <acronym>DHCP</acronym> working.</para>
- <note>
- <para>Those who are particularly security conscious should
- note that <devicename>bpf</devicename> is also the device
- that allows packet sniffers to function correctly
- (although such programs still need privileged access).
- The <devicename>bpf</devicename> device
- <emphasis>is</emphasis> required to use <acronym>DHCP</acronym>, but if the
- sensitivity of the system's security is high, this device
- should not be included in the kernel purely because the
- use of <acronym>DHCP</acronym> may, at some point in the
- future, be desired.</para>
- </note>
+ <note>
+ <para>Those who are particularly security conscious should
+ note that <devicename>bpf</devicename> is also the device
+ that allows packet sniffers to function correctly
+ (although such programs still need privileged access).
+ The <devicename>bpf</devicename> device
+ <emphasis>is</emphasis> required to use
+ <acronym>DHCP</acronym>, but if the sensitivity of the
+ system's security is high, this device should not be
+ included in the kernel purely because the use of
+ <acronym>DHCP</acronym> may, at some point in the future, be
+ desired.</para>
+ </note>
- <para>An example configuration file is installed by the
- <filename role="package">net/isc-dhcp42-server</filename>
- port. Copy the example
- <filename>/usr/local/etc/dhcpd.conf.example</filename>
- to the actual configuration file,
- <filename>/usr/local/etc/dhcpd.conf</filename>. Edits
- will be made to this new file.</para>
+ <para>An example configuration file is installed by the
+ <filename role="package">net/isc-dhcp42-server</filename>
+ port. Copy the example
+ <filename>/usr/local/etc/dhcpd.conf.example</filename>
+ to the actual configuration file,
+ <filename>/usr/local/etc/dhcpd.conf</filename>. Edits
+ will be made to this new file.</para>
<sect3>
<title>Configuring the <acronym>DHCP</acronym> Server</title>
@@ -2880,7 +2895,8 @@ host mailhost {
<callout arearefs="domain-name-servers">
<para>This option specifies a comma separated list of
- <acronym>DNS</acronym> servers that the client should use.</para>
+ <acronym>DNS</acronym> servers that the client should
+ use.</para>
</callout>
<callout arearefs="subnet-mask">
@@ -2904,17 +2920,19 @@ host mailhost {
</callout>
<callout arearefs="ddns-update-style">
- <para>This option specifies whether the <acronym>DHCP</acronym> server
- should attempt to update <acronym>DNS</acronym> when a lease is accepted
- or released. In the ISC implementation, this option
- is <emphasis>required</emphasis>.</para>
+ <para>This option specifies whether the
+ <acronym>DHCP</acronym> server should attempt to update
+ <acronym>DNS</acronym> when a lease is accepted or
+ released. In the ISC implementation, this option is
+ <emphasis>required</emphasis>.</para>
</callout>
<callout arearefs="range">
- <para>This denotes which <acronym>IP</acronym> addresses should be used in
- the pool reserved for allocating to clients. <acronym>IP</acronym>
- addresses between, and including, the ones stated are
- handed out to clients.</para>
+ <para>This denotes which <acronym>IP</acronym> addresses
+ should be used in the pool reserved for allocating to
+ clients. <acronym>IP</acronym> addresses between, and
+ including, the ones stated are handed out to
+ clients.</para>
</callout>
<callout arearefs="routers">
@@ -2924,14 +2942,15 @@ host mailhost {
<callout arearefs="hardware">
<para>The hardware MAC address of a host (so that the
- <acronym>DHCP</acronym> server can recognize a host when it makes a
- request).</para>
+ <acronym>DHCP</acronym> server can recognize a host when
+ it makes a request).</para>
</callout>
<callout arearefs="fixed-address">
<para>Specifies that the host should always be given the
- same <acronym>IP</acronym> address. Note that using a hostname is
- correct here, since the <acronym>DHCP</acronym> server will resolve the
+ same <acronym>IP</acronym> address. Note that using a
+ hostname is correct here, since the
+ <acronym>DHCP</acronym> server will resolve the
hostname itself before returning the lease
information.</para>
</callout>
@@ -2947,8 +2966,8 @@ dhcpd_ifaces="dc0"</programlisting>
<para>Replace the <literal>dc0</literal> interface name with
the interface (or interfaces, separated by whitespace)
- that the <acronym>DHCP</acronym> server should listen on for <acronym>DHCP</acronym> client
- requests.</para>
+ that the <acronym>DHCP</acronym> server should listen on for
+ <acronym>DHCP</acronym> client requests.</para>
<para>Proceed to start the server by issuing
the following command:</para>
@@ -3000,20 +3019,20 @@ dhcpd_ifaces="dc0"</programlisting>
<listitem>
<para><filename>/var/db/dhcpd.leases</filename></para>
- <para>The <acronym>DHCP</acronym> server keeps a database of leases it has
- issued in this file, which is written as a log. The
- port installs &man.dhcpd.leases.5;, which gives a
- slightly longer description.</para>
+ <para>The <acronym>DHCP</acronym> server keeps a database
+ of leases it has issued in this file, which is written
+ as a log. The port installs &man.dhcpd.leases.5;, which
+ gives a slightly longer description.</para>
</listitem>
<listitem>
<para><filename>/usr/local/sbin/dhcrelay</filename></para>
<para><application>dhcrelay</application> is used in
- advanced environments where one <acronym>DHCP</acronym> server forwards a
- request from a client to another <acronym>DHCP</acronym> server on a
- separate network. If this functionality is required,
- then install the
+ advanced environments where one <acronym>DHCP</acronym>
+ server forwards a request from a client to another
+ <acronym>DHCP</acronym> server on a separate network.
+ If this functionality is required, then install the
<filename role="package">net/isc-dhcp42-relay</filename>
port. The port installs &man.dhcrelay.8;, which
provides more detail.</para>
@@ -3094,7 +3113,8 @@ dhcpd_ifaces="dc0"</programlisting>
<acronym>DNS</acronym> must be understood.</para>
<indexterm><primary>resolver</primary></indexterm>
- <indexterm><primary>reverse <acronym>DNS</acronym></primary></indexterm>
+ <indexterm><primary>reverse
+ <acronym>DNS</acronym></primary></indexterm>
<indexterm><primary>root zone</primary></indexterm>
<informaltable frame="none" pgwide="1">
@@ -3112,7 +3132,8 @@ dhcpd_ifaces="dc0"</programlisting>
<tbody>
<row>
<entry>Forward <acronym>DNS</acronym></entry>
- <entry>Mapping of hostnames to <acronym>IP</acronym> addresses.</entry>
+ <entry>Mapping of hostnames to <acronym>IP</acronym>
+ addresses.</entry>
</row>
<row>
@@ -3765,7 +3786,8 @@ www IN CNAME example.
<secondary>records</secondary>
</indexterm>
- <para>The most commonly used <acronym>DNS</acronym> records:</para>
+ <para>The most commonly used <acronym>DNS</acronym>
+ records:</para>
<variablelist>
<varlistentry>
@@ -3919,9 +3941,9 @@ mail IN A 192.168.
priority number), then the second highest, etc, until the
mail can be properly delivered.</para>
- <para>For in-addr.arpa zone files (reverse <acronym>DNS</acronym>), the same
- format is used, except with PTR entries instead of A or
- CNAME.</para>
+ <para>For in-addr.arpa zone files (reverse
+ <acronym>DNS</acronym>), the same format is used, except
+ with PTR entries instead of A or CNAME.</para>
<programlisting>$TTL 3600
@@ -3941,8 +3963,8 @@ mail IN A 192.168.
4 IN PTR mx.example.org.
5 IN PTR mail.example.org.</programlisting>
- <para>This file gives the proper <acronym>IP</acronym> address to hostname
- mappings for the above fictitious domain.</para>
+ <para>This file gives the proper <acronym>IP</acronym> address
+ to hostname mappings for the above fictitious domain.</para>
<para>It is worth noting that all names on the right side
of a PTR record need to be fully qualified (i.e., end in
@@ -3970,7 +3992,8 @@ mail IN A 192.168.
<indexterm>
<primary>BIND</primary>
- <secondary><acronym>DNS</acronym> security extensions</secondary>
+ <secondary><acronym>DNS</acronym> security
+ extensions</secondary>
</indexterm>
<para>Domain Name System Security Extensions, or <acronym
@@ -4335,9 +4358,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<sect2>
<title>Security</title>
- <para>Although BIND is the most common implementation of <acronym>DNS</acronym>,
- there is always the issue of security. Possible and
- exploitable security holes are sometimes found.</para>
+ <para>Although BIND is the most common implementation of
+ <acronym>DNS</acronym>, there is always the issue of security.
+ Possible and exploitable security holes are sometimes
+ found.</para>
<para>While &os; automatically drops
<application>named</application> into a &man.chroot.8;
@@ -4381,7 +4405,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<listitem>
<para><ulink
url="http://www.oreilly.com/catalog/dns5/">O'Reilly
- <acronym>DNS</acronym> and BIND 5th Edition</ulink></para>
+ <acronym>DNS</acronym> and BIND 5th
+ Edition</ulink></para>
</listitem>
<listitem>
@@ -4420,15 +4445,15 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc4034">RFC4034
- - Resource Records for the <acronym>DNS</acronym> Security
- Extensions</ulink></para>
+ - Resource Records for the <acronym>DNS</acronym>
+ Security Extensions</ulink></para>
</listitem>
<listitem>
<para><ulink
url="http://tools.ietf.org/html/rfc4035">RFC4035
- - Protocol Modifications for the <acronym>DNS</acronym> Security
- Extensions</ulink></para>
+ - Protocol Modifications for the <acronym>DNS</acronym>
+ Security Extensions</ulink></para>
</listitem>
<listitem>
@@ -4630,7 +4655,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key
types of Virtual Hosting. The first method is Name-based
Virtual Hosting. Name-based virtual hosting uses the clients
HTTP/1.1 headers to figure out the hostname. This allows many
- different domains to share the same <acronym>IP</acronym> address.</para>
+ different domains to share the same <acronym>IP</acronym>
+ address.</para>
<para>To setup <application>Apache</application> to use
Name-based Virtual Hosting add an entry like the following to
@@ -5524,8 +5550,8 @@ driftfile /var/db/ntp.drift</programlist
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
<para>instead, where
- <hostid role="ipaddr">192.168.1.0</hostid> is an <acronym>IP</acronym> address
- on the network and
+ <hostid role="ipaddr">192.168.1.0</hostid> is an
+ <acronym>IP</acronym> address on the network and
<hostid role="netmask">255.255.255.0</hostid> is the
network's netmask.</para>
More information about the svn-doc-head
mailing list