Update documentation for 9.20.0

doc/arm/build.inc.rst

@@ -55,13 +55,14 @@ Required Libraries
 
 To build BIND 9, the following packages must be installed:
 
+- a C11-compliant compiler
 - ``libcrypto``, ``libssl``
 - ``liburcu``
 - ``libuv``
 - ``perl``
 - ``pkg-config`` / ``pkgconfig`` / ``pkgconf``
 
-BIND 9.19 requires ``libuv`` 1.34.0 or higher, using ``libuv`` >= 1.40.0
+BIND 9.20 requires ``libuv`` 1.34.0 or higher, using ``libuv`` >= 1.40.0
 is recommended. Compiling or running with ``libuv`` 1.35.0 or 1.36.0 is
 not supported, as this could lead to an assertion failure in the UDP
 receive code. On older systems, an updated ``libuv`` package needs to be
@@ -96,7 +97,8 @@ Optional Features
 To see a full list of configuration options, run ``configure --help``.
 
 To improve performance, use of the ``jemalloc`` library
-(http://jemalloc.net/) is strongly recommended.
+(https://jemalloc.net/) is strongly recommended. Version 4.0.0 or newer is
+required when in use.
 
 To support :rfc:`DNS over HTTPS (DoH) <8484>`, the server must be linked
 with ``libnghttp2`` (https://nghttp2.org/). If the library is

doc/arm/conf.py

@@ -132,7 +132,7 @@ def setup(app):
 #
 # This file only contains a selection of the most common options. For a full
 # list see the documentation:
-# http://www.sphinx-doc.org/en/master/config
+# https://www.sphinx-doc.org/en/master/config
 
 # -- Path setup --------------------------------------------------------------
 

doc/arm/general.rst

@@ -444,7 +444,7 @@ Notes
 
 .. [#rfc4294] Section 5.1 - DNAME records are fully supported.
 
-.. [#rfc7050] RFC 7050 is updated by RFC 8880.
+.. [#rfc7050] :rfc:`7050` is updated by :rfc:`8880`.
 
 .. [#noencryptedfwd] Forwarding DNS queries over encrypted transports is not
    supported yet.

doc/arm/pkcs11.inc.rst

@@ -270,9 +270,7 @@ You'll need to provide the OpenSSL engine name (``pkcs11``) if using the engine
 the algorithm (``RSASHA256``). The key is referenced with the PKCS#11 URI scheme and it
 can contain the PKCS#11 token label (we asume that it has been initialized as bind9),
 and the PKCS#11 object label (called label when generating the keys using ``pkcs11-tool``)
-and the HSM PIN. Refer to `RFC7512`_ for the full PKCS#11 URI specification.
-
-.. _`RFC7512`: https://www.rfc-editor.org/rfc/rfc7512.html
+and the HSM PIN. Refer to :rfc:`7512` for the full PKCS#11 URI specification.
 
 Convert the KSK:
 

doc/arm/platforms.inc.rst

@@ -102,7 +102,7 @@ These are platforms on which current versions of BIND 9 are known *not* to build
 -  Platforms without at least OpenSSL 1.0.2
 -  Windows
 -  Solaris 10 and older
--  Platforms that do not support IPv6 Advanced Socket API (RFC 3542)
+-  Platforms that do not support IPv6 Advanced Socket API (:rfc:`3542`)
 -  Platforms that do not support atomic operations (via compiler or
    library)
 -  Linux without NPTL (Native POSIX Thread Library)

doc/arm/reference.rst

@@ -1242,7 +1242,7 @@ default is used.
    Logged :any:`dnstap` messages can be parsed using the :iscman:`dnstap-read`
    utility (see :ref:`man_dnstap-read` for details).
 
-   For more information on :any:`dnstap`, see http://dnstap.info.
+   For more information on :any:`dnstap`, see https://dnstap.info.
 
    The fstrm library has a number of tunables that are exposed in
    :iscman:`named.conf`, and can be modified if necessary to improve
@@ -5998,7 +5998,7 @@ The following options can be specified in a :any:`tls` statement:
    :short: Enables or disables session resumption through TLS session tickets.
 
     Enables or disables session resumption through TLS session tickets,
-    as defined in RFC5077. Disabling the stateless session tickets
+    as defined in :rfc:`5077`. Disabling the stateless session tickets
     might be required in the cases when forward secrecy is needed,
     or the TLS certificate and key pair is planned to be used across
     multiple BIND instances.
@@ -6068,7 +6068,7 @@ good example of when reconfiguration is necessary is when TLS keys and
 certificates are updated on the disk.
 
 BIND supports the following TLS authentication mechanisms described in
-the RFC 9103, Section 9.3: Opportunistic TLS, Strict TLS, and Mutual
+the :rfc:`9103`, Section 9.3: Opportunistic TLS, Strict TLS, and Mutual
 TLS.
 
 .. _opportunistic-tls:
@@ -6076,7 +6076,7 @@ TLS.
 Opportunistic TLS provides encryption for data but does not provide
 any authentication for the channel. This mode is the default one and
 it is used whenever :any:`remote-hostname` and :any:`ca-file` options are not set
-in :any:`tls` statements in use. RFC 9103 allows optional fallback to
+in :any:`tls` statements in use. :rfc:`9103` allows optional fallback to
 clear-text DNS in the cases when TLS is not available. Still, BIND
 intentionally does not support that in order to protect from
 unexpected data leaks due to misconfiguration. Both BIND and its

doc/arm/rpz.inc.rst

@@ -257,7 +257,7 @@ rely on these name servers.  Here is an example that achieves this result:
 The ``*`` at the beginning of these CNAME target names is special, and it
 causes the original query name to be prepended to the CNAME target. So if a
 user tries to visit the Conficker command and control domain
-http://racaldftn.com.ai/ (which was a valid Conficker command and control
+`racaldftn.com.ai` (which was a valid Conficker command and control
 domain name on 19-October-2011), the RPZ-configured recursive name server
 will send back this answer:
 

doc/design/qp-trie.md

@@ -202,7 +202,7 @@ the packed vector is the popcount of the bits preceding `b`.
     }
 
 See "Hacker's Delight" by Hank Warren, section 5-1 "Counting 1
-bits", subsection "applications". http://www.hackersdelight.org
+bits", subsection "applications". https://www.hackersdelight.org
 
 See under _"bitmap popcount shenanigans"_ in `lib/dns/qp.c` for how
 this is implemented in BIND.
@@ -214,8 +214,8 @@ popcount for trie nodes
 Phil Bagwell's hashed array-mapped tries (HAMT) use popcount for
 compact trie nodes. In a HAMT, string keys are hashed, and the hash is
 used as the index to the trie, with radix 2^32 or 2^64.
-http://infoscience.epfl.ch/record/64394/files/triesearches.pdf
-http://infoscience.epfl.ch/record/64398/files/idealhashtrees.pdf
+https://infoscience.epfl.ch/record/64394/files/triesearches.pdf
+https://infoscience.epfl.ch/record/64398/files/idealhashtrees.pdf
 
 As discussed above, increasing the radix makes the tree shallower, so
 it should be faster. The downside is usually much greater memory

doc/dev/dev.md

@@ -1231,7 +1231,7 @@ implement a method.
 
 Type values range from 0 to 65536.   These have been further divided into
 reserved values,  values that have global definition and values that have
-local definition as defined in [RFC 6895](http://tools.ietf.org/html/rfc6895).
+local definition as defined in [RFC 6895](https://tools.ietf.org/html/rfc6895).
 Please use an appropriate value.  You can use a private value
 (65280 - 65534) while waiting for a type assignment to be made, then
 rename the file and update the type values when the assignment has been

doc/dev/libuv.md

@@ -18,7 +18,7 @@ This document describes various notes related to the using of the libuv library.
 ### Queueing Events onto the ``uv_loop_t``
 
 The upstream documentation on [the I/O
-loop](http://docs.libuv.org/en/v1.x/design.html#the-i-o-loop) describes the
+loop](https://docs.libuv.org/en/v1.x/design.html#the-i-o-loop) describes the
 order in which are the various handles processed.  However, it does not describe
 the order in which the loop processes the events in the same buckets, and
 because it is counterintuitive, it is described here.

doc/man/conf.py

@@ -16,7 +16,7 @@
 #
 # This file only contains a selection of the most common options. For a full
 # list see the documentation:
-# http://www.sphinx-doc.org/en/master/config
+# https://www.sphinx-doc.org/en/master/config
 
 # -- Path setup --------------------------------------------------------------