doc: fix generated manual pages (#3571)

Went over all generated manual pages and fixed some markdown issues,
mostly escaping "_" to avoid underlining entire paragraphs.

Some textual fixes in route53 and other cloud DNS plugins.

Regenerated the markdown with mmark.

Signed-off-by: Miek Gieben <miek@miek.nl>

plugin/clouddns/README.md

@@ -28,22 +28,18 @@ clouddns [ZONE:PROJECT_ID:HOSTED_ZONE_NAME...] {
     domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
     Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
 
-*   **PROJECT_ID** the project ID of the Google Cloud project.
+*   **PROJECT\_ID** the project ID of the Google Cloud project.
 
-*   **HOSTED_ZONE_NAME** the name of the hosted zone that contains the resource record sets to be
+*   **HOSTED\_ZONE\_NAME** the name of the hosted zone that contains the resource record sets to be
     accessed.
 
-*   `credentials` is used for reading the credential file.
-
-*   **FILENAME** GCP credentials file path (normally a .json file).
+*   `credentials` is used for reading the credential file from **FILENAME** (normally a .json file).
 
 *   `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
     If **[ZONES...]** is omitted, then fallthrough happens for all zones for which the plugin is
     authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then
     only queries for those zones will be subject to fallthrough.
 
-*   **ZONES** zones it should be authoritative for. If empty, the zones from the configuration block
-
 ## Examples
 
 Enable clouddns with implicit GCP credentials and resolve CNAMEs via 10.0.0.1:

plugin/health/README.md

@@ -7,7 +7,7 @@
 ## Description
 
 Enabled process wide health endpoint. When CoreDNS is up and running this returns a 200 OK HTTP
-status code. The health is exported, by default, on port 8080/health .
+status code. The health is exported, by default, on port 8080/health.
 
 ## Syntax
 

plugin/kubernetes/README.md

@@ -244,4 +244,4 @@ If monitoring is enabled (via the *prometheus* plugin) then the following metric
 
 ## Bugs
 
-The duration metric only supports the "headless_with_selector" service currently.
+The duration metric only supports the "headless\_with\_selector" service currently.

plugin/rewrite/README.md

@@ -114,13 +114,6 @@ rather from `service.us-west-1.consul`.
 ```
 $ dig @10.1.1.1 ftp-us-west-1.coredns.rocks
 
-; <<>> DiG 9.8.3-P1 <<>> @10.1.1.1 ftp-us-west-1.coredns.rocks
-; (1 server found)
-;; global options: +cmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8619
-;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
-
 ;; QUESTION SECTION:
 ;ftp-us-west-1.coredns.rocks. IN A
 
@@ -147,13 +140,6 @@ Now, the `ANSWER SECTION` matches the `QUESTION SECTION`:
 ```
 $ dig @10.1.1.1 ftp-us-west-1.coredns.rocks
 
-; <<>> DiG 9.8.3-P1 <<>> @10.1.1.1 ftp-us-west-1.coredns.rocks
-; (1 server found)
-;; global options: +cmd
-;; Got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8619
-;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
-
 ;; QUESTION SECTION:
 ;ftp-us-west-1.coredns.rocks. IN A
 

plugin/route53/README.md

@@ -26,29 +26,23 @@ route53 [ZONE:HOSTED_ZONE_ID...] {
     domains (private vs. public hosted zone), CoreDNS does the lookup in the given order here.
     Therefore, for a non-existing resource record, SOA response will be from the rightmost zone.
 
-*   **HOSTED_ZONE_ID** the ID of the hosted zone that contains the resource record sets to be
+*   **HOSTED\_ZONE\_ID** the ID of the hosted zone that contains the resource record sets to be
     accessed.
 
-*   **AWS_ACCESS_KEY_ID** and **AWS_SECRET_ACCESS_KEY** the AWS access key ID and secret access key
+*   **AWS\_ACCESS\_KEY\_ID** and **AWS\_SECRET\_ACCESS\_KEY** the AWS access key ID and secret access key
     to be used when query AWS (optional). If they are not provided, then coredns tries to access
     AWS credentials the same way as AWS CLI, e.g., environmental variables, AWS credentials file,
     instance profile credentials, etc.
 
-*   `credentials` is used for reading the credential file and setting the profile name for a given
-    zone.
-
-*   **PROFILE** AWS account profile name. Defaults to `default`.
-
-*   **FILENAME** AWS credentials filename. Defaults to `~/.aws/credentials` are used.
+*   `credentials` is used for reading the credential **FILENAME** and setting the **PROFILE** name for a given
+    zone. **PROFILE** is the AWS account profile name. Defaults to `default`. **FILENAME** is the
+    AWS credentials filename, defaults to `~/.aws/credentials`.
 
 *   `fallthrough` If zone matches and no record can be generated, pass request to the next plugin.
     If **ZONES** is omitted, then fallthrough happens for all zones for which the plugin is
     authoritative. If specific zones are listed (for example `in-addr.arpa` and `ip6.arpa`), then
     only queries for those zones will be subject to fallthrough.
 
-*   **ZONES** zones it should be authoritative for. If empty, the zones from the configuration
-    block.
-
 *   `refresh` can be used to control how long between record retrievals from Route 53. It requires
     a duration string as a parameter to specify the duration between update cycles. Each update
     cycle may result in many AWS API calls depending on how many domains use this plugin and how

plugin/secondary/README.md

@@ -8,7 +8,7 @@
 
 With *secondary* you can transfer (via AXFR) a zone from another server. The retrieved zone is
 *not committed* to disk (a violation of the RFC). This means restarting CoreDNS will cause it to
- retrieve all secondary zones.
+retrieve all secondary zones.
 
 ~~~
 secondary [ZONES...]

plugin/sign/README.md

@@ -11,13 +11,13 @@ added. The signatures that sign the resource records sets have an expiration dat
 signing process must be repeated before this expiration data is reached. Otherwise the zone's data
 will go BAD (RFC 4035, Section 5.5). The *sign* plugin takes care of this.
 
-Only NSEC is supported, *sign* does not support NSEC3.
+Only NSEC is supported, *sign* does *not* support NSEC3.
 
 *Sign* works in conjunction with the *file* and *auto* plugins; this plugin **signs** the zones
 files, *auto* and *file* **serve** the zones *data*.
 
 For this plugin to work at least one Common Signing Key, (see coredns-keygen(1)) is needed. This key
-(or keys) will be used to sign the entire zone. *Sign* does not support the ZSK/KSK split, nor will
+(or keys) will be used to sign the entire zone. *Sign* does *not* support the ZSK/KSK split, nor will
 it do key or algorithm rollovers - it just signs.
 
 *Sign* will:

plugin/tls/README.md

@@ -30,9 +30,10 @@ tls CERT KEY [CA] {
 }
 ~~~
 
-If client_auth option is specified, it controls the client authentication policy.
+If client\_auth option is specified, it controls the client authentication policy.
 The option value corresponds to the [ClientAuthType values of the Go tls package](https://golang.org/pkg/crypto/tls/#ClientAuthType): NoClientCert, RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, and RequireAndVerifyClientCert, respectively.
-The default is "nocert".  Note that it makes no sense to specify parameter CA unless this option is set to verify_if_given or require_and_verify.
+The default is "nocert".  Note that it makes no sense to specify parameter CA unless this option is
+set to verify\_if\_given or require\_and\_verify.
 
 ## Examples