DNSSEC implementation is still considered experimental. For detailed
information about the state of the DNSSEC implementation, see the file
doc/misc/dnssec.
-
may be useful when debugging
-DISC_HEAP_CHECK Test heap consistency after every heap
operation; used when debugging
-
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
ddns-confgen \- ddns key generation tool
.SH "SYNOPSIS"
.HP \w'\fBtsig\-keygen\fR\ 'u
-\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [name]
+\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [name]
.HP \w'\fBddns\-confgen\fR\ 'u
\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-q\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR]
.SH "DESCRIPTION"
\fBtsig\-keygen\fR\&.
.RE
.PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
\-s \fIname\fR
.RS 4
(\fBddns\-confgen\fR
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
<code class="command">tsig-keygen</code>
[<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
[<code class="option">-h</code>]
- [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[name]
</p></div>
<div class="cmdsynopsis"><p>
This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of random data for generating the
- authorization. If the operating system does not provide a
- <code class="filename">/dev/random</code> or equivalent device, the
- default source of randomness is keyboard input.
- <code class="filename">randomdev</code> specifies the name of a
- character device or file containing random data to be used
- instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard input
- should be used.
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
<dd>
<p>
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
rndc-confgen \- rndc key generation tool
.SH "SYNOPSIS"
.HP \w'\fBrndc\-confgen\fR\ 'u
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
.SH "DESCRIPTION"
.PP
\fBrndc\-confgen\fR
\fBrndc\fR\&. The default is 953\&.
.RE
.PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
\-s \fIaddress\fR
.RS 4
Specifies the IP address where
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
[<code class="option">-h</code>]
[<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
[<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
The default is 953.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of random data for generating the
- authorization. If the operating
- system does not provide a <code class="filename">/dev/random</code>
- or equivalent device, the default source of randomness
- is keyboard input. <code class="filename">randomdev</code>
- specifies
- the name of a character device or file containing random
- data to be used instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard
- input should be used.
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd>
<p>
-.\" Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
.PP
\-i
.RS 4
-Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
+Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
.RE
.PP
\-k \fIkeyfile\fR
.PP
\-t \fItype\fR
.RS 4
-The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
\fItype\fR
to
ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
\fIN\fR\&.
+.sp
+All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
.RE
.PP
\-u
option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
.RE
.PP
+\fB+[no]idnin\fR
+.RS 4
+Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to process IDN input\&.
+.RE
+.PP
\fB+[no]idnout\fR
.RS 4
Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
.RS 4
When this option is set,
\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. Addresses of servers that that did not respond are also printed\&.
.RE
.PP
\fB+[no]onesoa\fR
Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
.RE
.PP
+\fB+[no]raflag\fR
+.RS 4
+Set [do not set] the RA (Recursion Available) bit in the query\&. The default is +noraflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
\fB+[no]rdflag\fR
.RS 4
A synonym for
be used when resolving this query\&.
.RE
.PP
+\fB+[no]tcflag\fR
+.RS 4
+Set [do not set] the TC (TrunCation) bit in the query\&. The default is +notcflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
\fB+[no]tcp\fR
.RS 4
Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
\fBdig\fR
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBdig\fR
-runs\&.
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
+\fI+noidnin\fR
+and
+\fI+noidnout\fR\&.
.SH "FILES"
.PP
/etc/resolv\&.conf
\fBhost\fR(1),
\fBnamed\fR(8),
\fBdnssec-keygen\fR(8),
-RFC1035\&.
+RFC 1035\&.
.SH "BUGS"
.PP
There are probably too many query options\&.
<dt><span class="term">-i</span></dt>
<dd>
<p>
- Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+ Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
- label queries (RFC2874) are not attempted.
+ label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
- The resource record type to query. It can be any valid query type
- which is
- supported in BIND 9. The default query type is "A", unless the
- <code class="option">-x</code> option is supplied to indicate a reverse lookup.
- A zone transfer can be requested by specifying a type of AXFR. When
+ The resource record type to query. It can be any valid query
+ type. If it is a resource record type supported in BIND 9, it
+ can be given by the type mnemonic (such as "NS" or "AAAA").
+ The default query type is "A", unless the <code class="option">-x</code>
+ option is supplied to indicate a reverse lookup. A zone
+ transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required, set the
<em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
The incremental zone transfer will contain the changes
record was
<em class="parameter"><code>N</code></em>.
</p>
+ <p>
+ All resource record types can be expressed as "TYPEnn", where
+ "nn" is the number of the type. If the resource record type is
+ not supported in BIND 9, the result will be displayed as
+ described in RFC 3597.
+ </p>
</dd>
<dt><span class="term">-u</span></dt>
<dd>
server that provided the answer.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+ <p>
+ Process [do not process] IDN domain names on input.
+ This requires IDN SUPPORT to have been enabled at
+ compile time. The default is to process IDN input.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
<dd>
<p>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
- the zone.
+ the zone. Addresses of servers that that did not
+ respond are also printed.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
the question section as a comment.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
+<dd>
+ <p>
+ Set [do not set] the RA (Recursion Available) bit in
+ the query. The default is +noraflag. This bit should
+ be ignored by the server for QUERY.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
<dd>
<p>
<dd>
<p>
This feature is now obsolete and has been removed;
- use <span class="command"><strong>delv</strong></span> instead.
+ use <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
this query.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
+<dd>
+ <p>
+ Set [do not set] the TC (TrunCation) bit in the query.
+ The default is +notcflag. This bit should be ignored
+ by the server for QUERY.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd>
<p>
<dd>
<p>
This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
- which is obsolete and has been removed. Use
- <span class="command"><strong>delv</strong></span> instead.
+ which is obsolete and has been removed. Use
+ <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
<p>
Formerly specified trusted keys for use with
- <span class="command"><strong>dig +sigchase</strong></span>. This feature is now
- obsolete and has been removed; use
- <span class="command"><strong>delv</strong></span> instead.
+ <span class="command"><strong>dig +sigchase</strong></span>. This feature is now
+ obsolete and has been removed; use
+ <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
- If you'd like to turn off the IDN support for some reason, defines
- the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span class="command"><strong>dig</strong></span> runs.
+ If you'd like to turn off the IDN support for some reason, use
+ parameters <em class="parameter"><code>+noidnin</code></em> and
+ <em class="parameter"><code>+noidnout</code></em>.
</p>
</div>
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
- <em class="citetitle">RFC1035</em>.
+ <em class="citetitle">RFC 1035</em>.
</p>
</div>
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
dnssec-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-keygen\fR\ 'u
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
indicating the progress of the key generation\&. A \*(Aq\&.\*(Aq indicates that a random number has been found which passed an initial sieve test; \*(Aq+\*(Aq means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key\&.
.RE
.PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies a source of randomness\&. Normally, when generating DNSSEC keys, this option has no effect; the random number generation function provided by the cryptographic library will be used\&.
-.sp
-If that behavior is disabled at compile time, however, the specified file will be used as entropy source for key generation\&.
-randomdev
-is the name of a character device or file containing random data to be used\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.sp
-The default is
-/dev/random
-if the operating system provides it or an equivalent device; if not, the default source of randomness is keyboard input\&.
-.RE
-.PP
\-S \fIkey\fR
.RS 4
Create a new key which is an explicit successor to an existing key\&. The name, algorithm, size, and type of the key will be set to match the existing key\&. The activation date of the new key will be set to the inactivation date of the existing one\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
[<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
[<code class="option">-q</code>]
[<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>strength</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
a satisfactory key.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of randomness. Normally, when generating
- DNSSEC keys, this option has no effect; the random number
- generation function provided by the cryptographic library will
- be used.
- </p>
- <p>
- If that behavior is disabled at compile time, however,
- the specified file will be used as entropy source
- for key generation. <code class="filename">randomdev</code> is
- the name of a character device or file containing random
- data to be used. The special value <code class="filename">keyboard</code>
- indicates that keyboard input should be used.
- </p>
- <p>
- The default is <code class="filename">/dev/random</code> if the
- operating system provides it or an equivalent device;
- if not, the default source of randomness is keyboard input.
- </p>
- </dd>
<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
<dd>
<p>
-.\" Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
dnssec-signzone \- DNSSEC zone signing tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-signzone\fR\ 'u
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-M\ \fR\fB\fImaxttl\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-Q\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-M\ \fR\fB\fImaxttl\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-Q\fR] [\fB\-R\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-signzone\fR
\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher; the default is 1\&.
.RE
.PP
-\-p
-.RS 4
-Use pseudo\-random data when signing the zone\&. This is faster, but less secure, than using real random data\&. This option may be useful when signing large zones or when the entropy source is limited\&.
-.RE
-.PP
\-P
.RS 4
Disable post sign verification tests\&.
to signatures from keys that are no longer published\&. This enables ZSK rollover using the procedure described in RFC 4641, section 4\&.2\&.1\&.2 ("Double Signature Zone Signing Key Rollover")\&.
.RE
.PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies the source of randomness\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
\-S
.RS 4
Smart signing: Instructs
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
[<code class="option">-o <em class="replaceable"><code>origin</code></em></code>]
[<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>]
[<code class="option">-P</code>]
- [<code class="option">-p</code>]
[<code class="option">-Q</code>]
[<code class="option">-R</code>]
- [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S</code>]
[<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>]
[<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>]
("Double Signature Zone Signing Key Rollover").
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies the source of randomness. If the operating
- system does not provide a <code class="filename">/dev/random</code>
- or equivalent device, the default source of randomness
- is keyboard input. <code class="filename">randomdev</code>
- specifies
- the name of a character device or file containing random
- data to be used instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard
- input should be used.
- </p>
- </dd>
<dt><span class="term">-S</span></dt>
<dd>
<p>
-.\" Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
.HP \w'\fBnsupdate\fR\ 'u
-\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\-i\fR] [\fB\-L\ \fR\fB\fIlevel\fR\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [\fB\-T\fR] [\fB\-P\fR] [\fB\-V\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [filename]
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\-i\fR] [\fB\-L\ \fR\fB\fIlevel\fR\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [\fB\-T\fR] [\fB\-P\fR] [\fB\-V\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [filename]
.SH "DESCRIPTION"
.PP
\fBnsupdate\fR
The number of UDP retries\&. The default is 3\&. If zero, only one update request will be made\&.
.RE
.PP
-\-R \fIrandomdev\fR
-.RS 4
-Where to obtain randomness\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&. This option may be specified multiple times\&.
-.RE
-.PP
\-t \fItimeout\fR
.RS 4
The maximum time an update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
[<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>]
- [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-v</code>]
[<code class="option">-T</code>]
[<code class="option">-P</code>]
one update request will be made.
</p>
</dd>
-<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Where to obtain randomness. If the operating system
- does not provide a <code class="filename">/dev/random</code> or
- equivalent device, the default source of randomness is keyboard
- input. <code class="filename">randomdev</code> specifies the name of
- a character device or file containing random data to be used
- instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard input
- should be used. This option may be specified multiple times.
- </p>
- </dd>
<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
<dd>
<p>
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
dnssec-keymgr \- Ensures correct DNSKEY coverage for a zone based on a defined policy
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-keymgr\fR\ 'u
-\fBdnssec\-keymgr\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-f\fR] [\fB\-k\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-z\fR] [\fB\-g\ \fR\fB\fIpath\fR\fR] [\fB\-r\ \fR\fB\fIpath\fR\fR] [\fB\-s\ \fR\fB\fIpath\fR\fR] [zone...]
+\fBdnssec\-keymgr\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-f\fR] [\fB\-k\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-z\fR] [\fB\-g\ \fR\fB\fIpath\fR\fR] [\fB\-s\ \fR\fB\fIpath\fR\fR] [zone...]
.SH "DESCRIPTION"
.PP
\fBdnssec\-keymgr\fR
\fBdnssec\-settime\fR\&.
.RE
.PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies a path to a file containing random data\&. This is passed to the
-\fBdnssec\-keygen\fR
-binary using its
-\fB\-r\fR
-option\&.
-.RE
-.PP
\-s \fIsettime\-path\fR
.RS 4
Specifies a path to a
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
[<code class="option">-v</code>]
[<code class="option">-z</code>]
[<code class="option">-g <em class="replaceable"><code>path</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>path</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>path</code></em></code>]
[zone...]
</p></div>
and <span class="command"><strong>dnssec-settime</strong></span>.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies a path to a file containing random data.
- This is passed to the <span class="command"><strong>dnssec-keygen</strong></span> binary
- using its <code class="option">-r</code> option.
-
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>settime-path</code></em></span></dt>
<dd>
<p>
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
Internet Systems Consortium
.SH "COPYRIGHT"
.br
-Copyright \(co 2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
docdir
oldincludedir
includedir
-runstatedir
localstatedir
sharedstatedir
sysconfdir
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
+ libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
reopen a closed output stream. The minimum is 1 second,
the maximum is 600 seconds (10 minutes), and the default
is 5 seconds.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value.
</li>
</ul></div>
effect during the initial configuration load at server
startup time and is ignored on subsequent reloads.
</p>
- <p>
- If BIND is built with
- <span class="command"><strong>configure --disable-crypto-rand</strong></span>, then
- entropy is <span class="emphasis"><em>not</em></span> sourced from the
- cryptographic library. In this case, if
- <span class="command"><strong>random-device</strong></span> is not specified, the
- default value is the system random device,
- <code class="filename">/dev/random</code> or the equivalent.
- This default can be overridden with
- <span class="command"><strong>configure --with-randomdev</strong></span>.
- If no system random device exists, then no entropy source
- will be configured, and <span class="command"><strong>named</strong></span> will only
- be able to use pseudo-random numbers.
- </p>
</dd>
<dt><span class="term"><span class="command"><strong>preferred-glue</strong></span></span></dt>
<dd>
Not implemented in BIND 9.
</p>
</dd>
+<dt><span class="term"><span class="command"><strong>root-key-sentinel</strong></span></span></dt>
+<dd>
+ <p>
+ Respond to root key sentinel probes as described in
+ draft-ietf-dnsop-kskroll-sentinel-08. The default is
+ <strong class="userinput"><code>yes</code></strong>.
+ </p>
+ </dd>
<dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
<dd>
<p>
begin listening for queries on any newly discovered
interfaces (provided they are allowed by the
<span class="command"><strong>listen-on</strong></span> configuration), and
- will
- stop listening on interfaces that have gone away.
+ will stop listening on interfaces that have gone away.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>statistics-interval</strong></span></span></dt>
To reduce network traffic and increase performance,
the server stores negative answers. <span class="command"><strong>max-ncache-ttl</strong></span> is
used to set a maximum retention time for these answers in
- the server
- in seconds. The default
+ the server in seconds.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value. The default
<span class="command"><strong>max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
<span class="command"><strong>max-ncache-ttl</strong></span> cannot exceed
7 days and will
<p>
Sets the maximum time for which the server will
cache ordinary (positive) answers in seconds.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value.
The default is 604800 (one week).
A value of zero may cause all queries to return
SERVFAIL, because of lost caches of intermediate
set to one hour before the current time to allow
for a limited amount of clock skew.
</p>
+ <p>
+ The <span class="command"><strong>sig-validity-interval</strong></span> can be
+ overridden for DNSKEY records by setting
+ <span class="command"><strong>dnskey-sig-validity</strong></span>.
+ </p>
<p>
The <span class="command"><strong>sig-validity-interval</strong></span>
should be, at least, several multiples of the SOA
between the various timer and expiry dates.
</p>
</dd>
+<dt><span class="term"><span class="command"><strong>dnskey-sig-validity</strong></span></span></dt>
+<dd>
+ <p>
+ Specifies the number of days into the future when
+ DNSSEC signatures that are automatically generated
+ for DNSKEY RRsets as a result of dynamic updates
+ (<a class="xref" href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called “Dynamic Update”</a>) will expire.
+ If set to a non-zero value, this overrides the
+ value set by <span class="command"><strong>sig-validity-interval</strong></span>.
+ The default is zero, meaning
+ <span class="command"><strong>sig-validity-interval</strong></span> is used.
+ The maximum value is 3660 days (10 years), and
+ higher values will be rejected.
+ </p>
+ </dd>
<dt><span class="term"><span class="command"><strong>sig-signing-nodes</strong></span></span></dt>
<dd>
<p>
multiple policy zones. To maximize performance, a radix
tree is used to quickly identify response policy zones
containing triggers that match the current query. This
- imposes an upper limit of 32 on the number of policy zones
+ imposes an upper limit of 64 on the number of policy zones
in a single <span class="command"><strong>response-policy</strong></span> option; more
than that is a configuration error.
</p>
to a maximum value.
The <span class="command"><strong>max-policy-ttl</strong></span> clause changes the
maximum seconds from its default of 5.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value.
</p>
<p>
If an update to a RPZ zone (for example, via IXFR) happens less
than <code class="option">min-update-interval</code> seconds after the most
recent update, then the changes will not be carried out until this
- interval has elapsed. The default is <code class="literal">5</code> seconds.
+ interval has elapsed. The default is <code class="literal">60</code> seconds.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the value.
</p>
</div>
<span class="command"><strong>update-policy</strong></span> option, respectively.
</p>
<p>
- The <span class="command"><strong>allow-update</strong></span> clause works the
- same way as in previous versions of <acronym class="acronym">BIND</acronym>.
- It grants given clients the permission to update any
- record of any name in the zone.
+ The <span class="command"><strong>allow-update</strong></span> clause is a simple
+ access control list. Any client that matches
+ the ACL is granted permission to update any record
+ in the zone.
</p>
<p>
The <span class="command"><strong>update-policy</strong></span> clause
allows more fine-grained control over what updates are
- allowed. A set of rules is specified, where each rule
- either grants or denies permissions for one or more
- names to be updated by one or more identities. If
- the dynamic update request message is signed (that is,
- it includes either a TSIG or SIG(0) record), the
- identity of the signer can be determined.
+ allowed. It specifies a set of rules, in which each rule
+ either grants or denies permission for one or more
+ names in the zone to be updated by one or more
+ identities. Identity is determined by the key that
+ signed the update request using either TSIG or SIG(0).
+ In most cases, <span class="command"><strong>update-policy</strong></span> rules
+ only apply to key-based identities. There is no way
+ to specify update permissions based on client source
+ address.
</p>
<p>
- Rules are specified in the <span class="command"><strong>update-policy</strong></span>
- zone option, and are only meaningful for master zones.
- When the <span class="command"><strong>update-policy</strong></span> statement
- is present, it is a configuration error for the
- <span class="command"><strong>allow-update</strong></span> statement to be
- present. The <span class="command"><strong>update-policy</strong></span> statement
- (except when set to <code class="literal">local</code>) only
- examines the signer of a message; the source
- address is not relevant.
+ <span class="command"><strong>update-policy</strong></span> rules are only meaningful
+ for zones of type <span class="command"><strong>master</strong></span>, and are
+ not allowed in any other zone type.
+ It is a configuration error to specify both
+ <span class="command"><strong>allow-update</strong></span> and
+ <span class="command"><strong>update-policy</strong></span> at the same time.
</p>
<p>
A pre-defined <span class="command"><strong>update-policy</strong></span> rule can be
switched on with the command
<span class="command"><strong>update-policy local;</strong></span>.
- Switching on this rule in a zone causes
- <span class="command"><strong>named</strong></span> to generate a TSIG session key and
- place it in a file. That key will then be allowed to update
- the zone, if the update request is sent from localhost.
+ Using this in a zone causes
+ <span class="command"><strong>named</strong></span> to generate a TSIG session key
+ when starting up and store it in a file; this key can then
+ be used by local clients to update the zone while
+ <span class="command"><strong>named</strong></span> is running.
By default, the session key is stored in the file
- <code class="filename">/var/run/named/session.key</code>; the key name
- is "local-ddns" and the key algorithm is HMAC-SHA256.
+ <code class="filename">/var/run/named/session.key</code>, the key name
+ is "local-ddns", and the key algorithm is HMAC-SHA256.
These values are configurable with the
<span class="command"><strong>session-keyfile</strong></span>,
<span class="command"><strong>session-keyname</strong></span> and
- <span class="command"><strong>session-keyalg</strong></span> options, respectively).
- </p>
- <p>
- A client on the local system, if it is run with appropriate
+ <span class="command"><strong>session-keyalg</strong></span> options, respectively.
+ A client running on the local system, if run with appropriate
permissions, may read the session key from the key file and
- use the key to sign update requests. The zone's update
+ use it to sign update requests. The zone's update
policy will be set to allow that key to change any record
within the zone. Assuming the key name is "local-ddns",
- this policy is:
+ this policy is equivalent to:
</p>
<pre class="programlisting">update-policy { grant local-ddns zonesub any; };
</pre>
<p>
- ...with an additional restriction that only clients
+ ...with the additional restriction that only clients
connecting from the local system will be permitted to send
updates.
</p>
<p>
- Note that only one session key is generated; all zones
- configured to use <span class="command"><strong>update-policy local</strong></span>
- will accept the same key.
+ Note that only one session key is generated by
+ <span class="command"><strong>named</strong></span>; all zones configured to use
+ <span class="command"><strong>update-policy local</strong></span> will accept the same key.
</p>
<p>
The command <span class="command"><strong>nsupdate -l</strong></span> implements this
</p>
<pre class="programlisting">
-( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
+( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>ruletype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
</pre>
<p>
- Each rule grants or denies privileges. Once a message has
- successfully matched a rule, the operation is immediately
- granted or denied and no further rules are examined. A rule
- is matched when the signer matches the identity field, the
- name matches the name field in accordance with the nametype
- field, and the type matches the types specified in the type
- field.
+ Each rule grants or denies privileges. Rules are checked
+ in the order in which they are specified in the
+ <span class="command"><strong>update-policy</strong></span> statement. Once a message
+ has successfully matched a rule, the operation is immediately
+ granted or denied, and no further rules are examined. There
+ are 13 types of rules; the rule type is specified by the
+ <span class="command"><strong>ruletype</strong></span> field, and the interpretation
+ of other fields varies depending on the rule type.
</p>
<p>
- No signer is required for <em class="replaceable"><code>tcp-self</code></em>
- or <em class="replaceable"><code>6to4-self</code></em> however the standard
- reverse mapping / prefix conversion must match the identity
- field.
+ In general, a rule is matched when the
+ key that signed an update request matches the
+ <span class="command"><strong>identity</strong></span> field, the name of the record
+ to be updated matches the <span class="command"><strong>name</strong></span> field
+ (in the manner specified by the <span class="command"><strong>ruletype</strong></span>
+ field), and the type of the record to be updated matches the
+ <span class="command"><strong>types</strong></span> field. Details for each rule type
+ are described below.
</p>
<p>
- The identity field specifies a name or a wildcard
- name. Normally, this is the name of the TSIG or
- SIG(0) key used to sign the update request. When a
- TKEY exchange has been used to create a shared secret,
- the identity of the shared secret is the same as the
- identity of the key used to authenticate the TKEY
- exchange. TKEY is also the negotiation method used
- by GSS-TSIG, which establishes an identity that is
- the Kerberos principal of the client, such as
- <strong class="userinput"><code>"user@host.domain"</code></strong>. When the
- <em class="replaceable"><code>identity</code></em> field specifies
- a wildcard name, it is subject to DNS wildcard
- expansion, so the rule will apply to multiple identities.
- The <em class="replaceable"><code>identity</code></em> field must
- contain a fully-qualified domain name.
+ The <span class="command"><strong>identity</strong></span> field must be set to
+ a fully-qualified domain name. In most cases, this
+ represensts the name of the TSIG or SIG(0) key that must be
+ used to sign the update request. If the specified name is a
+ wildcard, it is subject to DNS wildcard expansion, and the
+ rule may apply to multiple identities. When a TKEY exchange
+ has been used to create a shared secret, the identity of
+ the key used to authenticate the TKEY exchange will be
+ used as the identity of the shared secret. Some rule types
+ use indentities matching the client's Kerberos principal
+ (e.g, <strong class="userinput"><code>"host/machine@REALM"</code></strong>) or
+ Windows realm (<strong class="userinput"><code>machine$@REALM</code></strong>).
</p>
<p>
- For nametypes <code class="varname">krb5-self</code>,
- <code class="varname">ms-self</code>, <code class="varname">krb5-subdomain</code>,
- and <code class="varname">ms-subdomain</code> the
- <em class="replaceable"><code>identity</code></em> field specifies
- the Windows or Kerberos realm of the machine belongs to.
+ The <em class="replaceable"><code>name</code></em> field also specifies
+ a fully-qualified domain name. This often
+ represents the name of the record to be updated.
+ Interpretation of this field is dependent on rule type.
</p>
<p>
- The <em class="replaceable"><code>nametype</code></em> field has 13
+ If no <span class="command"><strong>types</strong></span> are explicitly specified,
+ then a rule matches all types except RRSIG, NS, SOA, NSEC
+ and NSEC3. Types may be specified by name, including
+ "ANY" (ANY matches all types except NSEC and NSEC3,
+ which can never be updated). Note that when an attempt
+ is made to delete all records associated with a name,
+ the rules are checked for each existing record type.
+ </p>
+ <p>
+ The <em class="replaceable"><code>ruletype</code></em> field has 13
values:
<code class="varname">name</code>, <code class="varname">subdomain</code>,
<code class="varname">wildcard</code>, <code class="varname">self</code>,
</td>
<td>
<p>
- This rule matches when the name being updated
- matches the contents of the
+ This rule matches when the name of the record
+ being updated matches the contents of the
<em class="replaceable"><code>identity</code></em> field.
The <em class="replaceable"><code>name</code></em> field
- is ignored, but should be the same as the
- <em class="replaceable"><code>identity</code></em> field or
+ is ignored. To avoid confusion, it is recommended
+ that this field be set to the same value as the
+ <em class="replaceable"><code>identity</code></em> field or to
"."
- The <code class="varname">self</code> nametype is
- most useful when allowing using one key per
+ </p>
+ <p>
+ The <code class="varname">self</code> rule type is
+ most useful when allowing one key per
name to update, where the key has the same
- name as the name to be updated. The
- <em class="replaceable"><code>identity</code></em> would
- be specified as <code class="constant">*</code> (an asterisk) in
- this case.
+ name as the record to be updated. In this case,
+ the <em class="replaceable"><code>identity</code></em> field
+ can be specified as <code class="constant">*</code>
+ (an asterisk).
</p>
</td>
</tr>
</td>
<td>
<p>
- Allow updates that have been sent via TCP and
- for which the standard mapping from the initiating
- IP address into the IN-ADDR.ARPA and IP6.ARPA
- namespaces match the name to be updated. The
- name field should be set to "."
+ This rule allows updates that have been sent via
+ TCP and for which the standard mapping from the
+ client's IP address into the
+ <code class="literal">in-addr.arpa</code> and
+ <code class="literal">ip6.arpa</code>
+ namespaces match the name to be updated.
+ The <span class="command"><strong>identity</strong></span> field must match
+ that name. The <span class="command"><strong>name</strong></span> field
+ should be set to ".".
+ Note that, since identity is based on the client's
+ IP address, it is not necessary for update request
+ messages to be signed.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
</td>
<td>
<p>
- Allow the 6to4 prefix to be update by any TCP
- connection from the 6to4 network or from the
- corresponding IPv4 address. This is intended
- to allow NS or DNAME RRsets to be added to the
- reverse tree.
+ This allows the name matching a 6to4 IPv6 prefix,
+ as specified in RFC 3056, to be updated by any
+ TCP connection from either the 6to4 network or
+ from the corresponding IPv4 address. This is
+ intended to allow NS or DNAME RRsets to be added
+ to the <code class="literal">ip6.arpa</code> reverse tree.
+ </p>
+ <p>
+ The <span class="command"><strong>identity</strong></span> field must match
+ the 6to4 prefix in <code class="literal">ip6.arpa</code>.
+ The <span class="command"><strong>name</strong></span> field should
+ be set to ".".
+ Note that, since identity is based on the client's
+ IP address, it is not necessary for update request
+ messages to be signed.
+ </p>
+ <p>
+ In addition, if specified for an
+ <code class="literal">ip6.arpa</code> name outside of the
+ <code class="literal">2.0.0.2.ip6.arpa</code> namespace,
+ the corresponding /48 reverse name can be updated.
+ For example, TCP/IPv6 connections
+ from 2001:DB8:ED0C::/48 can update records at
+ <code class="literal">C.0.D.E.8.B.D.0.1.0.0.2.ip6.arpa</code>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
</tbody>
</table>
</div>
-
- <p>
- In all cases, the <em class="replaceable"><code>name</code></em>
- field must specify a fully-qualified domain name.
- </p>
-
- <p>
- If no types are explicitly specified, this rule matches
- all types except RRSIG, NS, SOA, NSEC and NSEC3. Types
- may be specified by name, including "ANY" (ANY matches
- all types except NSEC and NSEC3, which can never be
- updated). Note that when an attempt is made to delete
- all records associated with a name, the rules are
- checked for each existing record type.
- </p>
</div>
<div class="section">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0-dev</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.0-dev</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.0</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- BIND 9.13 is unstable development release of BIND.
+ BIND 9.13 is an unstable development release of BIND.
This document summarizes new features and functional changes that
- have been introduced on this branch. With each development
- release leading up to the stable BIND 9.14 release, this document
- will be updated with additional features added and bugs fixed.
+ have been introduced on this branch. With each development release
+ leading up to the stable BIND 9.14 release, this document will be
+ updated with additional features added and bugs fixed.
+ </p>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
+ <p>
+ Prior to BIND 9.13, new feature development releases were tagged
+ as "alpha" and "beta", leading up to the first stable release
+ for a given development branch, which always ended in ".0".
+ </p>
+ <p>
+ Now, however, BIND has adopted the "odd-unstable/even-stable"
+ release numbering convention. There will be no "alpha" or "beta"
+ releases in the 9.13 branch, only increasing version numbers.
+ So, for example, what would previously have been called 9.13.0a1,
+ 9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
+ 9.13.1, 9.13.2, etc.
+ </p>
+ <p>
+ The first stable release from this development branch will be
+ renamed as 9.14.0. Thereafter, maintenance releases will continue
+ on the 9.14 branch, while unstable feature development proceeds in
+ 9.15.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ None.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- Addresses could be referenced after being freed during resolver
- processing, causing an assertion failure. The chances of this
- happening were remote, but the introduction of a delay in
- resolution increased them. This bug is disclosed in
- CVE-2017-3145. [RT #46839]
+ BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
+ library to add IDNA2008 support. Previously, BIND supported
+ IDNA2003 using the (now obsolete and unsupported)
+ <span class="command"><strong>idnkit-1</strong></span> library.
</p>
</li>
<li class="listitem">
<p>
- update-policy rules that otherwise ignore the name field now
- require that it be set to "." to ensure that any type list
- present is properly interpreted. If the name field was omitted
- from the rule declaration and a type list was present it wouldn't
- be interpreted as expected.
+ <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+ mechanism. This enables validating resolvers to indicate to
+ which trust anchors are configured for the root, so that
+ information about root key rollover status can be gathered.
+ To disable this feature, add
+ <span class="command"><strong>root-key-sentinel no;</strong></span> to
+ <code class="filename">named.conf</code>.
</p>
</li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+<li class="listitem">
<p>
- None.
+ The <span class="command"><strong>dnskey-sig-validity</strong></span> option allows the
+ <span class="command"><strong>sig-validity-interval</strong></span> to be overriden for
+ signatures covering DNSKEY RRsets. [GL #145]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
- </li></ul></div>
+ </li>
+<li class="listitem">
+ <p>
+ Support for OpenSSL 0.9.x has been removed. OpenSSL version
+ 1.0.0 or greater, or LibreSSL is now required.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>configure --enable-seccomp</strong></span> option,
+ which formerly turned on system-call filtering on Linux, has
+ been removed. [GL #93]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ IPv4 addresses in forms other than dotted-quad are no longer
+ accepted in master files. [GL #13] [GL #56]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ IDNA2003 support via (bundled) idnkit-1.0 has been removed.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The "rbtdb64" database implementation (a parallel
+ implementation of "rbt") has been removed. [GL #217]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>-r randomdev</strong></span> option to explicitly select
+ random device has been removed from the
+ <span class="command"><strong>ddns-confgen</strong></span>,
+ <span class="command"><strong>rndc-confgen</strong></span>,
+ <span class="command"><strong>nsupdate</strong></span>,
+ <span class="command"><strong>dnssec-confgen</strong></span>, and
+ <span class="command"><strong>dnssec-signzone</strong></span> commands.
+ </p>
+ <p>
+ The <span class="command"><strong>-p</strong></span> option to use pseudo-random data
+ has been removed from the <span class="command"><strong>dnssec-signzone</strong></span>
+ command.
+ </p>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ BIND will now always use the best CSPRNG (cryptographically-secure
+ pseudo-random number generator) available on the platform where
+ it is compiled. It will use <span class="command"><strong>arc4random()</strong></span>
+ family of functions on BSD operating systems,
+ <span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
+ <span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
+ cryptography provider library (OpenSSL or PKCS#11) as the last
+ resort. [GL #221]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ BIND can no longer be built without DNSSEC support. A cryptography
+ provder (i.e., OpenSSL or a hardware service module with
+ PKCS#11 support) must be available. [GL #244]
+ </p>
+ </li>
<li class="listitem">
<p>
Zone types <span class="command"><strong>primary</strong></span> and
[RT #43670]
</p>
</li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- When answering authoritative queries, <span class="command"><strong>named</strong></span>
- does not return the target of a cross-zone CNAME between two
- locally served zones; this prevents accidental cache poisoning.
- This same restriction was incorrectly applied to recursive
- queries as well; this has been fixed. [RT #47078]
+ <span class="command"><strong>dig +nssearch</strong></span> will now list name servers
+ that have timed out, in addition to those that respond. [GL #64]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+ processing on the input domain name, when BIND is compiled
+ with IDN support.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Up to 64 <span class="command"><strong>response-policy</strong></span> zones are now
+ supported by default; previously the limit was 32. [GL #123]
</p>
</li>
<li class="listitem">
<p>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
+ Several configuration options for time periods can now use
+ TTL value suffixes (for example, <code class="literal">2h</code> or
+ <code class="literal">1d</code>) in addition to an integer number of
+ seconds. These include
+ <span class="command"><strong>fstrm-set-reopen-interval</strong></span>,
+ <span class="command"><strong>interface-interval</strong></span>,
+ <span class="command"><strong>max-cache-ttl</strong></span>,
+ <span class="command"><strong>max-ncache-ttl</strong></span>,
+ <span class="command"><strong>max-policy-ttl</strong></span>, and
+ <span class="command"><strong>min-update-interval</strong></span>.
+ [GL #203]
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ None.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
BIND is open source software licenced under the terms of the Mozilla
<p>
The end of life date for BIND 9.14 has not yet been determined.
For those needing long term support, the current Extended Support
- Version (ESV) is BIND 9.11, which will be supported until December
- 2021. See
+ Version (ESV) is BIND 9.11, which will be supported until at
+ least December 2021. See
<a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
for details of ISC's software support policy.
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
-
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.13.0-dev</p></div>
+<div><p class="releaseinfo">BIND Version 9.13.0</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0-dev</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
<code class="command">tsig-keygen</code>
[<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
[<code class="option">-h</code>]
- [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[name]
</p></div>
<div class="cmdsynopsis"><p>
This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of random data for generating the
- authorization. If the operating system does not provide a
- <code class="filename">/dev/random</code> or equivalent device, the
- default source of randomness is keyboard input.
- <code class="filename">randomdev</code> specifies the name of a
- character device or file containing random data to be used
- instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard input
- should be used.
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
<dd>
<p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
<dt><span class="term">-i</span></dt>
<dd>
<p>
- Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+ Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
- label queries (RFC2874) are not attempted.
+ label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
- The resource record type to query. It can be any valid query type
- which is
- supported in BIND 9. The default query type is "A", unless the
- <code class="option">-x</code> option is supplied to indicate a reverse lookup.
- A zone transfer can be requested by specifying a type of AXFR. When
+ The resource record type to query. It can be any valid query
+ type. If it is a resource record type supported in BIND 9, it
+ can be given by the type mnemonic (such as "NS" or "AAAA").
+ The default query type is "A", unless the <code class="option">-x</code>
+ option is supplied to indicate a reverse lookup. A zone
+ transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required, set the
<em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
The incremental zone transfer will contain the changes
record was
<em class="parameter"><code>N</code></em>.
</p>
+ <p>
+ All resource record types can be expressed as "TYPEnn", where
+ "nn" is the number of the type. If the resource record type is
+ not supported in BIND 9, the result will be displayed as
+ described in RFC 3597.
+ </p>
</dd>
<dt><span class="term">-u</span></dt>
<dd>
server that provided the answer.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+ <p>
+ Process [do not process] IDN domain names on input.
+ This requires IDN SUPPORT to have been enabled at
+ compile time. The default is to process IDN input.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
<dd>
<p>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
- the zone.
+ the zone. Addresses of servers that that did not
+ respond are also printed.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
the question section as a comment.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
+<dd>
+ <p>
+ Set [do not set] the RA (Recursion Available) bit in
+ the query. The default is +noraflag. This bit should
+ be ignored by the server for QUERY.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
<dd>
<p>
<dd>
<p>
This feature is now obsolete and has been removed;
- use <span class="command"><strong>delv</strong></span> instead.
+ use <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
this query.
</p>
</dd>
+<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
+<dd>
+ <p>
+ Set [do not set] the TC (TrunCation) bit in the query.
+ The default is +notcflag. This bit should be ignored
+ by the server for QUERY.
+ </p>
+ </dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd>
<p>
<dd>
<p>
This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
- which is obsolete and has been removed. Use
- <span class="command"><strong>delv</strong></span> instead.
+ which is obsolete and has been removed. Use
+ <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
<p>
Formerly specified trusted keys for use with
- <span class="command"><strong>dig +sigchase</strong></span>. This feature is now
- obsolete and has been removed; use
- <span class="command"><strong>delv</strong></span> instead.
+ <span class="command"><strong>dig +sigchase</strong></span>. This feature is now
+ obsolete and has been removed; use
+ <span class="command"><strong>delv</strong></span> instead.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<span class="command"><strong>dig</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
- If you'd like to turn off the IDN support for some reason, defines
- the <code class="envar">IDN_DISABLE</code> environment variable.
- The IDN support is disabled if the variable is set when
- <span class="command"><strong>dig</strong></span> runs.
+ If you'd like to turn off the IDN support for some reason, use
+ parameters <em class="parameter"><code>+noidnin</code></em> and
+ <em class="parameter"><code>+noidnout</code></em>.
</p>
</div>
<span class="citerefentry">
<span class="refentrytitle">dnssec-keygen</span>(8)
</span>,
- <em class="citetitle">RFC1035</em>.
+ <em class="citetitle">RFC 1035</em>.
</p>
</div>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
[<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
[<code class="option">-q</code>]
[<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>strength</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
a satisfactory key.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of randomness. Normally, when generating
- DNSSEC keys, this option has no effect; the random number
- generation function provided by the cryptographic library will
- be used.
- </p>
- <p>
- If that behavior is disabled at compile time, however,
- the specified file will be used as entropy source
- for key generation. <code class="filename">randomdev</code> is
- the name of a character device or file containing random
- data to be used. The special value <code class="filename">keyboard</code>
- indicates that keyboard input should be used.
- </p>
- <p>
- The default is <code class="filename">/dev/random</code> if the
- operating system provides it or an equivalent device;
- if not, the default source of randomness is keyboard input.
- </p>
- </dd>
<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
<dd>
<p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
[<code class="option">-v</code>]
[<code class="option">-z</code>]
[<code class="option">-g <em class="replaceable"><code>path</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>path</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>path</code></em></code>]
[zone...]
</p></div>
and <span class="command"><strong>dnssec-settime</strong></span>.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies a path to a file containing random data.
- This is passed to the <span class="command"><strong>dnssec-keygen</strong></span> binary
- using its <code class="option">-r</code> option.
-
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>settime-path</code></em></span></dt>
<dd>
<p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
[<code class="option">-o <em class="replaceable"><code>origin</code></em></code>]
[<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>]
[<code class="option">-P</code>]
- [<code class="option">-p</code>]
[<code class="option">-Q</code>]
[<code class="option">-R</code>]
- [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S</code>]
[<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>]
[<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>]
can be read by release 9.9.0 or higher; the default is 1.
</p>
</dd>
-<dt><span class="term">-p</span></dt>
-<dd>
- <p>
- Use pseudo-random data when signing the zone. This is faster,
- but less secure, than using real random data. This option
- may be useful when signing large zones or when the entropy
- source is limited.
- </p>
- </dd>
<dt><span class="term">-P</span></dt>
<dd>
<p>
("Double Signature Zone Signing Key Rollover").
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Specifies the source of randomness. If the operating
- system does not provide a <code class="filename">/dev/random</code>
- or equivalent device, the default source of randomness
- is keyboard input. <code class="filename">randomdev</code>
- specifies
- the name of a character device or file containing random
- data to be used instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard
- input should be used.
- </p>
- </dd>
<dt><span class="term">-S</span></dt>
<dd>
<p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
<td width="40%" align="left" valign="top">
<span class="application">dnssec-verify</span>Â </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top">Â <span class="application">host</span>
-</td>
+<td width="40%" align="right" valign="top">Â host</td>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.19.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>host</strong></span>
</div>
<div class="refsection">
-<a name="id-1.13.20.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.19.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.20.9"></a><h2>IDN SUPPORT</h2>
+<a name="id-1.13.19.9"></a><h2>IDN SUPPORT</h2>
<p>
If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
</div>
<div class="refsection">
-<a name="id-1.13.20.10"></a><h2>FILES</h2>
+<a name="id-1.13.19.10"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.19.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">dig</span>(1)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>mdig</strong></span>
is a multiple/pipelined query version of <span class="command"><strong>dig</strong></span>:
</div>
<div class="refsection">
-<a name="id-1.13.21.8"></a><h2>ANYWHERE OPTIONS</h2>
+<a name="id-1.13.20.8"></a><h2>ANYWHERE OPTIONS</h2>
<p>
</div>
<div class="refsection">
-<a name="id-1.13.21.9"></a><h2>GLOBAL OPTIONS</h2>
+<a name="id-1.13.20.9"></a><h2>GLOBAL OPTIONS</h2>
<p>
</div>
<div class="refsection">
-<a name="id-1.13.21.10"></a><h2>LOCAL OPTIONS</h2>
+<a name="id-1.13.20.10"></a><h2>LOCAL OPTIONS</h2>
<p>
</div>
<div class="refsection">
-<a name="id-1.13.21.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">dig</span>(1)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
</div>
<div class="refsection">
-<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.21.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-h</span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.21.9"></a><h2>RETURN VALUES</h2>
<p><span class="command"><strong>named-checkconf</strong></span>
returns an exit status of 1 if
</div>
<div class="refsection">
-<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.21.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">named</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
</div>
<div class="refsection">
-<a name="id-1.13.23.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
</div>
<div class="refsection">
-<a name="id-1.13.23.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
<p><span class="command"><strong>named-checkzone</strong></span>
returns an exit status of 1 if
</div>
<div class="refsection">
-<a name="id-1.13.23.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">named</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.24.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>named-journalprint</strong></span>
</div>
<div class="refsection">
-<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.23.8"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsect1">
-<a name="id-1.13.25.6"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.24.6"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>named-nzd2nzf</strong></span> converts an NZD database to NZF
</div>
<div class="refsect1">
-<a name="id-1.13.25.7"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.24.7"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">filename</span></dt>
</div>
<div class="refsect1">
-<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>
</div>
<div class="refsect1">
-<a name="id-1.13.25.9"></a><h2>AUTHOR</h2>
+<a name="id-1.13.24.9"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.25.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>named-rrchecker</strong></span>
read a individual DNS resource record from standard input and checks if it
</div>
<div class="refsection">
-<a name="id-1.13.26.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1034</em>,
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
</div>
<div class="refsection">
-<a name="id-1.13.27.8"></a><h2>ACL</h2>
+<a name="id-1.13.26.8"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.9"></a><h2>CONTROLS</h2>
+<a name="id-1.13.26.9"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.10"></a><h2>DLZ</h2>
+<a name="id-1.13.26.10"></a><h2>DLZ</h2>
<div class="literallayout"><p><br>
dlz <em class="replaceable"><code>string</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.11"></a><h2>DYNDB</h2>
+<a name="id-1.13.26.11"></a><h2>DYNDB</h2>
<div class="literallayout"><p><br>
dyndb <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>quoted_string</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.12"></a><h2>KEY</h2>
+<a name="id-1.13.26.12"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key <em class="replaceable"><code>string</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.13"></a><h2>LOGGING</h2>
+<a name="id-1.13.26.13"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging {<br>
<div class="refsection">
-<a name="id-1.13.27.14"></a><h2>MANAGED-KEYS</h2>
+<a name="id-1.13.26.14"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
</div>
<div class="refsection">
-<a name="id-1.13.27.15"></a><h2>MASTERS</h2>
+<a name="id-1.13.26.15"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters <em class="replaceable"><code>string</code></em> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.16"></a><h2>OPTIONS</h2>
+<a name="id-1.13.26.16"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.17"></a><h2>SERVER</h2>
+<a name="id-1.13.26.17"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server <em class="replaceable"><code>netprefix</code></em> {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.18"></a><h2>STATISTICS-CHANNELS</h2>
+<a name="id-1.13.26.18"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
statistics-channels {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.19"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.13.26.19"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
</div>
<div class="refsection">
-<a name="id-1.13.27.20"></a><h2>VIEW</h2>
+<a name="id-1.13.26.20"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.21"></a><h2>ZONE</h2>
+<a name="id-1.13.26.21"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
</div>
<div class="refsection">
-<a name="id-1.13.27.22"></a><h2>FILES</h2>
+<a name="id-1.13.26.22"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.13.27.23"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.26.23"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">ddns-confgen</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>named</strong></span>
is a Domain Name System (DNS) server,
</div>
<div class="refsection">
-<a name="id-1.13.28.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.27.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
</div>
<div class="refsection">
-<a name="id-1.13.28.9"></a><h2>SIGNALS</h2>
+<a name="id-1.13.27.9"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
</div>
<div class="refsection">
-<a name="id-1.13.28.10"></a><h2>CONFIGURATION</h2>
+<a name="id-1.13.27.10"></a><h2>CONFIGURATION</h2>
<p>
The <span class="command"><strong>named</strong></span> configuration file is too complex
</div>
<div class="refsection">
-<a name="id-1.13.28.11"></a><h2>FILES</h2>
+<a name="id-1.13.27.11"></a><h2>FILES</h2>
<div class="variablelist"><dl class="variablelist">
</div>
<div class="refsection">
-<a name="id-1.13.28.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.27.12"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>nsec3hash</strong></span> generates an NSEC3 hash based on
</div>
<div class="refsection">
-<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.28.8"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">salt</span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.29.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.28.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>Nslookup</strong></span>
is a program to query Internet domain name servers. <span class="command"><strong>Nslookup</strong></span>
</div>
<div class="refsection">
-<a name="id-1.13.30.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
<p>
Interactive mode is entered in the following cases:
</div>
<div class="refsection">
-<a name="id-1.13.30.9"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id-1.13.29.9"></a><h2>INTERACTIVE COMMANDS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.30.10"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.29.10"></a><h2>RETURN VALUES</h2>
<p>
<span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
if any query failed, and 0 otherwise.
</div>
<div class="refsection">
-<a name="id-1.13.30.11"></a><h2>FILES</h2>
+<a name="id-1.13.29.11"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsection">
-<a name="id-1.13.30.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.29.12"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">dig</span>(1)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
[<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>]
- [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-v</code>]
[<code class="option">-T</code>]
[<code class="option">-P</code>]
</div>
<div class="refsection">
-<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
</div>
<div class="refsection">
-<a name="id-1.13.31.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.30.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
one update request will be made.
</p>
</dd>
-<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
- <p>
- Where to obtain randomness. If the operating system
- does not provide a <code class="filename">/dev/random</code> or
- equivalent device, the default source of randomness is keyboard
- input. <code class="filename">randomdev</code> specifies the name of
- a character device or file containing random data to be used
- instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard input
- should be used. This option may be specified multiple times.
- </p>
- </dd>
<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
<dd>
<p>
</div>
<div class="refsection">
-<a name="id-1.13.31.9"></a><h2>INPUT FORMAT</h2>
+<a name="id-1.13.30.9"></a><h2>INPUT FORMAT</h2>
<p><span class="command"><strong>nsupdate</strong></span>
reads input from
</div>
<div class="refsection">
-<a name="id-1.13.31.10"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.30.10"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
</div>
<div class="refsection">
-<a name="id-1.13.31.11"></a><h2>FILES</h2>
+<a name="id-1.13.30.11"></a><h2>FILES</h2>
<div class="variablelist"><dl class="variablelist">
</div>
<div class="refsection">
-<a name="id-1.13.31.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.30.12"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
</div>
<div class="refsection">
-<a name="id-1.13.31.13"></a><h2>BUGS</h2>
+<a name="id-1.13.30.13"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>pkcs11-destroy</strong></span> destroys keys stored in a
</div>
<div class="refsection">
-<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.31.8"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.31.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
</div>
<div class="refsection">
-<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>pkcs11-list</strong></span>
</div>
<div class="refsection">
-<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P</span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>pkcs11-tokens</strong></span>
</div>
<div class="refsection">
-<a name="id-1.13.35.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
</div>
<div class="refsection">
-<a name="id-1.13.35.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry">
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
[<code class="option">-h</code>]
[<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
[<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
- [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
</div>
<div class="refsection">
-<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>rndc-confgen</strong></span>
generates configuration files
</div>
<div class="refsection">
-<a name="id-1.13.36.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.35.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
The default is 953.
</p>
</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
- <p>
- Specifies a source of random data for generating the
- authorization. If the operating
- system does not provide a <code class="filename">/dev/random</code>
- or equivalent device, the default source of randomness
- is keyboard input. <code class="filename">randomdev</code>
- specifies
- the name of a character device or file containing random
- data to be used instead of the default. The special value
- <code class="filename">keyboard</code> indicates that keyboard
- input should be used.
- </p>
- </dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd>
<p>
</div>
<div class="refsection">
-<a name="id-1.13.36.9"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.35.9"></a><h2>EXAMPLES</h2>
<p>
To allow <span class="command"><strong>rndc</strong></span> to be used with
</div>
<div class="refsection">
-<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.35.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">rndc</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control
</div>
<div class="refsection">
-<a name="id-1.13.37.8"></a><h2>EXAMPLE</h2>
+<a name="id-1.13.36.8"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
</div>
<div class="refsection">
-<a name="id-1.13.37.9"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id-1.13.36.9"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
</div>
<div class="refsection">
-<a name="id-1.13.37.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">rndc</span>(8)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
</div>
<div class="refsection">
-<a name="id-1.13.38.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>rndc</strong></span>
controls the operation of a name
</div>
<div class="refsection">
-<a name="id-1.13.38.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.37.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
</div>
<div class="refsection">
-<a name="id-1.13.38.9"></a><h2>COMMANDS</h2>
+<a name="id-1.13.37.9"></a><h2>COMMANDS</h2>
<p>
A list of commands supported by <span class="command"><strong>rndc</strong></span> can
</div>
<div class="refsection">
-<a name="id-1.13.38.10"></a><h2>LIMITATIONS</h2>
+<a name="id-1.13.37.10"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
</div>
<div class="refsection">
-<a name="id-1.13.38.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.37.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">rndc.conf</span>(5)
</tr>
</table>
</div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
</body>
</html>
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
+<!-- $Id$ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.13.0-dev</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.13.0</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
- BIND 9.13 is unstable development release of BIND.
+ BIND 9.13 is an unstable development release of BIND.
This document summarizes new features and functional changes that
- have been introduced on this branch. With each development
- release leading up to the stable BIND 9.14 release, this document
- will be updated with additional features added and bugs fixed.
+ have been introduced on this branch. With each development release
+ leading up to the stable BIND 9.14 release, this document will be
+ updated with additional features added and bugs fixed.
+ </p>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
+ <p>
+ Prior to BIND 9.13, new feature development releases were tagged
+ as "alpha" and "beta", leading up to the first stable release
+ for a given development branch, which always ended in ".0".
+ </p>
+ <p>
+ Now, however, BIND has adopted the "odd-unstable/even-stable"
+ release numbering convention. There will be no "alpha" or "beta"
+ releases in the 9.13 branch, only increasing version numbers.
+ So, for example, what would previously have been called 9.13.0a1,
+ 9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
+ 9.13.1, 9.13.2, etc.
+ </p>
+ <p>
+ The first stable release from this development branch will be
+ renamed as 9.14.0. Thereafter, maintenance releases will continue
+ on the 9.14 branch, while unstable feature development proceeds in
+ 9.15.
</p>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ None.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- Addresses could be referenced after being freed during resolver
- processing, causing an assertion failure. The chances of this
- happening were remote, but the introduction of a delay in
- resolution increased them. This bug is disclosed in
- CVE-2017-3145. [RT #46839]
+ BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
+ library to add IDNA2008 support. Previously, BIND supported
+ IDNA2003 using the (now obsolete and unsupported)
+ <span class="command"><strong>idnkit-1</strong></span> library.
</p>
</li>
<li class="listitem">
<p>
- update-policy rules that otherwise ignore the name field now
- require that it be set to "." to ensure that any type list
- present is properly interpreted. If the name field was omitted
- from the rule declaration and a type list was present it wouldn't
- be interpreted as expected.
+ <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+ mechanism. This enables validating resolvers to indicate to
+ which trust anchors are configured for the root, so that
+ information about root key rollover status can be gathered.
+ To disable this feature, add
+ <span class="command"><strong>root-key-sentinel no;</strong></span> to
+ <code class="filename">named.conf</code>.
</p>
</li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+<li class="listitem">
<p>
- None.
+ The <span class="command"><strong>dnskey-sig-validity</strong></span> option allows the
+ <span class="command"><strong>sig-validity-interval</strong></span> to be overriden for
+ signatures covering DNSKEY RRsets. [GL #145]
</p>
- </li></ul></div>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
- </li></ul></div>
+ </li>
+<li class="listitem">
+ <p>
+ Support for OpenSSL 0.9.x has been removed. OpenSSL version
+ 1.0.0 or greater, or LibreSSL is now required.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>configure --enable-seccomp</strong></span> option,
+ which formerly turned on system-call filtering on Linux, has
+ been removed. [GL #93]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ IPv4 addresses in forms other than dotted-quad are no longer
+ accepted in master files. [GL #13] [GL #56]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ IDNA2003 support via (bundled) idnkit-1.0 has been removed.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The "rbtdb64" database implementation (a parallel
+ implementation of "rbt") has been removed. [GL #217]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ The <span class="command"><strong>-r randomdev</strong></span> option to explicitly select
+ random device has been removed from the
+ <span class="command"><strong>ddns-confgen</strong></span>,
+ <span class="command"><strong>rndc-confgen</strong></span>,
+ <span class="command"><strong>nsupdate</strong></span>,
+ <span class="command"><strong>dnssec-confgen</strong></span>, and
+ <span class="command"><strong>dnssec-signzone</strong></span> commands.
+ </p>
+ <p>
+ The <span class="command"><strong>-p</strong></span> option to use pseudo-random data
+ has been removed from the <span class="command"><strong>dnssec-signzone</strong></span>
+ command.
+ </p>
+ </li>
+</ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+ <p>
+ BIND will now always use the best CSPRNG (cryptographically-secure
+ pseudo-random number generator) available on the platform where
+ it is compiled. It will use <span class="command"><strong>arc4random()</strong></span>
+ family of functions on BSD operating systems,
+ <span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
+ <span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
+ cryptography provider library (OpenSSL or PKCS#11) as the last
+ resort. [GL #221]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ BIND can no longer be built without DNSSEC support. A cryptography
+ provder (i.e., OpenSSL or a hardware service module with
+ PKCS#11 support) must be available. [GL #244]
+ </p>
+ </li>
<li class="listitem">
<p>
Zone types <span class="command"><strong>primary</strong></span> and
[RT #43670]
</p>
</li>
-</ul></div>
- </div>
-
- <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
- <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p>
- When answering authoritative queries, <span class="command"><strong>named</strong></span>
- does not return the target of a cross-zone CNAME between two
- locally served zones; this prevents accidental cache poisoning.
- This same restriction was incorrectly applied to recursive
- queries as well; this has been fixed. [RT #47078]
+ <span class="command"><strong>dig +nssearch</strong></span> will now list name servers
+ that have timed out, in addition to those that respond. [GL #64]
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+ processing on the input domain name, when BIND is compiled
+ with IDN support.
+ </p>
+ </li>
+<li class="listitem">
+ <p>
+ Up to 64 <span class="command"><strong>response-policy</strong></span> zones are now
+ supported by default; previously the limit was 32. [GL #123]
</p>
</li>
<li class="listitem">
<p>
- Attempting to validate improperly unsigned CNAME responses
- from secure zones could cause a validator loop. This caused
- a delay in returning SERVFAIL and also increased the chances
- of encountering the crash bug described in CVE-2017-3145.
- [RT #46839]
+ Several configuration options for time periods can now use
+ TTL value suffixes (for example, <code class="literal">2h</code> or
+ <code class="literal">1d</code>) in addition to an integer number of
+ seconds. These include
+ <span class="command"><strong>fstrm-set-reopen-interval</strong></span>,
+ <span class="command"><strong>interface-interval</strong></span>,
+ <span class="command"><strong>max-cache-ttl</strong></span>,
+ <span class="command"><strong>max-ncache-ttl</strong></span>,
+ <span class="command"><strong>max-policy-ttl</strong></span>, and
+ <span class="command"><strong>min-update-interval</strong></span>.
+ [GL #203]
</p>
</li>
</ul></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+ <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+ <p>
+ None.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_license"></a>License</h3></div></div></div>
<p>
BIND is open source software licenced under the terms of the Mozilla
<p>
The end of life date for BIND 9.14 has not yet been determined.
For those needing long term support, the current Extended Support
- Version (ESV) is BIND 9.11, which will be supported until December
- 2021. See
+ Version (ESV) is BIND 9.11, which will be supported until at
+ least December 2021. See
<a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
for details of ISC's software support policy.
</p>
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
<integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
- in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
+ dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>;
fstrm-set-output-notify-threshold <integer>; // not configured
fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
fstrm-set-output-queue-size <integer>; // not configured
- fstrm-set-reopen-interval <integer>; // not configured
+ fstrm-set-reopen-interval <ttlval>; // not configured
geoip-directory ( <quoted_string> | none ); // not configured
geoip-use-ecs <boolean>; // not configured
glue-cache <boolean>;
host-statistics-max <integer>; // not implemented
hostname ( <quoted_string> | none );
inline-signing <boolean>;
- interface-interval <integer>;
+ interface-interval <ttlval>;
ixfr-from-differences ( primary | master | secondary | slave |
<boolean> );
keep-response-order { <address_match_element>; ... };
match-mapped-addresses <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <integer>;
+ max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <integer>;
+ max-ncache-ttl <ttlval>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
- max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+ max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [
- max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+ max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
<integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
<string> ]; ... } ] [ zone-directory <quoted_string> ] [
- in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+ in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <boolean>;
check-mx ( fail | warn | ignore );
}; // may occur multiple times
dns64-contact <string>;
dns64-server <string>;
+ dnskey-sig-validity <integer>;
dnsrps-enable <boolean>; // not configured
dnsrps-options { <unspecified-text> }; // not configured
dnssec-accept-expired <boolean>;
match-recursive-only <boolean>;
max-acache-size ( unlimited | <sizeval> ); // obsolete
max-cache-size ( default | unlimited | <sizeval> | <percentage> );
- max-cache-ttl <integer>;
+ max-cache-ttl <ttlval>;
max-clients-per-query <integer>;
max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
max-journal-size ( default | unlimited | <sizeval> );
- max-ncache-ttl <integer>;
+ max-ncache-ttl <ttlval>;
max-records <integer>;
max-recursion-depth <integer>;
max-recursion-queries <integer>;
response-padding { <address_match_element>; ... } block-size
<integer>;
response-policy { zone <quoted_string> [ log <boolean> ] [
- max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+ max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <quoted_string> ) ] [
recursive-only <boolean> ] [ nsip-enable <boolean> ] [
nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [
- max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+ max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
} ];
rfc2308-type1 <boolean>; // not yet implemented
- root-key-sentinel <boolean>;
root-delegation-only [ exclude { <quoted_string>; ... } ];
+ root-key-sentinel <boolean>;
rrset-order { [ class <string> ] [ type <string> ] [ name
<quoted_string> ] <string> <string>; ... };
send-cookie <boolean>;
dialup ( notify | notify-passive | passive | refresh |
<boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
delegation-only <boolean>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-secure-to-insecure <boolean>;
database <string>;
dialup ( notify | notify-passive | passive | refresh | <boolean> );
dlz <string>;
+ dnskey-sig-validity <integer>;
dnssec-dnskey-kskonly <boolean>;
dnssec-loadkeys-interval <integer>;
dnssec-update-mode ( maintain | no-resign );
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
tp: symtab_test
tp: task_test
tp: taskpool_test
-tp: timer_test
tp: time_test
+tp: timer_test
projects / thirdparty / bind9.git / commitdiff
