From: Mark Andrews Date: Thu, 31 May 2007 23:28:40 +0000 (+0000) Subject: regen X-Git-Tag: v9.2.0b1^2~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f9040d1cae9454cfb85d11e5a65e112967acc4a;p=thirdparty%2Fbind9.git regen --- diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 6cd7c57c527..9caba4f6ddf 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.2.9 2007/05/09 03:32:21 marka Exp $ +.\" $Id: rndc.8,v 1.24.2.10 2007/05/31 23:28:40 marka Exp $ .\" .hy 0 .ad l @@ -47,8 +47,7 @@ is invoked with no command line options or arguments, it prints a short summary communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of \fBrndc\fR and -\fBnamed\fR -named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. +\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. .PP \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. @@ -93,14 +92,14 @@ instead of BIND 9's default control channel port, 953. Enable verbose logging. .RE .PP -\-y \fIkeyid\fR +\-y \fIkey_id\fR .RS 4 Use the key -\fIkeyid\fR +\fIkey_id\fR from the configuration file. -\fIkeyid\fR +\fIkey_id\fR must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no -\fIkeyid\fR +\fIkey_id\fR is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 5d84246c668..e4a0861bab9 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -46,7 +46,7 @@ rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - rndc and named named + rndc and named, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -98,14 +98,14 @@

Enable verbose logging.

-
-y keyid
+
-y key_id

- Use the key keyid + Use the key key_id from the configuration file. - keyid must be + key_id must be known by named with the same algorithm and secret string in order for control message validation to succeed. - If no keyid + If no key_id is specified, rndc will first look for a key clause in the server statement of the server being used, or if no server statement is present for that