<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
number
- of Unix-like operating systems and on
+ of Unix-like operating systems and on
Microsoft Windows Server 2003 and 2008, and Windows XP and Vista.
For an up-to-date
list of supported systems, see the README file in the top level
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571054">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571338">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571270">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571351">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609793">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609830">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563650">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563897">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563934">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563947">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563965">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564003">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564049">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564075">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564085">Converting from NSEC to NSEC3</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609443">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609465">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609511">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609533">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570042">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610481">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610412">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612517">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612548">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636981">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637095">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637117">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637163">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571
639">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571
571">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571906">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571927">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571837">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571859">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571338"></a>Signing the Zone</h3></div></div></div>
+<a name="id2571270"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571419"></a>Configuring Servers</h3></div></div></div>
+<a name="id2571351"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
To enable <span><strong class="command">named</strong></span> to validate answers from
other servers, the <span><strong class="command">dnssec-enable</strong></span> option
must be set to <strong class="userinput"><code>yes</code></strong>, and the
- <span><strong class="command">dnssec-validation</strong></span> options must be set to
+ <span><strong class="command">dnssec-validation</strong></span> options must be set to
<strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>auto</code></strong>.
</p>
<p>
including missing, expired, or invalid signatures, a key which
does not match the DS RRset in the parent zone, or an insecure
response from a zone which, according to its parent, should have
- been secure.
+ been secure.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563897"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563965"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563934"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2564003"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563947"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2564016"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609443"></a>Validating Resolver</h3></div></div></div>
+<a name="id2609511"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609465"></a>Authoritative Server</h3></div></div></div>
+<a name="id2609533"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
when we configure BIND 9.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610074"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2610006"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610144"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2610075"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610329"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id2610261"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610481"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
+<a name="id2610412"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610489"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id2610421"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612091"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id2610453"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2612128"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id2610489"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2636981"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2637117"></a>Specifying the engine on the command line</h3></div></div></div>
<p>The OpenSSL engine can be specified in
<span><strong class="command">named</strong></span> and all of the BIND
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2637095"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2637163"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>If you want
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571
639"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2571
571"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
the traditional "nibble" format used in the
<span class="emphasis"><em>ip6.arpa</em></span> domain, as well as the older, deprecated
<span class="emphasis"><em>ip6.int</em></span> domain.
- Older versions of <acronym class="acronym">BIND</acronym> 9
+ Older versions of <acronym class="acronym">BIND</acronym> 9
supported the "binary label" (also known as "bitstring") format,
but support of binary labels has been completely removed per
RFC 3363.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571906"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2571837"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571927"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2571859"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571960">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571892">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571960"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2571892"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574875"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575001"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577168"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577241"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577305"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577236"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577309"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577373"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577417"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577438"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591622"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591554"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593467"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599795">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599990">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600
195"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600
263"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
"as big as possible", depending on the context.
See the explanations of particular parameters
that use <code class="varname">size_spec</code>
- for details on how they interpret its use.
+ for details on how they interpret its use.
</p>
<p>
Numeric values can optionally be followed by a
(including <code class="option">max-cache-size</code>), it may
mean the largest possible 32-bit unsigned integer
(0xffffffff); this distinction can be important when
- dealing with larger quantities.
+ dealing with larger quantities.
<code class="varname">unlimited</code> is usually the best way
to safely set a very large number.
</p>
<p>
- <code class="varname">default</code>
+ <code class="varname">default</code>
uses the limit that was in force when the server was started.
</p>
</td>
<p>
defines a named masters list for
inclusion in stub and slave zones'
- <span><strong class="command">masters</strong></span> or
+ <span><strong class="command">masters</strong></span> or
<span><strong class="command">also-notify</strong></span> lists.
</p>
</td>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577168"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577236"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577241"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577309"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577305"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577373"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
-<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
+<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
[<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ; ... </span>] }; </span>]
[<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] {
( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] |
- <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
+ <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] ) ;
... }; </span>]
[<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
[<span class="optional"> address ( <em class="replaceable"><code>ip4_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
- [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
- [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
+ [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] |
+ [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
[<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] ) ; </span>]
[<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
The pathname of a file to override the built-in trusted
keys provided by <span><strong class="command">named</strong></span>.
See the discussion of <span><strong class="command">dnssec-lookaside</strong></span>
- and <span><strong class="command">dnssec-validation</strong></span> for details.
+ and <span><strong class="command">dnssec-validation</strong></span> for details.
If not specified, the default is
<code class="filename">/etc/bind.keys</code>.
</p></dd>
<p>
Each <span><strong class="command">dns64</strong></span> supports an optional
<span><strong class="command">mapped</strong></span> ACL that selects which
- IPv4 addresses are to be mapped in the corresponding
+ IPv4 addresses are to be mapped in the corresponding
A RRset. If not defined it defaults to
<strong class="userinput"><code>any;</code></strong>.
</p>
<dt><span class="term"><span><strong class="command">request-nsid</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, then an empty EDNS(0)
- NSID (Name Server Identifier) option is sent with all
+ NSID (Name Server Identifier) option is sent with all
queries to authoritative name servers during iterative
resolution. If the authoritative server returns an NSID
option in its response, then its contents are logged in
<p>
If <strong class="userinput"><code>yes</code></strong>,
the DNS client is at an IPv4 address, in <span><strong class="command">filter-aaaa</strong></span>,
- and if the response does not include DNSSEC signatures,
+ and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
because the DNSSEC protocol is designed detect deletions.
</p>
<p>
- This mechanism can erroneously cause other servers to
- not give AAAA records to their clients.
+ This mechanism can erroneously cause other servers to
+ not give AAAA records to their clients.
A recursing server with both IPv6 and IPv4 network connections
that queries an authoritative server using this mechanism
via IPv4 will be denied AAAA records even if its client is
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583335"></a>Forwarding</h4></div></div></div>
+<a name="id2583403"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
</pre>
<p>
Note: BIND 9.5.0 introduced
- the <span><strong class="command">use-queryport-pool</strong></span>
+ the <span><strong class="command">use-queryport-pool</strong></span>
option to support a pool of such random ports, but this
option is now obsolete because reusing the same ports in
the pool may not be sufficiently secure.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585426"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2585494"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585554"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2585622"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
<p>
A "soft quota" is also set. When this lower
quota is exceeded, incoming requests are accepted, but
- for each one, a pending request will be dropped.
+ for each one, a pending request will be dropped.
If <code class="option">recursive-clients</code> is greater than
1000, the soft quota is set to
<code class="option">recursive-clients</code> minus 100;
waiting for
some data before being passed to accept. Nonzero values
less than 10 will be silently raised. A value of 0 may also
- be used; on most platforms this sets the listen queue
+ be used; on most platforms this sets the listen queue
length to a system-defined default value.
</p></dd>
</dl></div>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588846"></a>Content Filtering</h4></div></div></div>
+<a name="id2588915"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589041"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2589109"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes a limited
mechanism to modify DNS responses for requests
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589539"></a>Response Rate Limiting</h4></div></div></div>
+<a name="id2589470"></a>Response Rate Limiting</h4></div></div></div>
<p>
This feature is only available when <acronym class="acronym">BIND</acronym> 9
is compiled with the <strong class="userinput"><code>--enable-rrl</code></strong>
whether the local server will add a NSID EDNS option
to requests sent to the server. This overrides
<span><strong class="command">request-nsid</strong></span> set at the view or
- option level.
+ option level.
</p>
</div>
<div class="sect2" lang="en">
port 8888, then the statistics are accessible in XML format at
<a href="http://127.0.0.1:8888/" target="_top">http://127.0.0.1:8888/</a> or
<a href="http://127.0.0.1:8888/xml" target="_top">http://127.0.0.1:8888/xml</a>. A CSS file is
- included which can format the XML statistics into tables
+ included which can format the XML statistics into tables
when viewed with a stylesheet-capable browser. When
- <acronym class="acronym">BIND</acronym> 9 is configured with --enable-newstats,
+ <acronym class="acronym">BIND</acronym> 9 is configured with --enable-newstats,
a new XML schema is used (version 3) which adds additional
zone statistics and uses a flatter tree for more efficient
parsing. The stylesheet included uses the Google Charts API
</p>
<p>
Applications that depend on a particular XML schema
- can request
+ can request
<a href="http://127.0.0.1:8888/xml/v2" target="_top">http://127.0.0.1:8888/xml/v2</a> for version 2
- of the statistics XML schema or
+ of the statistics XML schema or
<a href="http://127.0.0.1:8888/xml/v3" target="_top">http://127.0.0.1:8888/xml/v3</a> for version 3.
If the requested schema is supported by the server, then
it will respond; if not, it will return a "page not found"
<a name="managed-keys"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
- The <span><strong class="command">managed-keys</strong></span> statement, like
+ The <span><strong class="command">managed-keys</strong></span> statement, like
<span><strong class="command">trusted-keys</strong></span>, defines DNSSEC
security roots. The difference is that
<span><strong class="command">managed-keys</strong></span> can be kept up to date
<code class="literal">initial-key</code>. The difference is, whereas the
keys listed in a <span><strong class="command">trusted-keys</strong></span> continue to be
trusted until they are removed from
- <code class="filename">named.conf</code>, an initializing key listed
+ <code class="filename">named.conf</code>, an initializing key listed
in a <span><strong class="command">managed-keys</strong></span> statement is only trusted
<span class="emphasis"><em>once</em></span>: for as long as it takes to load the
managed key database and start the RFC 5011 key maintenance
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591622"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2591554"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
type static-stub;
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> server-addresses { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> ; ... </span>] }; </span>]
- [<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]
+ [<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]
[<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
};
<p>
Each static-stub zone is configured with
internally generated NS and (if necessary)
- glue A or AAAA RRs
+ glue A or AAAA RRs
</p>
</td>
</tr>
2001:ffff:ffff::100.100.100.2, one would
configure a type redirect zone named ".",
with the zone file containing wildcard records
- that point to the desired addresses:
+ that point to the desired addresses:
<code class="literal">"*. IN A 100.100.100.2"</code>
and
<code class="literal">"*. IN AAAA 2001:ffff:ffff::100.100.100.2"</code>.
<p>
To redirect all Spanish names (under .ES) one
would use similar entries but with the names
- "*.ES." instead of "*.". To redirect all
+ "*.ES." instead of "*.". To redirect all
commercial Spanish names (under COM.ES) one
would use wildcard entries called "*.COM.ES.".
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594083"></a>Class</h4></div></div></div>
+<a name="id2594151"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594116"></a>Zone Options</h4></div></div></div>
+<a name="id2594184"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
<em class="replaceable"><code>zonename</code></em></strong></span> causes
<span><strong class="command">named</strong></span> to load keys from the key
repository and sign the zone with all keys that are
- active.
+ active.
<span><strong class="command">rndc loadkeys
<em class="replaceable"><code>zonename</code></em></strong></span> causes
<span><strong class="command">named</strong></span> to load keys from the key
the zone is updated.
</p>
<p>
- When set to
+ When set to
<span><strong class="command">serial-update-method unixtime;</strong></span>, the
SOA serial number will be set to the number of seconds
since the UNIX epoch, unless the serial number is
<p>
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
+ and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <em class="replaceable"><code>identity</code></em>
field.
</td>
<td>
<p>
- This rule takes a Windows machine principal
+ This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
<p>
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
+ and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the <em class="replaceable"><code>identity</code></em>
field.
</td>
<td>
<p>
- This rule takes a Kerberos machine principal
+ This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598590"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2598659"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600012"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2600081"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
- At the start of the zone file, it is the
+ At the start of the zone file, it is the
<<code class="varname">zone_name</code>> (followed by
trailing dot).
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600028"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2600097"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600089"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2600157"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600158"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2600227"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2600
195"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2600
263"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605285">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2605290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605302">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605319">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605353">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2605358">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605370">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605387">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2605285"></a>Common Problems</h2></div></div></div>
+<a name="id2605353"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2605290"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2605358"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2605302"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2605370"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2605319"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2605387"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2637276">Release Notes for BIND Version 9.9.7</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2637345">Release Notes for BIND Version 9.9.7</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2637276"></a>Release Notes for BIND Version 9.9.7</h2></div></div></div>
+<a name="id2637345"></a>Release Notes for BIND Version 9.9.7</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2607
604"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2607
536"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2607
636"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2607
568"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611400">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610727">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610752">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610782">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610859">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610886">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611722">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611673">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610659">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610683">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610714">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610791">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610818">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611790">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611400"></a>Prerequisite</h3></div></div></div>
+<a name="id2611673"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610727"></a>Compilation</h3></div></div></div>
+<a name="id2610659"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610752"></a>Installation</h3></div></div></div>
+<a name="id2610683"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610782"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2610714"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610859"></a>The dns.conf File</h3></div></div></div>
+<a name="id2610791"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2610886"></a>Sample Applications</h3></div></div></div>
+<a name="id2610818"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610894"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2610826"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2610985"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2610917"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611038"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2610970"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611102"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2611034"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611117"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2611049"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2611658"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2611726"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2611722"></a>Library References</h3></div></div></div>
+<a name="id2611790"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571054">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571338">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571419">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571270">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571351">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609793">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609830">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563650">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563897">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563934">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563947">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563965">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564003">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564016">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564049">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564075">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564085">Converting from NSEC to NSEC3</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609443">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609465">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609511">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609533">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570042">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610481">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610412">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612517">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612548">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636981">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637095">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637117">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2637163">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571
639">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571
571">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571906">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571927">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571837">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571859">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571960">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2571892">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574875"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575001"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577168"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577241"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577305"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577236"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577309"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577373"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577417"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577438"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591622"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591554"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593467"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599795">Inverse Mapping in IPv4</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2599990">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600
195"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2600
263"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605285">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2605290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605302">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605319">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605353">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2605358">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605370">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2605387">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2637276">Release Notes for BIND Version 9.9.7</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2637345">Release Notes for BIND Version 9.9.7</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611400">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610727">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610752">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610782">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610859">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610886">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611722">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611673">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610659">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610683">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610714">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610791">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2610818">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2611790">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2621863"></a><h2>DESCRIPTION</h2>
+<a name="id2621726"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2621878"></a><h2>SEE ALSO</h2>
+<a name="id2621741"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2621892"></a><h2>AUTHOR</h2>
+<a name="id2621755"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2657588"></a><h2>DESCRIPTION</h2>
+<a name="id2658134"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">ddns-confgen</strong></span>
generates a key for use by <span><strong class="command">nsupdate</strong></span>
and <span><strong class="command">named</strong></span>. It simplifies configuration
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2657675"></a><h2>OPTIONS</h2>
+<a name="id2658221"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2659173"></a><h2>SEE ALSO</h2>
+<a name="id2658558"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659211"></a><h2>AUTHOR</h2>
+<a name="id2658597"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612419"></a><h2>OPTIONS</h2>
+<a name="id2612897"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2664885"></a><h2>QUERY OPTIONS</h2>
+<a name="id2664953"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2666101"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2666169"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2666186"></a><h2>IDN SUPPORT</h2>
+<a name="id2666254"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2666215"></a><h2>FILES</h2>
+<a name="id2666283"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2666305"></a><h2>SEE ALSO</h2>
+<a name="id2666373"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2666342"></a><h2>BUGS</h2>
+<a name="id2666410"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2614067"></a><h2>DESCRIPTION</h2>
+<a name="id2613998"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2614081"></a><h2>OPTIONS</h2>
+<a name="id2614012"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2614183"></a><h2>SEE ALSO</h2>
+<a name="id2614115"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2614695"></a><h2>AUTHOR</h2>
+<a name="id2614627"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2615270"></a><h2>SEE ALSO</h2>
+<a name="id2615475"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2615314"></a><h2>AUTHOR</h2>
+<a name="id2615518"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2615966"></a><h2>DESCRIPTION</h2>
+<a name="id2615830"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2615980"></a><h2>OPTIONS</h2>
+<a name="id2616185"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2617689"></a><h2>EXAMPLE</h2>
+<a name="id2617894"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617725"></a><h2>FILES</h2>
+<a name="id2617930"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617767"></a><h2>CAVEAT</h2>
+<a name="id2617972"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617777"></a><h2>SEE ALSO</h2>
+<a name="id2617981"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617816"></a><h2>AUTHOR</h2>
+<a name="id2618021"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2616995"></a><h2>DESCRIPTION</h2>
+<a name="id2617063"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2617020"></a><h2>OPTIONS</h2>
+<a name="id2617089"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619563"></a><h2>TIMING OPTIONS</h2>
+<a name="id2619700"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2618042"></a><h2>DESCRIPTION</h2>
+<a name="id2618179"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2618062"></a><h2>OPTIONS</h2>
+<a name="id2618199"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2618424"></a><h2>DESCRIPTION</h2>
+<a name="id2618697"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2618438"></a><h2>OPTIONS</h2>
+<a name="id2618711"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2618572"></a><h2>SEE ALSO</h2>
+<a name="id2618845"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2618597"></a><h2>AUTHOR</h2>
+<a name="id2618870"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2618920"></a><h2>DESCRIPTION</h2>
+<a name="id2619739"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2618979"></a><h2>OPTIONS</h2>
+<a name="id2619798"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619798"></a><h2>TIMING OPTIONS</h2>
+<a name="id2619934"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619937"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2620210"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2628960"></a><h2>SEE ALSO</h2>
+<a name="id2630530"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2628993"></a><h2>AUTHOR</h2>
+<a name="id2630563"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2621223"></a><h2>DESCRIPTION</h2>
+<a name="id2621633"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2621242"></a><h2>OPTIONS</h2>
+<a name="id2622198"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2677226"></a><h2>AUTHOR</h2>
+<a name="id2677158"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2630603"></a><h2>DESCRIPTION</h2>
+<a name="id2634017"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2630617"></a><h2>OPTIONS</h2>
+<a name="id2634030"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2630780"></a><h2>SEE ALSO</h2>
+<a name="id2635218"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2635175"></a><h2>AUTHOR</h2>
+<a name="id2635243"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2659262"></a><h2>DESCRIPTION</h2>
+<a name="id2659058"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659277"></a><h2>ARGUMENTS</h2>
+<a name="id2659073"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2659338"></a><h2>SEE ALSO</h2>
+<a name="id2659133"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659365"></a><h2>AUTHOR</h2>
+<a name="id2659160"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613447"></a><h2>DESCRIPTION</h2>
+<a name="id2613174"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613906"></a><h2>IDN SUPPORT</h2>
+<a name="id2613837"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613934"></a><h2>FILES</h2>
+<a name="id2613866"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613948"></a><h2>SEE ALSO</h2>
+<a name="id2613880"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2659694"></a><h2>DESCRIPTION</h2>
+<a name="id2659490"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659722"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2659517"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659738"></a><h2>SEE ALSO</h2>
+<a name="id2659533"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659755"></a><h2>AUTHOR</h2>
+<a name="id2659550"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2637342"></a><h2>DESCRIPTION</h2>
+<a name="id2637684"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2637413"></a><h2>OPTIONS</h2>
+<a name="id2637754"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2638388"></a><h2>RETURN VALUES</h2>
+<a name="id2637978"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2638402"></a><h2>SEE ALSO</h2>
+<a name="id2637992"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2638432"></a><h2>AUTHOR</h2>
+<a name="id2638022"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2641796"></a><h2>DESCRIPTION</h2>
+<a name="id2641728"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2641846"></a><h2>OPTIONS</h2>
+<a name="id2641778"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2619095"></a><h2>DESCRIPTION</h2>
+<a name="id2619436"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643171"></a><h2>SEE ALSO</h2>
+<a name="id2642761"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2643202"></a><h2>AUTHOR</h2>
+<a name="id2642792"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2622390"></a><h2>DESCRIPTION</h2>
+<a name="id2622049"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2682550"></a><h2>FILES</h2>
+<a name="id2682482"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2648867"></a><h2>DESCRIPTION</h2>
+<a name="id2651120"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2648933"></a><h2>OPTIONS</h2>
+<a name="id2651186"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2658057"></a><h2>EXAMPLES</h2>
+<a name="id2656146"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659547"></a><h2>SEE ALSO</h2>
+<a name="id2659342"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659586"></a><h2>AUTHOR</h2>
+<a name="id2659381"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2620796"></a><h2>DESCRIPTION</h2>
+<a name="id2620455"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2648627"></a><h2>SEE ALSO</h2>
+<a name="id2650129"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2648665"></a><h2>AUTHOR</h2>
+<a name="id2650167"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2686947"></a><h2>LIMITATIONS</h2>
+<a name="id2684011"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2686965"></a><h2>SEE ALSO</h2>
+<a name="id2684029"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2687020"></a><h2>AUTHOR</h2>
+<a name="id2684085"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
projects / thirdparty / bind9.git / commitdiff
