.PP
\fBsecroots \fR\fB[\-]\fR\fB \fR\fB[\fIview \&.\&.\&.\fR]\fR
.RS 4
-Dump the server\*(Aqs security roots and negative trust anchors for the specified views\&. If no view is specified, all views are dumped\&.
+Dump the security roots (i\&.e\&., trust anchors configured via
+\fBtrusted\-keys\fR,
+\fBmanaged\-keys\fR, or
+\fBdnssec\-validation auto\fR) and negative trust anchors for the specified views\&. If no view is specified, all views are dumped\&. Security roots will indicate whether they are configured as trusted keys, managed keys, or initializing managed keys (managed keys that have not yet been updated by a successful key refresh query)\&.
.sp
If the first argument is "\-", then the output is returned via the
\fBrndc\fR
<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional">-</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd>
<p>
- Dump the server's security roots and negative trust anchors
- for the specified views. If no view is specified, all views
- are dumped.
+ Dump the security roots (i.e., trust anchors
+ configured via <span class="command"><strong>trusted-keys</strong></span>,
+ <span class="command"><strong>managed-keys</strong></span>, or
+ <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
+ anchors for the specified views. If no view is specified, all
+ views are dumped. Security roots will indicate whether
+ they are configured as trusted keys, managed keys, or
+ initializing managed keys (managed keys that have not yet
+ been updated by a successful key refresh query).
</p>
<p>
If the first argument is "-", then the output is
<dd>
<p>
When called without arguments, display the current
- values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
+ values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
<span class="command"><strong>tcp-idle-timeout</strong></span>,
<span class="command"><strong>tcp-keepalive-timeout</strong></span> and
<span class="command"><strong>tcp-advertised-timeout</strong></span> options.
- When called with arguments, update these values. This
- allows an administrator to make rapid adjustments when
- under a denial of service attack. See the descriptions of
- these options in the BIND 9 Administrator Reference Manual
- for details of their use.
+ When called with arguments, update these values. This
+ allows an administrator to make rapid adjustments when
+ under a denial of service attack. See the descriptions of
+ these options in the BIND 9 Administrator Reference Manual
+ for details of their use.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
<dt><span class="term"><strong class="userinput"><code>secroots [<span class="optional">-</span>] [<span class="optional"><em class="replaceable"><code>view ...</code></em></span>]</code></strong></span></dt>
<dd>
<p>
- Dump the server's security roots and negative trust anchors
- for the specified views. If no view is specified, all views
- are dumped.
+ Dump the security roots (i.e., trust anchors
+ configured via <span class="command"><strong>trusted-keys</strong></span>,
+ <span class="command"><strong>managed-keys</strong></span>, or
+ <span class="command"><strong>dnssec-validation auto</strong></span>) and negative trust
+ anchors for the specified views. If no view is specified, all
+ views are dumped. Security roots will indicate whether
+ they are configured as trusted keys, managed keys, or
+ initializing managed keys (managed keys that have not yet
+ been updated by a successful key refresh query).
</p>
<p>
If the first argument is "-", then the output is
<dd>
<p>
When called without arguments, display the current
- values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
+ values of the <span class="command"><strong>tcp-initial-timeout</strong></span>,
<span class="command"><strong>tcp-idle-timeout</strong></span>,
<span class="command"><strong>tcp-keepalive-timeout</strong></span> and
<span class="command"><strong>tcp-advertised-timeout</strong></span> options.
- When called with arguments, update these values. This
- allows an administrator to make rapid adjustments when
- under a denial of service attack. See the descriptions of
- these options in the BIND 9 Administrator Reference Manual
- for details of their use.
+ When called with arguments, update these values. This
+ allows an administrator to make rapid adjustments when
+ under a denial of service attack. See the descriptions of
+ these options in the BIND 9 Administrator Reference Manual
+ for details of their use.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>thaw [<span class="optional"><em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</span>]</code></strong></span></dt>
projects / thirdparty / bind9.git / commitdiff
