.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: ddns-confgen.8,v 1.2 2009/06/10 00:27:21 each Exp $
+.\" $Id: ddns-confgen.8,v 1.3 2009/06/10 01:12:50 tbox Exp $
.\"
.hy 0
.ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "DDNS-CONFGEN" 8 "Jan 29, 2009" "" ""
-.SH NAME
-ddns-confgen \- ddns key generation tool
+.\" Title: ddns\-confgen
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jan 29, 2009
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "DDNS\-CONFGEN" "8" "Jan 29, 2009" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+ddns\-confgen \- ddns key generation tool
.SH "SYNOPSIS"
.HP 13
-\fBddns\-confgen\fR [\fB\-a\ \fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fIkeyname\fR\fR] [\fB\-r\ \fIrandomfile\fR\fR] [\fB\-s\fR] [\fB\-q\fR] [name]
+\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\fR] [\fB\-q\fR] [name]
.SH "DESCRIPTION"
.PP
-\fBddns\-confgen\fR generates a key for use by \fBnsupdate\fR and \fBnamed\fR\&. It simplifies configuration of dynamic zones by generating a key and providing the \fBnsupdate\fR and \fBnamed\&.conf\fR syntax that will be needed to use it, including an example \fBupdate\-policy\fR statement\&.
+\fBddns\-confgen\fR
+generates a key for use by
+\fBnsupdate\fR
+and
+\fBnamed\fR. It simplifies configuration of dynamic zones by generating a key and providing the
+\fBnsupdate\fR
+and
+\fBnamed.conf\fR
+syntax that will be needed to use it, including an example
+\fBupdate\-policy\fR
+statement.
.PP
-If a domain name is specified on the command line, it will be used in the name of the generated key and in the sample \fBnamed\&.conf\fR syntax\&. For example, \fBddns\-confgen example\&.com\fR would generate a key called "ddns\-key\&.example\&.com", and sample \fBnamed\&.conf\fR command that could be used in the zone definition for "example\&.com"\&.
+If a domain name is specified on the command line, it will be used in the name of the generated key and in the sample
+\fBnamed.conf\fR
+syntax. For example,
+\fBddns\-confgen example.com\fR
+would generate a key called "ddns\-key.example.com", and sample
+\fBnamed.conf\fR
+command that could be used in the zone definition for "example.com".
.PP
-Note that \fBnamed\fR itself can configure a local DDNS key for use with \fBnsupdate \-l\fR\&. \fBddns\-confgen\fR is only needed when a more elaborate configuration is required: for instance, if \fBnsupdate\fR is to be used from a remote system\&.
+Note that
+\fBnamed\fR
+itself can configure a local DDNS key for use with
+\fBnsupdate \-l\fR.
+\fBddns\-confgen\fR
+is only needed when a more elaborate configuration is required: for instance, if
+\fBnsupdate\fR
+is to be used from a remote system.
.SH "OPTIONS"
-.TP
+.PP
\-a \fIalgorithm\fR
-Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-sha256\&.
-.TP
+.RS 4
+Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512. The default is hmac\-sha256.
+.RE
+.PP
\-h
-Prints a short summary of the options and arguments to \fBddns\-confgen\fR\&.
-.TP
+.RS 4
+Prints a short summary of the options and arguments to
+\fBddns\-confgen\fR.
+.RE
+.PP
\-k \fIkeyname\fR
-Specifies the key name of the DDNS authentication key\&. The default is \fBddns\-key\fR\&. The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods\&.
-.TP
+.RS 4
+Specifies the key name of the DDNS authentication key. The default is
+\fBddns\-key\fR. The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods.
+.RE
+.PP
\-q
-Quiet mode: Print only the key, with no explanatory text or usage examples\&.
-.TP
+.RS 4
+Quiet mode: Print only the key, with no explanatory text or usage examples.
+.RE
+.PP
\-r \fIrandomfile\fR
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&.
-.TP
+.RS 4
+Specifies a source of random data for generating the authorization. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
\-s
-Self mode: The example \fBnamed\&.conf\fR text shows how to set an update policy using the "self" nametype, using a single key per each domain name for updates, instead of the "subdomain" nametype which allows matching on any name within a specified domain\&.
+.RS 4
+Self mode: The example
+\fBnamed.conf\fR
+text shows how to set an update policy using the "self" nametype, using a single key per each domain name for updates, instead of the "subdomain" nametype which allows matching on any name within a specified domain.
+.RE
.SH "SEE ALSO"
.PP
-\fBnsupdate\fR(1), \fBnamed\&.conf\fR(5), \fBnamed\fR(8), BIND 9 Administrator Reference Manual\&.
+\fBnsupdate\fR(1),
+\fBnamed.conf\fR(5),
+\fBnamed\fR(8),
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
+.br
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: ddns-confgen.html,v 1.2 2009/06/10 00:27:21 each Exp $ -->
+<!-- $Id: ddns-confgen.html,v 1.3 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.67.2">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="man.ddns-confgen"></a><div class="titlepage"></div>
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s</code>] [<code class="option">-q</code>] [name]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215081"></a><h2>DESCRIPTION</h2>
+<a name="id2543399"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">ddns-confgen</strong></span>
generates a key for use by <span><strong class="command">nsupdate</strong></span>
and <span><strong class="command">named</strong></span>. It simplifies configuration
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215144"></a><h2>OPTIONS</h2>
+<a name="id2543459"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215274"></a><h2>SEE ALSO</h2>
+<a name="id2543578"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215312"></a><h2>AUTHOR</h2>
+<a name="id2543617"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc-confgen.8,v 1.2 2009/06/10 00:27:21 each Exp $
+.\" $Id: rndc-confgen.8,v 1.3 2009/06/10 01:12:50 tbox Exp $
.\"
.hy 0
.ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "RNDC-CONFGEN" 8 "Aug 27, 2001" "" ""
-.SH NAME
-rndc-confgen \- rndc key generation tool
+.\" Title: rndc\-confgen
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Aug 27, 2001
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+rndc\-confgen \- rndc key generation tool
.SH "SYNOPSIS"
.HP 13
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fIkeysize\fR\fR] [\fB\-c\ \fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fIkeyname\fR\fR] [\fB\-p\ \fIport\fR\fR] [\fB\-r\ \fIrandomfile\fR\fR] [\fB\-s\ \fIaddress\fR\fR] [\fB\-t\ \fIchrootdir\fR\fR] [\fB\-u\ \fIuser\fR\fR]
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
.SH "DESCRIPTION"
.PP
-\fBrndc\-confgen\fR generates configuration files for \fBrndc\fR\&. It can be used as a convenient alternative to writing the \fIrndc\&.conf\fR file and the corresponding \fBcontrols\fR and \fBkey\fR statements in \fInamed\&.conf\fR by hand\&. Alternatively, it can be run with the \fB\-a\fR option to set up a \fIrndc\&.key\fR file and avoid the need for a \fIrndc\&.conf\fR file and a \fBcontrols\fR statement altogether\&.
+\fBrndc\-confgen\fR
+generates configuration files for
+\fBrndc\fR. It can be used as a convenient alternative to writing the
+\fIrndc.conf\fR
+file and the corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements in
+\fInamed.conf\fR
+by hand. Alternatively, it can be run with the
+\fB\-a\fR
+option to set up a
+\fIrndc.key\fR
+file and avoid the need for a
+\fIrndc.conf\fR
+file and a
+\fBcontrols\fR
+statement altogether.
.SH "OPTIONS"
-.TP
+.PP
\-a
-Do automatic \fBrndc\fR configuration\&. This creates a file \fIrndc\&.key\fR in \fI/etc\fR (or whatever \fIsysconfdir\fR was specified as when BIND was built) that is read by both \fBrndc\fR and \fBnamed\fR on startup\&. The \fIrndc\&.key\fR file defines a default command channel and authentication key allowing \fBrndc\fR to communicate with \fBnamed\fR on the local host with no further configuration\&.
-Running \fBrndc\-confgen \-a\fR allows BIND 9 and \fBrndc\fR to be used as drop\-in replacements for BIND 8 and \fBndc\fR, with no changes to the existing BIND 8 \fInamed\&.conf\fR file\&.
-If a more elaborate configuration than that generated by \fBrndc\-confgen \-a\fR is required, for example if rndc is to be used remotely, you should run \fBrndc\-confgen\fR without the \fB\-a\fR option and set up a \fIrndc\&.conf\fR and \fInamed\&.conf\fR as directed\&.
-.TP
+.RS 4
+Do automatic
+\fBrndc\fR
+configuration. This creates a file
+\fIrndc.key\fR
+in
+\fI/etc\fR
+(or whatever
+\fIsysconfdir\fR
+was specified as when
+BIND
+was built) that is read by both
+\fBrndc\fR
+and
+\fBnamed\fR
+on startup. The
+\fIrndc.key\fR
+file defines a default command channel and authentication key allowing
+\fBrndc\fR
+to communicate with
+\fBnamed\fR
+on the local host with no further configuration.
+.sp
+Running
+\fBrndc\-confgen \-a\fR
+allows BIND 9 and
+\fBrndc\fR
+to be used as drop\-in replacements for BIND 8 and
+\fBndc\fR, with no changes to the existing BIND 8
+\fInamed.conf\fR
+file.
+.sp
+If a more elaborate configuration than that generated by
+\fBrndc\-confgen \-a\fR
+is required, for example if rndc is to be used remotely, you should run
+\fBrndc\-confgen\fR
+without the
+\fB\-a\fR
+option and set up a
+\fIrndc.conf\fR
+and
+\fInamed.conf\fR
+as directed.
+.RE
+.PP
\-b \fIkeysize\fR
-Specifies the size of the authentication key in bits\&. Must be between 1 and 512 bits; the default is 128\&.
-.TP
+.RS 4
+Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128.
+.RE
+.PP
\-c \fIkeyfile\fR
-Used with the \fB\-a\fR option to specify an alternate location for \fIrndc\&.key\fR\&.
-.TP
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify an alternate location for
+\fIrndc.key\fR.
+.RE
+.PP
\-h
-Prints a short summary of the options and arguments to \fBrndc\-confgen\fR\&.
-.TP
+.RS 4
+Prints a short summary of the options and arguments to
+\fBrndc\-confgen\fR.
+.RE
+.PP
\-k \fIkeyname\fR
-Specifies the key name of the rndc authentication key\&. This must be a valid domain name\&. The default is \fBrndc\-key\fR\&.
-.TP
+.RS 4
+Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is
+\fBrndc\-key\fR.
+.RE
+.PP
\-p \fIport\fR
-Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR\&. The default is 953\&.
-.TP
+.RS 4
+Specifies the command channel port where
+\fBnamed\fR
+listens for connections from
+\fBrndc\fR. The default is 953.
+.RE
+.PP
\-r \fIrandomfile\fR
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&.
-.TP
+.RS 4
+Specifies a source of random data for generating the authorization. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
\-s \fIaddress\fR
-Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR\&. The default is the loopback address 127\&.0\&.0\&.1\&.
-.TP
+.RS 4
+Specifies the IP address where
+\fBnamed\fR
+listens for command channel connections from
+\fBrndc\fR. The default is the loopback address 127.0.0.1.
+.RE
+.PP
\-t \fIchrootdir\fR
-Used with the \fB\-a\fR option to specify a directory where \fBnamed\fR will run chrooted\&. An additional copy of the \fIrndc\&.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR\&.
-.TP
+.RS 4
+Used with the
+\fB\-a\fR
+option to specify a directory where
+\fBnamed\fR
+will run chrooted. An additional copy of the
+\fIrndc.key\fR
+will be written relative to this directory so that it will be found by the chrooted
+\fBnamed\fR.
+.RE
+.PP
\-u \fIuser\fR
-Used with the \fB\-a\fR option to set the owner of the \fIrndc\&.key\fR file generated\&. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed\&.
+.RS 4
+Used with the
+\fB\-a\fR
+option to set the owner of the
+\fIrndc.key\fR
+file generated. If
+\fB\-t\fR
+is also specified only the file in the chroot area has its owner changed.
+.RE
.SH "EXAMPLES"
.PP
-To allow \fBrndc\fR to be used with no manual configuration, run
+To allow
+\fBrndc\fR
+to be used with no manual configuration, run
.PP
-\fBrndc\-confgen \-a\fR
+\fBrndc\-confgen \-a\fR
.PP
-To print a sample \fIrndc\&.conf\fR file and corresponding \fBcontrols\fR and \fBkey\fR statements to be manually inserted into \fInamed\&.conf\fR, run
+To print a sample
+\fIrndc.conf\fR
+file and corresponding
+\fBcontrols\fR
+and
+\fBkey\fR
+statements to be manually inserted into
+\fInamed.conf\fR, run
.PP
-\fBrndc\-confgen\fR
+\fBrndc\-confgen\fR
.SH "SEE ALSO"
.PP
-\fBrndc\fR(8), \fBrndc\&.conf\fR(5), \fBnamed\fR(8), BIND 9 Administrator Reference Manual\&.
+\fBrndc\fR(8),
+\fBrndc.conf\fR(5),
+\fBnamed\fR(8),
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
+.br
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc-confgen.html,v 1.2 2009/06/10 00:27:21 each Exp $ -->
+<!-- $Id: rndc-confgen.html,v 1.3 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.67.2">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="man.rndc-confgen"></a><div class="titlepage"></div>
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215112"></a><h2>DESCRIPTION</h2>
+<a name="id2543429"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215153"></a><h2>OPTIONS</h2>
+<a name="id2543474"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
This creates a file <code class="filename">rndc.key</code>
in <code class="filename">/etc</code> (or whatever
<code class="varname">sysconfdir</code>
- was specified as when <span class="acronym">BIND</span> was
+ was specified as when <acronym class="acronym">BIND</acronym> was
built)
that is read by both <span><strong class="command">rndc</strong></span>
and <span><strong class="command">named</strong></span> on startup. The
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215471"></a><h2>EXAMPLES</h2>
+<a name="id2543787"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215511"></a><h2>SEE ALSO</h2>
+<a name="id2543829"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215549"></a><h2>AUTHOR</h2>
+<a name="id2543867"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.1,v 1.6 2009/06/10 00:27:21 each Exp $
+.\" $Id: nsupdate.1,v 1.7 2009/06/10 01:12:50 tbox Exp $
.\"
.hy 0
.ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "NSUPDATE" 1 "Jun 30, 2000" "" ""
-.SH NAME
+.\" Title: nsupdate
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: Jun 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
nsupdate \- Dynamic DNS update utility
.SH "SYNOPSIS"
.HP 9
-\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\fB\-g\fR\fR | \fB\fB\-o\fR\fR | \fB\fB\-y\ \fI[hmac:]keyname:secret\fR\fR\fR | \fB\fB\-k\ \fIkeyfile\fR\fR\fR] [\fB\-t\ \fItimeout\fR\fR] [\fB\-u\ \fIudptimeout\fR\fR] [\fB\-r\ \fIudpretries\fR\fR] [\fB\-R\ \fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
.SH "DESCRIPTION"
.PP
-\fBnsupdate\fR is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server\&. This allows resource records to be added or removed from a zone without manually editing the zone file\&. A single update request can contain requests to add or remove more than one resource record\&.
+\fBnsupdate\fR
+is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
.PP
-Zones that are under dynamic control via \fBnsupdate\fR or a DHCP server should not be edited by hand\&. Manual edits could conflict with dynamic updates and cause data to be lost\&.
+Zones that are under dynamic control via
+\fBnsupdate\fR
+or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.
.PP
-The resource records that are dynamically added or removed with \fBnsupdate\fR have to be in the same zone\&. Requests are sent to the zone's master server\&. This is identified by the MNAME field of the zone's SOA record\&.
+The resource records that are dynamically added or removed with
+\fBnsupdate\fR
+have to be in the same zone. Requests are sent to the zone's master server. This is identified by the MNAME field of the zone's SOA record.
.PP
-The \fB\-d\fR option makes \fBnsupdate\fR operate in debug mode\&. This provides tracing information about the update requests that are made and the replies received from the name server\&.
+The
+\fB\-d\fR
+option makes
+\fBnsupdate\fR
+operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server.
.PP
-The \fB\-D\fR option makes \fBnsupdate\fR report additional debugging information to \fB\-d\fR\&.
+The
+\fB\-D\fR
+option makes
+\fBnsupdate\fR
+report additional debugging information to
+\fB\-d\fR.
.PP
-The \fB\-L\fR option with an integer argument of zero or higher sets the logging debug level\&. If zero, logging is disabled\&.
+The
+\fB\-L\fR
+option with an integer argument of zero or higher sets the logging debug level. If zero, logging is disabled.
.PP
-Transaction signatures can be used to authenticate the Dynamic DNS updates\&. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931 or GSS\-TSIG as described in RFC3645\&. TSIG relies on a shared secret that should only be known to \fBnsupdate\fR and the name server\&. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104\&. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other\&. For instance, suitable \fBkey\fR and \fBserver\fR statements would be added to \fI/etc/named\&.conf\fR so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication\&. SIG(0) uses public key cryptography\&. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server\&. \fBnsupdate\fR does not read \fI/etc/named\&.conf\fR\&. GSS\-TSIG uses Kerberos credentials\&.
+Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931 or GSS\-TSIG as described in RFC3645. TSIG relies on a shared secret that should only be known to
+\fBnsupdate\fR
+and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
+\fBkey\fR
+and
+\fBserver\fR
+statements would be added to
+\fI/etc/named.conf\fR
+so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server.
+\fBnsupdate\fR
+does not read
+\fI/etc/named.conf\fR. GSS\-TSIG uses Kerberos credentials.
.PP
-\fBnsupdate\fR uses the \fB\-y\fR or \fB\-k\fR option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5\&. These options are mutually exclusive\&.
+\fBnsupdate\fR
+uses the
+\fB\-y\fR
+or
+\fB\-k\fR
+option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5. These options are mutually exclusive.
.PP
-When the \fB\-y\fR option is used, a signature is generated from [\fIhmac:\fR]\fIkeyname:secret\&.\fR \fIkeyname\fR is the name of the key, and \fIsecret\fR is the base64 encoded shared secret\&. Use of the \fB\-y\fR option is discouraged because the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from \fBps\fR(1) or in a history file maintained by the user's shell\&.
+When the
+\fB\-y\fR
+option is used, a signature is generated from
+[\fIhmac:\fR]\fIkeyname:secret.\fR
+\fIkeyname\fR
+is the name of the key, and
+\fIsecret\fR
+is the base64 encoded shared secret. Use of the
+\fB\-y\fR
+option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
+\fBps\fR(1)
+or in a history file maintained by the user's shell.
.PP
-With the \fB\-k\fR option, \fBnsupdate\fR reads the shared secret from the file \fIkeyfile\fR\&. Keyfiles may be in two formats: a single file containing a \fInamed\&.conf\fR\-format \fBkey\fR statement, which may be generated automatically by \fBddns\-confgen\fR, or a pair of files whose names are of the format \fIK{name}\&.+157\&.+{random}\&.key\fR and \fIK{name}\&.+157\&.+{random}\&.private\fR, which can be generated by \fBdnssec\-keygen\fR\&. The \fB\-k\fR may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests\&. In this case, the key specified is not an HMAC\-MD5 key\&.
+With the
+\fB\-k\fR
+option,
+\fBnsupdate\fR
+reads the shared secret from the file
+\fIkeyfile\fR. Keyfiles may be in two formats: a single file containing a
+\fInamed.conf\fR\-format
+\fBkey\fR
+statement, which may be generated automatically by
+\fBddns\-confgen\fR, or a pair of files whose names are of the format
+\fIK{name}.+157.+{random}.key\fR
+and
+\fIK{name}.+157.+{random}.private\fR, which can be generated by
+\fBdnssec\-keygen\fR. The
+\fB\-k\fR
+may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key.
.PP
- \fBnsupdate\fR can be run in a local\-host only mode using the \fB\-l\fR flag\&. This sets the server address to localhost (disabling the \fBserver\fR so that the server address cannot be overridden)\&. Connections to the local server will use a TSIG key found in \fI/var/run/named/ddns\&.key\fR, which is automatically generated by \fBnamed\fR if any local master zone has the \fBdynamic\fR zone option set to yes\&. The location of this key file can be overridden with the \fB\-k\fR option\&.
+\fBnsupdate\fR
+can be run in a local\-host only mode using the
+\fB\-l\fR
+flag. This sets the server address to localhost (disabling the
+\fBserver\fR
+so that the server address cannot be overridden). Connections to the local server will use a TSIG key found in
+\fI/var/run/named/ddns.key\fR, which is automatically generated by
+\fBnamed\fR
+if any local master zone has the
+\fBdynamic\fR
+zone option set to yes. The location of this key file can be overridden with the
+\fB\-k\fR
+option.
.PP
-By default, \fBnsupdate\fR uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used\&. The \fB\-v\fR option makes \fBnsupdate\fR use a TCP connection\&. This may be preferable when a batch of update requests is made\&.
+By default,
+\fBnsupdate\fR
+uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The
+\fB\-v\fR
+option makes
+\fBnsupdate\fR
+use a TCP connection. This may be preferable when a batch of update requests is made.
.PP
-The \fB\-p\fR sets the default port number to use for connections to a name server\&. The default is 53\&.
+The
+\fB\-p\fR
+sets the default port number to use for connections to a name server. The default is 53.
.PP
-The \fB\-t\fR option sets the maximum time an update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&.
+The
+\fB\-t\fR
+option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
.PP
-The \fB\-u\fR option sets the UDP retry interval\&. The default is 3 seconds\&. If zero, the interval will be computed from the timeout interval and number of UDP retries\&.
+The
+\fB\-u\fR
+option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries.
.PP
-The \fB\-r\fR option sets the number of UDP retries\&. The default is 3\&. If zero, only one update request will be made\&.
+The
+\fB\-r\fR
+option sets the number of UDP retries. The default is 3. If zero, only one update request will be made.
.PP
-The \fB\-R \fIrandomdev\fR\fR option specifies a source of randomness\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&. This option may be specified multiple times\&.
+The
+\fB\-R \fR\fB\fIrandomdev\fR\fR
+option specifies a source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used. This option may be specified multiple times.
.SH "INPUT FORMAT"
.PP
-\fBnsupdate\fR reads input from \fIfilename\fR or standard input\&. Each command is supplied on exactly one line of input\&. Some commands are for administrative purposes\&. The others are either update instructions or prerequisite checks on the contents of the zone\&. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone\&. These conditions must be met if the entire update request is to succeed\&. Updates will be rejected if the tests for the prerequisite conditions fail\&.
+\fBnsupdate\fR
+reads input from
+\fIfilename\fR
+or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.
+.PP
+Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the
+\fBsend\fR
+command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
.PP
-Every update request consists of zero or more prerequisites and zero or more updates\&. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone\&. A blank input line (or the \fBsend\fR command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server\&.
+The command formats and their meaning are as follows:
.PP
-The command formats and their meaning are as follows:
-.TP
\fBserver\fR {servername} [port]
-Sends all dynamic update requests to the name server \fIservername\fR\&. When no server statement is provided, \fBnsupdate\fR will send updates to the master server of the correct zone\&. The MNAME field of that zone's SOA record will identify the master server for that zone\&. \fIport\fR is the port number on \fIservername\fR where the dynamic update requests get sent\&. If no port number is specified, the default DNS port number of 53 is used\&.
-.TP
+.RS 4
+Sends all dynamic update requests to the name server
+\fIservername\fR. When no server statement is provided,
+\fBnsupdate\fR
+will send updates to the master server of the correct zone. The MNAME field of that zone's SOA record will identify the master server for that zone.
+\fIport\fR
+is the port number on
+\fIservername\fR
+where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
+.RE
+.PP
\fBlocal\fR {address} [port]
-Sends all dynamic update requests using the local \fIaddress\fR\&. When no local statement is provided, \fBnsupdate\fR will send updates using an address and port chosen by the system\&. \fIport\fR can additionally be used to make requests come from a specific port\&. If no port number is specified, the system will assign one\&.
-.TP
+.RS 4
+Sends all dynamic update requests using the local
+\fIaddress\fR. When no local statement is provided,
+\fBnsupdate\fR
+will send updates using an address and port chosen by the system.
+\fIport\fR
+can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
+.RE
+.PP
\fBzone\fR {zonename}
-Specifies that all updates are to be made to the zone \fIzonename\fR\&. If no \fIzone\fR statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input\&.
-.TP
+.RS 4
+Specifies that all updates are to be made to the zone
+\fIzonename\fR. If no
+\fIzone\fR
+statement is provided,
+\fBnsupdate\fR
+will attempt determine the correct zone to update based on the rest of the input.
+.RE
+.PP
\fBclass\fR {classname}
-Specify the default class\&. If no \fIclass\fR is specified, the default class is \fIIN\fR\&.
-.TP
+.RS 4
+Specify the default class. If no
+\fIclass\fR
+is specified, the default class is
+\fIIN\fR.
+.RE
+.PP
\fBttl\fR {seconds}
-Specify the default time to live for records to be added\&. The value \fInone\fR will clear the default ttl\&.
-.TP
+.RS 4
+Specify the default time to live for records to be added. The value
+\fInone\fR
+will clear the default ttl.
+.RE
+.PP
\fBkey\fR {name} {secret}
-Specifies that all updates are to be TSIG\-signed using the \fIkeyname\fR \fIkeysecret\fR pair\&. The \fBkey\fR command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR\&.
-.TP
+.RS 4
+Specifies that all updates are to be TSIG\-signed using the
+\fIkeyname\fR
+\fIkeysecret\fR
+pair. The
+\fBkey\fR
+command overrides any key specified on the command line via
+\fB\-y\fR
+or
+\fB\-k\fR.
+.RE
+.PP
\fBprereq nxdomain\fR {domain\-name}
-Requires that no resource record of any type exists with name \fIdomain\-name\fR\&.
-.TP
+.RS 4
+Requires that no resource record of any type exists with name
+\fIdomain\-name\fR.
+.RE
+.PP
\fBprereq yxdomain\fR {domain\-name}
-Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type)\&.
-.TP
+.RS 4
+Requires that
+\fIdomain\-name\fR
+exists (has as at least one resource record, of any type).
+.RE
+.PP
\fBprereq nxrrset\fR {domain\-name} [class] {type}
-Requires that no resource record exists of the specified \fItype\fR, \fIclass\fR and \fIdomain\-name\fR\&. If \fIclass\fR is omitted, IN (internet) is assumed\&.
-.TP
+.RS 4
+Requires that no resource record exists of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR. If
+\fIclass\fR
+is omitted, IN (internet) is assumed.
+.RE
+.PP
\fBprereq yxrrset\fR {domain\-name} [class] {type}
-This requires that a resource record of the specified \fItype\fR, \fIclass\fR and \fIdomain\-name\fR must exist\&. If \fIclass\fR is omitted, IN (internet) is assumed\&.
-.TP
+.RS 4
+This requires that a resource record of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR
+must exist. If
+\fIclass\fR
+is omitted, IN (internet) is assumed.
+.RE
+.PP
\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
-The \fIdata\fR from each set of prerequisites of this form sharing a common \fItype\fR, \fIclass\fR, and \fIdomain\-name\fR are combined to form a set of RRs\&. This set of RRs must exactly match the set of RRs existing in the zone at the given \fItype\fR, \fIclass\fR, and \fIdomain\-name\fR\&. The \fIdata\fR are written in the standard text representation of the resource record's RDATA\&.
-.TP
+.RS 4
+The
+\fIdata\fR
+from each set of prerequisites of this form sharing a common
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR
+are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR. The
+\fIdata\fR
+are written in the standard text representation of the resource record's RDATA.
+.RE
+.PP
\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
-Deletes any resource records named \fIdomain\-name\fR\&. If \fItype\fR and \fIdata\fR is provided, only matching resource records will be removed\&. The internet class is assumed if \fIclass\fR is not supplied\&. The \fIttl\fR is ignored, and is only allowed for compatibility\&.
-.TP
+.RS 4
+Deletes any resource records named
+\fIdomain\-name\fR. If
+\fItype\fR
+and
+\fIdata\fR
+is provided, only matching resource records will be removed. The internet class is assumed if
+\fIclass\fR
+is not supplied. The
+\fIttl\fR
+is ignored, and is only allowed for compatibility.
+.RE
+.PP
\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
-Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR\&.
-.TP
+.RS 4
+Adds a new resource record with the specified
+\fIttl\fR,
+\fIclass\fR
+and
+\fIdata\fR.
+.RE
+.PP
\fBshow\fR
-Displays the current message, containing all of the prerequisites and updates specified since the last send\&.
-.TP
+.RS 4
+Displays the current message, containing all of the prerequisites and updates specified since the last send.
+.RE
+.PP
\fBsend\fR
-Sends the current message\&. This is equivalent to entering a blank line\&.
-.TP
+.RS 4
+Sends the current message. This is equivalent to entering a blank line.
+.RE
+.PP
\fBanswer\fR
-Displays the answer\&.
-.TP
+.RS 4
+Displays the answer.
+.RE
+.PP
\fBdebug\fR
-Turn on debugging\&.
+.RS 4
+Turn on debugging.
+.RE
.PP
-Lines beginning with a semicolon are comments and are ignored\&.
+Lines beginning with a semicolon are comments and are ignored.
.SH "EXAMPLES"
.PP
-The examples below show how \fBnsupdate\fR could be used to insert and delete resource records from the \fBexample\&.com\fR zone\&. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample\&.com\fR\&.
+The examples below show how
+\fBnsupdate\fR
+could be used to insert and delete resource records from the
+\fBexample.com\fR
+zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
+\fBexample.com\fR.
+.sp
+.RS 4
.nf
# nsupdate
-> update delete oldhost\&.example\&.com A
-> update add newhost\&.example\&.com 86400 A 172\&.16\&.1\&.1
+> update delete oldhost.example.com A
+> update add newhost.example.com 86400 A 172.16.1.1
> send
.fi
+.RE
+.sp
.PP
-Any A records for \fBoldhost\&.example\&.com\fR are deleted\&. And an A record for \fBnewhost\&.example\&.com\fR with IP address 172\&.16\&.1\&.1 is added\&. The newly\-added record has a 1 day TTL (86400 seconds)\&.
+Any A records for
+\fBoldhost.example.com\fR
+are deleted. And an A record for
+\fBnewhost.example.com\fR
+with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
+.sp
+.RS 4
.nf
# nsupdate
-> prereq nxdomain nickname\&.example\&.com
-> update add nickname\&.example\&.com 86400 CNAME somehost\&.example\&.com
+> prereq nxdomain nickname.example.com
+> update add nickname.example.com 86400 CNAME somehost.example.com
> send
.fi
+.RE
+.sp
.PP
-The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname\&.example\&.com\fR\&. If there are, the update request fails\&. If this name does not exist, a CNAME for it is added\&. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME\&. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records\&.)
+The prerequisite condition gets the name server to check that there are no resource records of any type for
+\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
.SH "FILES"
-.TP
-\fB/etc/resolv\&.conf\fR
+.PP
+\fB/etc/resolv.conf\fR
+.RS 4
used to identify default name server
-.TP
-\fB/var/run/named/ddns\&.key\fR
+.RE
+.PP
+\fB/var/run/named/ddns.key\fR
+.RS 4
sets the default TSIG key for use in local\-only mode
-.TP
-\fBK{name}\&.+157\&.+{random}\&.key\fR
-base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8)\&.
-.TP
-\fBK{name}\&.+157\&.+{random}\&.private\fR
-base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8)\&.
+.RE
+.PP
+\fBK{name}.+157.+{random}.key\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec\-keygen\fR(8).
+.RE
+.PP
+\fBK{name}.+157.+{random}.private\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec\-keygen\fR(8).
+.RE
.SH "SEE ALSO"
.PP
-\fBRFC2136\fR(), \fBRFC3007\fR(), \fBRFC2104\fR(), \fBRFC2845\fR(), \fBRFC1034\fR(), \fBRFC2535\fR(), \fBRFC2931\fR(), \fBnamed\fR(8), \fBddns\-confgen\fR(8), \fBdnssec\-keygen\fR(8)\&.
+\fBRFC2136\fR(),
+\fBRFC3007\fR(),
+\fBRFC2104\fR(),
+\fBRFC2845\fR(),
+\fBRFC1034\fR(),
+\fBRFC2535\fR(),
+\fBRFC2931\fR(),
+\fBnamed\fR(8),
+\fBddns\-confgen\fR(8),
+\fBdnssec\-keygen\fR(8).
.SH "BUGS"
.PP
-The TSIG key is redundantly stored in two separate files\&. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases\&.
+The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.43 2009/06/10 00:27:21 each Exp $ -->
+<!-- $Id: nsupdate.html,v 1.44 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>nsupdate</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.67.2">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="man.nsupdate"></a><div class="titlepage"></div>
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215133"></a><h2>DESCRIPTION</h2>
+<a name="id2543449"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215413"></a><h2>INPUT FORMAT</h2>
+<a name="id2543769"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
{domain-name}
[ttl]
[class]
- [type [data...]]
+ [type [data...]]
</span></dt>
<dd><p>
Deletes any resource records named
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id216068"></a><h2>EXAMPLES</h2>
+<a name="id2544610"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id216122"></a><h2>FILES</h2>
+<a name="id2544653"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id216386"></a><h2>SEE ALSO</h2>
+<a name="id2542142"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id216465"></a><h2>BUGS</h2>
+<a name="id2545020"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.conf.5,v 1.39 2009/06/10 00:27:21 each Exp $
+.\" $Id: rndc.conf.5,v 1.40 2009/06/10 01:12:50 tbox Exp $
.\"
.hy 0
.ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "RNDC.CONF" 5 "June 30, 2000" "" ""
-.SH NAME
+.\" Title: \fIrndc.conf\fR
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Date: June 30, 2000
+.\" Manual: BIND9
+.\" Source: BIND9
+.\"
+.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
rndc.conf \- rndc configuration file
.SH "SYNOPSIS"
.HP 10
-\fBrndc\&.conf\fR
+\fBrndc.conf\fR
.SH "DESCRIPTION"
.PP
-\fIrndc\&.conf\fR is the configuration file for \fBrndc\fR, the BIND 9 name server control utility\&. This file has a similar structure and syntax to \fInamed\&.conf\fR\&. Statements are enclosed in braces and terminated with a semi\-colon\&. Clauses in the statements are also semi\-colon terminated\&. The usual comment styles are supported:
+\fIrndc.conf\fR
+is the configuration file for
+\fBrndc\fR, the BIND 9 name server control utility. This file has a similar structure and syntax to
+\fInamed.conf\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
.PP
C style: /* */
.PP
.PP
Unix style: # to end of line
.PP
-\fIrndc\&.conf\fR is much simpler than \fInamed\&.conf\fR\&. The file uses three statements: an options statement, a server statement and a key statement\&.
-.PP
-The \fBoptions\fR statement contains five clauses\&. The \fBdefault\-server\fR clause is followed by the name or address of a name server\&. This host will be used when no name server is given as an argument to \fBrndc\fR\&. The \fBdefault\-key\fR clause is followed by the name of a key which is identified by a \fBkey\fR statement\&. If no \fBkeyid\fR is provided on the rndc command line, and no \fBkey\fR clause is found in a matching \fBserver\fR statement, this default key will be used to authenticate the server's commands and responses\&. The \fBdefault\-port\fR clause is followed by the port to connect to on the remote name server\&. If no \fBport\fR option is provided on the rndc command line, and no \fBport\fR clause is found in a matching \fBserver\fR statement, this default port will be used to connect\&. The \fBdefault\-source\-address\fR and \fBdefault\-source\-address\-v6\fR clauses which can be used to set the IPv4 and IPv6 source addresses respectively\&.
-.PP
-After the \fBserver\fR keyword, the server statement includes a string which is the hostname or address for a name server\&. The statement has three possible clauses: \fBkey\fR, \fBport\fR and \fBaddresses\fR\&. The key name must match the name of a key statement in the file\&. The port number specifies the port to connect to\&. If an \fBaddresses\fR clause is supplied these addresses will be used instead of the server name\&. Each address can take an optional port\&. If an \fBsource\-address\fR or \fBsource\-address\-v6\fR of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively\&.
-.PP
-The \fBkey\fR statement begins with an identifying string, the name of the key\&. The statement has two clauses\&. \fBalgorithm\fR identifies the encryption algorithm for \fBrndc\fR to use; currently only HMAC\-MD5 is supported\&. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key\&. The base\-64 string is enclosed in double quotes\&.
-.PP
-There are two common ways to generate the base\-64 string for the secret\&. The BIND 9 program \fBrndc\-confgen\fR can be used to generate a random key, or the \fBmmencode\fR program, also known as \fBmimencode\fR, can be used to generate a base\-64 string from known input\&. \fBmmencode\fR does not ship with BIND 9 but is available on many systems\&. See the EXAMPLE section for sample command lines for each\&.
+\fIrndc.conf\fR
+is much simpler than
+\fInamed.conf\fR. The file uses three statements: an options statement, a server statement and a key statement.
+.PP
+The
+\fBoptions\fR
+statement contains five clauses. The
+\fBdefault\-server\fR
+clause is followed by the name or address of a name server. This host will be used when no name server is given as an argument to
+\fBrndc\fR. The
+\fBdefault\-key\fR
+clause is followed by the name of a key which is identified by a
+\fBkey\fR
+statement. If no
+\fBkeyid\fR
+is provided on the rndc command line, and no
+\fBkey\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default key will be used to authenticate the server's commands and responses. The
+\fBdefault\-port\fR
+clause is followed by the port to connect to on the remote name server. If no
+\fBport\fR
+option is provided on the rndc command line, and no
+\fBport\fR
+clause is found in a matching
+\fBserver\fR
+statement, this default port will be used to connect. The
+\fBdefault\-source\-address\fR
+and
+\fBdefault\-source\-address\-v6\fR
+clauses which can be used to set the IPv4 and IPv6 source addresses respectively.
+.PP
+After the
+\fBserver\fR
+keyword, the server statement includes a string which is the hostname or address for a name server. The statement has three possible clauses:
+\fBkey\fR,
+\fBport\fR
+and
+\fBaddresses\fR. The key name must match the name of a key statement in the file. The port number specifies the port to connect to. If an
+\fBaddresses\fR
+clause is supplied these addresses will be used instead of the server name. Each address can take an optional port. If an
+\fBsource\-address\fR
+or
+\fBsource\-address\-v6\fR
+of supplied then these will be used to specify the IPv4 and IPv6 source addresses respectively.
+.PP
+The
+\fBkey\fR
+statement begins with an identifying string, the name of the key. The statement has two clauses.
+\fBalgorithm\fR
+identifies the encryption algorithm for
+\fBrndc\fR
+to use; currently only HMAC\-MD5 is supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm's encryption key. The base\-64 string is enclosed in double quotes.
+.PP
+There are two common ways to generate the base\-64 string for the secret. The BIND 9 program
+\fBrndc\-confgen\fR
+can be used to generate a random key, or the
+\fBmmencode\fR
+program, also known as
+\fBmimencode\fR, can be used to generate a base\-64 string from known input.
+\fBmmencode\fR
+does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each.
.SH "EXAMPLE"
.PP
+.RS 4
.nf
options {
default\-server localhost;
default\-key samplekey;
};
.fi
+.RE
+.sp
.PP
+.RS 4
.nf
server localhost {
key samplekey;
};
.fi
+.RE
+.sp
.PP
+.RS 4
.nf
server testserver {
key testkey;
addresses { localhost port 5353; };
};
.fi
+.RE
+.sp
.PP
+.RS 4
.nf
key samplekey {
algorithm hmac\-md5;
secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
};
.fi
+.RE
+.sp
.PP
+.RS 4
.nf
key testkey {
algorithm hmac\-md5;
secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
};
.fi
-.PP
-In the above example, \fBrndc\fR will by default use the server at localhost (127\&.0\&.0\&.1) and the key called samplekey\&. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret\&. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes\&.
-.PP
-If \fBrndc \-s testserver\fR is used then \fBrndc\fR will connect to server on localhost port 5353 using the key testkey\&.
-.PP
-To generate a random secret with \fBrndc\-confgen\fR:
-.PP
-\fBrndc\-confgen\fR
-.PP
-A complete \fIrndc\&.conf\fR file, including the randomly generated key, will be written to the standard output\&. Commented\-out \fBkey\fR and \fBcontrols\fR statements for \fInamed\&.conf\fR are also printed\&.
-.PP
-To generate a base\-64 secret with \fBmmencode\fR:
-.PP
-\fBecho "known plaintext for a secret" | mmencode\fR
+.RE
+.sp
+.PP
+In the above example,
+\fBrndc\fR
+will by default use the server at localhost (127.0.0.1) and the key called samplekey. Commands to the localhost server will use the samplekey key, which must also be defined in the server's configuration file with the same name and secret. The key statement indicates that samplekey uses the HMAC\-MD5 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-MD5 secret enclosed in double quotes.
+.PP
+If
+\fBrndc \-s testserver\fR
+is used then
+\fBrndc\fR
+will connect to server on localhost port 5353 using the key testkey.
+.PP
+To generate a random secret with
+\fBrndc\-confgen\fR:
+.PP
+\fBrndc\-confgen\fR
+.PP
+A complete
+\fIrndc.conf\fR
+file, including the randomly generated key, will be written to the standard output. Commented\-out
+\fBkey\fR
+and
+\fBcontrols\fR
+statements for
+\fInamed.conf\fR
+are also printed.
+.PP
+To generate a base\-64 secret with
+\fBmmencode\fR:
+.PP
+\fBecho "known plaintext for a secret" | mmencode\fR
.SH "NAME SERVER CONFIGURATION"
.PP
-The name server must be configured to accept rndc connections and to recognize the key specified in the \fIrndc\&.conf\fR file, using the controls statement in \fInamed\&.conf\fR\&. See the sections on the \fBcontrols\fR statement in the BIND 9 Administrator Reference Manual for details\&.
+The name server must be configured to accept rndc connections and to recognize the key specified in the
+\fIrndc.conf\fR
+file, using the controls statement in
+\fInamed.conf\fR. See the sections on the
+\fBcontrols\fR
+statement in the BIND 9 Administrator Reference Manual for details.
.SH "SEE ALSO"
.PP
-\fBrndc\fR(8), \fBrndc\-confgen\fR(8), \fBmmencode\fR(1), BIND 9 Administrator Reference Manual\&.
+\fBrndc\fR(8),
+\fBrndc\-confgen\fR(8),
+\fBmmencode\fR(1),
+BIND 9 Administrator Reference Manual.
.SH "AUTHOR"
.PP
-Internet Systems Consortium
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.conf.html,v 1.30 2009/06/10 00:27:21 each Exp $ -->
+<!-- $Id: rndc.conf.html,v 1.31 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>rndc.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.67.2">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
<a name="man.rndc.conf"></a><div class="titlepage"></div>
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id215037"></a><h2>DESCRIPTION</h2>
+<a name="id2543352"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215198"></a><h2>EXAMPLE</h2>
+<a name="id2543500"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215299"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2543592"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215321"></a><h2>SEE ALSO</h2>
+<a name="id2543613"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id215358"></a><h2>AUTHOR</h2>
+<a name="id2543652"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.94 2009/05/15 01:15:47 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.95 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570516">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570534">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571139">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571212">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571223">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571266">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571323">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571440">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564004">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564077">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564088">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564131">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571493">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571609">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571453">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571639">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571623">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571672">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571776">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571854">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571936">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571877">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571956">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572037">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id25722
42">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id25722
06">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572325">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572337">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572358">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
</p>
<p>
Dynamic update is enabled by including an
- <span><strong class="command">allow-update</strong></span> or <span><strong class="command">update-policy</strong></span>
- clause in the <span><strong class="command">zone</strong></span> statement. The
- <span><strong class="command">tkey-gssapi-credential</strong></span> and
+ <span><strong class="command">allow-update</strong></span>, <span><strong class="command">update-policy</strong></span>
+ clause in the <span><strong class="command">zone</strong></span> statement, or by setting the
+ <span><strong class="command">dynamic</strong></span> option to <strong class="userinput"><code>yes</code></strong>
+ and creating a <code class="filename">ddns.key</code> file (see
+ <span><strong class="command">ddns-confgen</strong></span>.)
+ </p>
+<p>
+ If the zone's <span><strong class="command">dynamic</strong></span> option is set to
+ <strong class="userinput"><code>yes</code></strong>, and if a <code class="filename">ddns.key</code>
+ file exists and contains a valid TSIG key, and if no other dynamic
+ update policy has been set for the zone, then updates to the zone
+ will be permitted for the key <code class="filename">ddns.key</code>.
+ </p>
+<p>
+ The <span><strong class="command">tkey-gssapi-credential</strong></span> and
<span><strong class="command">tkey-domain</strong></span> clauses in the
- <span><strong class="command">options</strong></span> statement enable the
+ <span><strong class="command">options</strong></span> statement enable the
server to negotiate keys that can be matched against those
in <span><strong class="command">update-policy</strong></span> or
<span><strong class="command">allow-update</strong></span>.
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564066"></a>Split DNS</h2></div></div></div>
+<a name="id2570516"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564084"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570534"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571139"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2564004"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571156"></a>Automatic Generation</h4></div></div></div>
+<a name="id2564021"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571194"></a>Manual Generation</h4></div></div></div>
+<a name="id2564059"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571212"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2564077"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571223"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2564088"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571266"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2564131"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571323"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2571493"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571440"></a>Errors</h3></div></div></div>
+<a name="id2571609"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571453"></a>TKEY</h2></div></div></div>
+<a name="id2571623"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571639"></a>SIG(0)</h2></div></div></div>
+<a name="id2571672"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571776"></a>Generating Keys</h3></div></div></div>
+<a name="id2571877"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571854"></a>Signing the Zone</h3></div></div></div>
+<a name="id2571956"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571936"></a>Configuring Servers</h3></div></div></div>
+<a name="id2572037"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id25722
42"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id25722
06"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572304"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2572337"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572325"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2572358"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.76 2009/03/24 01:12:40 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.77 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572358">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572391">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572358"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2572391"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.222 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.223 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573768">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573869">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574467"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574500"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574657"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574690"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575101"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575117"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575134"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575125"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575148"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575239"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575365"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575158"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575181"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575272"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575398"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577432"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577506"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577570"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577613"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577465"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577603"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577646"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577628"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577661"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587379"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587344"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587465"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587516"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587430"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587481"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587621"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587654"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589226"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589259"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591773">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591878">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593936">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594108">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594619">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594814">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595
019"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594656">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594851">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595
124"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573603"></a>Syntax</h4></div></div></div>
+<a name="id2573568"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573630"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573664"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2573768"></a>Comment Syntax</h3></div></div></div>
+<a name="id2573869"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573783"></a>Syntax</h4></div></div></div>
+<a name="id2573884"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573881"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573914"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574467"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574500"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574657"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574690"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575084"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575117"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575101"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2575134"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575125"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575158"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575148"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2575181"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called “TSIG”</a>)
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575239"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575272"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575365"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2575398"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575417"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2575450"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2576913"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="id2577014"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577432"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577465"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577506"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577539"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577570"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577603"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577613"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2577646"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577628"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577661"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582033"></a>Forwarding</h4></div></div></div>
+<a name="id2582134"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582160"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2582261"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582733"></a>Interfaces</h4></div></div></div>
+<a name="id2582835"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583937"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2583970"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583996"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2584029"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584487"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2584588"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586490"></a>Content Filtering</h4></div></div></div>
+<a name="id2586523"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587379"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2587344"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587465"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2587430"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587516"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2587481"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2587621"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2587654"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589226"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2589259"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589234"></a>Zone Types</h4></div></div></div>
+<a name="id2589267"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589730"></a>Class</h4></div></div></div>
+<a name="id2589763"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589763"></a>Zone Options</h4></div></div></div>
+<a name="id2589796"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
See caveats in <a href="Bv9ARM.ch06.html#root_delegation_only"><span><strong class="command">root-delegation-only</strong></span></a>.
</p>
</dd>
+<dt><span class="term"><span><strong class="command">dynamic</strong></span></span></dt>
+<dd><p>
+ If this flag is set to <strong class="userinput"><code>yes</code></strong> in
+ a master zone, <span><strong class="command">named</strong></span> will
+ automatically generate a TSIG session key for use
+ by <span><strong class="command">nsupdate -l</strong></span> on the local system,
+ and the zone will be marked to allow dynamic updates
+ using this key.
+ </p></dd>
<dt><span class="term"><span><strong class="command">forward</strong></span></span></dt>
<dd><p>
Only meaningful if the zone has a forwarders
This is how a rule definition looks:
</p>
<pre class="programlisting">
-( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> <em class="replaceable"><code>name</code></em> [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
+( <span><strong class="command">grant</strong></span> | <span><strong class="command">deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
</pre>
<p>
Each rule grants or denies privileges. Once a message has
<code class="varname">krb5-self</code>, <code class="varname">ms-self</code>,
<code class="varname">krb5-subdomain</code>,
<code class="varname">ms-subdomain</code>,
- <code class="varname">tcp-self</code> and <code class="varname">6to4-self</code>.
+ <code class="varname">tcp-self</code>, <code class="varname">6to4-self</code>,
+ and <code class="varname">zonesub</code>.
</p>
<div class="informaltable"><table border="1">
<colgroup>
</td>
</tr>
<tr>
+<td>
+ <p>
+ <code class="varname">zonesub</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This rule is similar to subdomain, except that
+ it matches when the name being updated is a
+ subdomain of the zone in which the
+ <span><strong class="command">update-policy</strong></span> statement
+ appears. This obviates the need to type the zone
+ name twice, and enables the use of a standard
+ <span><strong class="command">update-policy</strong></span> statement in
+ multiple zones without modification.
+ </p>
+ <p>
+ When this rule is used, the
+ <em class="replaceable"><code>name</code></em> field is omitted.
+ </p>
+ </td>
+</tr>
+<tr>
<td>
<p>
<code class="varname">wildcard</code>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2591773"></a>Zone File</h2></div></div></div>
+<a name="id2591878"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591792"></a>Resource Records</h4></div></div></div>
+<a name="id2591964"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2593415"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2593588"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2593936"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2594108"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2594619"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2594656"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2594814"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2594851"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594837"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2594873"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594853"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2594957"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594914"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2595018"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594983"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2595088"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2595
019"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2595
124"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2596041"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2596146"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597582"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2597619"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598034"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2598070"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598987"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2599024"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2599565"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2599670"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.197 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.198 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599739"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599844"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599820">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599880">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599925">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599985">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599739"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2599844"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599820"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2599925"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599880"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2599985"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.196 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.197 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599960">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599965">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599977">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599994">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600065">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2600070">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600082">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600099">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599960"></a>Common Problems</h2></div></div></div>
+<a name="id2600065"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2599965"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2600070"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599977"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2600082"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599994"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2600099"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.198 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.199 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2600056">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2600297">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id26004
33">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id26004
69">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603
644">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603
749">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2600056"></a>Acknowledgments</h2></div></div></div>
+<a name="id2600297"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id26004
33"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id26004
69"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600620"></a>Bibliography</h4></div></div></div>
+<a name="id2600657"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id26006
31"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id26006
67"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
654"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2600
759"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
678"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
+<a name="id2600
782"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names — Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2600
714"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2600
819"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
741"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2600
845"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
766"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2600
871"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
791"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2600
896"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2600
814"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2600
919"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id26009
38"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id26009
74"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
0965"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id260
1001"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
0992"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id260
1028"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26010
53"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id26010
90"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601
083"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2601
120"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26011
13"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id26011
49"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26011
40"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id26011
76"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id26012
22"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id26012
58"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id26012
49"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id26012
85"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601
285"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2601
321"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id26013
50"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id26013
86"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id26014
15"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id26014
51"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2601
489"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2601
525"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id26015
14"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id26015
50"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601
582"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2601
619"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id26016
18"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id26016
54"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2601
664"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2601
700"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id26017
21"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id26017
57"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601
758"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2601
863"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2601
794"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2601
898"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id26019
16"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id26019
53"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id26019
55"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id26019
91"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
1980"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id260
2017"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id26020
06"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id26020
42"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id26020
33"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id26020
69"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id26020
59"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id26020
96"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
099"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2602
135"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id26021
29"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id26021
65"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id26021
58"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id26021
95"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26022
01"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id26022
37"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26022
34"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id26022
70"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id26022
61"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id26022
97"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
284"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2602
321"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id26023
42"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id26023
78"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2602
374"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2602
410"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id26024
00"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id26024
36"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id26024
22"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id26024
58"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id26024
45"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id26024
82"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
491"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2602
528"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id26025
15"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id26025
51"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2602
572"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2602
609"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
596"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2602
632"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id26026
22"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id26026
59"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id26026
49"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id26026
85"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
685"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2602
722"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id26027
31"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id26027
68"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2602
763"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2602
800"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id26028
09"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id26028
45"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id26028
44"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id26028
81"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
</p>
</div>
<div class="biblioentry">
-<a name="id2602
889"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2602
925"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
2912"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id260
3016"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
2937"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id260
3042"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
2963"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id260
3067"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id260
2986"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id260
3091"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
032"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2603
137"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
056"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2603
160"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
082"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2603
187"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
108"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2603
212"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2603
152"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2603
256"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
209"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2603
314"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
236"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2603
340"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
</p>
</div>
<div class="biblioentry">
-<a name="id2603
284"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2603
388"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
323"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2603
428"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
350"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2603
454"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
380"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2603
484"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
405"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2603
510"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
432"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2603
537"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
468"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2603
573"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
505"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2603
609"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
531"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2603
636"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
558"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2603
662"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603
603"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2603
707"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2603
644"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2603
749"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2603654"></a>Bibliography</h4></div></div></div>
+<a name="id2603758"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2603
656"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2603
761"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch10.html,v 1.12 2009/01/08 01:11:50 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch10.html,v 1.13 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt>
<span class="refentrytitle"><a href="man.rndc.conf.html"><code class="filename">rndc.conf</code></a></span><span class="refpurpose"> — rndc configuration file</span>
</dt>
-<dt>
-<span class="refentrytitle"><a href="man.rndc-confgen.html"><span class="application">rndc-confgen</span></a></span><span class="refpurpose"> — rndc key generation tool</span>
-</dt>
</dl>
</div>
+<font color="red"><xi:include></xi:include></font>
</div>
<div class="navfooter">
<hr>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.213 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.214 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2564066">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564084">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570516">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570534">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571139">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571212">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571223">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571266">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571323">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571440">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564004">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564077">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564088">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564131">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571493">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571609">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571453">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571639">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571623">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571672">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571776">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571854">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571936">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571877">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571956">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572037">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id25722
42">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id25722
06">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572304">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572325">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572337">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572358">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572358">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572391">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573768">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573869">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574467"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574500"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574657"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574690"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575101"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575117"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575134"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575125"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575148"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575239"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575365"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575158"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575181"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575272"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575398"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577432"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577506"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577570"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577613"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577465"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577539"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577603"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577646"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577628"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577661"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587379"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587344"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587465"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587516"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587430"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587481"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587621"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587654"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589226"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589259"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591773">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2591878">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593936">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594108">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594619">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594814">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595
019"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594656">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594851">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595
124"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599739"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2599844"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599820">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599880">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599925">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2599985">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599960">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2599965">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599977">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2599994">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600065">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2600070">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600082">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2600099">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2600056">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2600297">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id26004
33">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id26004
69">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603
644">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2603
749">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
<dt>
<span class="refentrytitle"><a href="man.rndc.conf.html"><code class="filename">rndc.conf</code></a></span><span class="refpurpose"> — rndc configuration file</span>
</dt>
-<dt>
-<span class="refentrytitle"><a href="man.rndc-confgen.html"><span class="application">rndc-confgen</span></a></span><span class="refpurpose"> — rndc key generation tool</span>
-</dt>
</dl></dd>
</dl>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dig.html,v 1.113 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: man.dig.html,v 1.114 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2563897"></a><h2>DESCRIPTION</h2>
+<a name="id2571033"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2570409"></a><h2>SIMPLE USAGE</h2>
+<a name="id2571128"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2570520"></a><h2>OPTIONS</h2>
+<a name="id2630768"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2631005"></a><h2>QUERY OPTIONS</h2>
+<a name="id2631110"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2632006"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2632042"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2632160"></a><h2>IDN SUPPORT</h2>
+<a name="id2632196"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2632188"></a><h2>FILES</h2>
+<a name="id2632225"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2632210"></a><h2>SEE ALSO</h2>
+<a name="id2632246"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2632247"></a><h2>BUGS</h2>
+<a name="id2632283"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-dsfromkey.html,v 1.24 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: man.dnssec-dsfromkey.html,v 1.25 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2604677"></a><h2>DESCRIPTION</h2>
+<a name="id2604850"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2604691"></a><h2>OPTIONS</h2>
+<a name="id2604864"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2604821"></a><h2>EXAMPLE</h2>
+<a name="id2604994"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2604857"></a><h2>FILES</h2>
+<a name="id2605030"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2604899"></a><h2>CAVEAT</h2>
+<a name="id2605140"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2604908"></a><h2>SEE ALSO</h2>
+<a name="id2605149"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2605013"></a><h2>AUTHOR</h2>
+<a name="id2605186"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-keyfromlabel.html,v 1.49 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: man.dnssec-keyfromlabel.html,v 1.50 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2605332"></a><h2>DESCRIPTION</h2>
+<a name="id2605505"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2605346"></a><h2>OPTIONS</h2>
+<a name="id2605518"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2605610"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2605988"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2606592"></a><h2>SEE ALSO</h2>
+<a name="id2606560"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2606631"></a><h2>AUTHOR</h2>
+<a name="id2606599"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-keygen.html,v 1.116 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: man.dnssec-keygen.html,v 1.117 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2606322"></a><h2>DESCRIPTION</h2>
+<a name="id2606836"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2606336"></a><h2>OPTIONS</h2>
+<a name="id2606850"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2607225"></a><h2>GENERATED KEYS</h2>
+<a name="id2607193"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609244"></a><h2>EXAMPLE</h2>
+<a name="id2607301"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609437"></a><h2>SEE ALSO</h2>
+<a name="id2609064"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609468"></a><h2>AUTHOR</h2>
+<a name="id2609095"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.dnssec-signzone.html,v 1.115 2009/06/06 01:12:32 tbox Exp $ -->
+<!-- $Id: man.dnssec-signzone.html,v 1.116 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2608776"></a><h2>DESCRIPTION</h2>
+<a name="id2608266"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2608795"></a><h2>OPTIONS</h2>
+<a name="id2608285"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2659385"></a><h2>EXAMPLE</h2>
+<a name="id2661742"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2659458"></a><h2>SEE ALSO</h2>
+<a name="id2661815"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2659482"></a><h2>AUTHOR</h2>
+<a name="id2661840"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.host.html,v 1.111 2009/06/03 01:13:13 tbox Exp $ -->
+<!-- $Id: man.host.html,v 1.112 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2603970"></a><h2>DESCRIPTION</h2>
+<a name="id2604074"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2604484"></a><h2>IDN SUPPORT</h2>
+<a name="id2604520"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2606492"></a><h2>FILES</h2>
+<a name="id2604549"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2606506"></a><h2>SEE ALSO</h2>
+<a name="id2604563"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named-checkconf.html,v 1.111 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.named-checkconf.html,v 1.112 2009/06/10 01:12:50 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2609539"></a><h2>DESCRIPTION</h2>
+<a name="id2609165"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a named
configuration file.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609553"></a><h2>OPTIONS</h2>
+<a name="id2609179"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2609669"></a><h2>RETURN VALUES</h2>
+<a name="id2609296"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609683"></a><h2>SEE ALSO</h2>
+<a name="id2609309"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2609713"></a><h2>AUTHOR</h2>
+<a name="id2609339"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named-checkzone.html,v 1.118 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.named-checkzone.html,v 1.119 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2610664"></a><h2>DESCRIPTION</h2>
+<a name="id2610632"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2610714"></a><h2>OPTIONS</h2>
+<a name="id2610682"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2660331"></a><h2>RETURN VALUES</h2>
+<a name="id2662620"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2660345"></a><h2>SEE ALSO</h2>
+<a name="id2662634"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2660378"></a><h2>AUTHOR</h2>
+<a name="id2662667"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.named.html,v 1.120 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.named.html,v 1.121 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2611353"></a><h2>DESCRIPTION</h2>
+<a name="id2611048"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2611384"></a><h2>OPTIONS</h2>
+<a name="id2611079"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613622"></a><h2>SIGNALS</h2>
+<a name="id2613522"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613877"></a><h2>CONFIGURATION</h2>
+<a name="id2613572"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613926"></a><h2>FILES</h2>
+<a name="id2665435"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613970"></a><h2>SEE ALSO</h2>
+<a name="id2665479"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2614040"></a><h2>AUTHOR</h2>
+<a name="id2665618"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.nsupdate.html,v 1.44 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.nsupdate.html,v 1.45 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2612509"></a><h2>DESCRIPTION</h2>
+<a name="id2611811"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
The <code class="option">-D</code> option makes <span><strong class="command">nsupdate</strong></span>
report additional debugging information to <code class="option">-d</code>.
</p>
+<p>
+ The <code class="option">-L</code> option with an integer argument of zero or
+ higher sets the logging debug level. If zero, logging is disabled.
+ </p>
<p>
Transaction signatures can be used to authenticate the Dynamic
DNS updates. These use the TSIG resource record type described
uses the <code class="option">-y</code> or <code class="option">-k</code> option
to provide the shared secret needed to generate a TSIG record
for authenticating Dynamic DNS update requests, default type
- HMAC-MD5. These options are mutually exclusive. With the
- <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
- the shared secret from the file <em class="parameter"><code>keyfile</code></em>,
- whose name is of the form
- <code class="filename">K{name}.+157.+{random}.private</code>. For
- historical reasons, the file
- <code class="filename">K{name}.+157.+{random}.key</code> must also be
- present. When the <code class="option">-y</code> option is used, a
- signature is generated from
+ HMAC-MD5. These options are mutually exclusive.
+ </p>
+<p>
+ When the <code class="option">-y</code> option is used, a signature is
+ generated from
[<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em>
<em class="parameter"><code>keyname</code></em> is the name of the key, and
- <em class="parameter"><code>secret</code></em> is the base64 encoded shared
- secret. Use of the <code class="option">-y</code> option is discouraged
- because the shared secret is supplied as a command line
- argument in clear text. This may be visible in the output
- from
- <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> or in a history file maintained by the user's
- shell.
+ <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret.
+ Use of the <code class="option">-y</code> option is discouraged because the
+ shared secret is supplied as a command line argument in clear text.
+ This may be visible in the output from
+ <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
+ or in a history file maintained by the user's shell.
</p>
<p>
+ With the
+ <code class="option">-k</code> option, <span><strong class="command">nsupdate</strong></span> reads
+ the shared secret from the file <em class="parameter"><code>keyfile</code></em>.
+ Keyfiles may be in two formats: a single file containing
+ a <code class="filename">named.conf</code>-format <span><strong class="command">key</strong></span>
+ statement, which may be generated automatically by
+ <span><strong class="command">ddns-confgen</strong></span>, or a pair of files whose names are
+ of the format <code class="filename">K{name}.+157.+{random}.key</code> and
+ <code class="filename">K{name}.+157.+{random}.private</code>, which can be
+ generated by <span><strong class="command">dnssec-keygen</strong></span>.
The <code class="option">-k</code> may also be used to specify a SIG(0) key used
to authenticate Dynamic DNS update requests. In this case, the key
specified is not an HMAC-MD5 key.
</p>
<p>
- The <code class="option">-g</code> and <code class="option">-o</code> specify that
- GSS-TSIG is to be used. The <code class="option">-o</code> should only
- be used with old Microsoft Windows 2000 servers.
+ <span><strong class="command">nsupdate</strong></span> can be run in a local-host only mode
+ using the <code class="option">-l</code> flag. This sets the server address to
+ localhost (disabling the <span><strong class="command">server</strong></span> so that the server
+ address cannot be overridden). Connections to the local server will
+ use a TSIG key found in <code class="filename">/var/run/named/ddns.key</code>,
+ which is automatically generated by <span><strong class="command">named</strong></span> if any
+ local master zone has the <span><strong class="command">dynamic</strong></span> zone option set
+ to yes. The location of this key file can be overridden with
+ the <code class="option">-k</code> option.
</p>
<p>
- By default,
- <span><strong class="command">nsupdate</strong></span>
+ By default, <span><strong class="command">nsupdate</strong></span>
uses UDP to send update requests to the name server unless they are too
large to fit in a UDP request in which case TCP will be used.
The
use a TCP connection.
This may be preferable when a batch of update requests is made.
</p>
+<p>
+ The <code class="option">-p</code> sets the default port number to use for
+ connections to a name server. The default is 53.
+ </p>
<p>
The <code class="option">-t</code> option sets the maximum time an update request
can
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2612836"></a><h2>INPUT FORMAT</h2>
+<a name="id2612540"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2661177"></a><h2>EXAMPLES</h2>
+<a name="id2668050"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2661227"></a><h2>FILES</h2>
+<a name="id2668100"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
used to identify default name server
</p></dd>
+<dt><span class="term"><code class="constant">/var/run/named/ddns.key</code></span></dt>
+<dd><p>
+ sets the default TSIG key for use in local-only mode
+ </p></dd>
<dt><span class="term"><code class="constant">K{name}.+157.+{random}.key</code></span></dt>
<dd><p>
base-64 encoding of HMAC-MD5 key created by
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2661365"></a><h2>SEE ALSO</h2>
+<a name="id2668183"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2535</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2931</span></span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+ <span class="citerefentry"><span class="refentrytitle">ddns-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2661435"></a><h2>BUGS</h2>
+<a name="id2668330"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.rndc.conf.html,v 1.125 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.rndc.conf.html,v 1.126 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
<link rel="prev" href="man.rndc.html" title="rndc">
-<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<div class="navheader">
<td width="20%" align="left">
<a accesskey="p" href="man.rndc.html">Prev</a>Â </td>
<th width="60%" align="center">Manual pages</th>
-<td width="20%" align="right">Â <a accesskey="n" href="man.rndc-confgen.html">Next</a>
-</td>
+<td width="20%" align="right">Â </td>
</tr>
</table>
<hr>
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2628193"></a><h2>DESCRIPTION</h2>
+<a name="id2613909"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2628364"></a><h2>EXAMPLE</h2>
+<a name="id2622477"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2628486"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2622599"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2628512"></a><h2>SEE ALSO</h2>
+<a name="id2622625"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2628550"></a><h2>AUTHOR</h2>
+<a name="id2622663"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
<td width="40%" align="left">
<a accesskey="p" href="man.rndc.html">Prev</a>Â </td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
-<td width="40%" align="right">Â <a accesskey="n" href="man.rndc-confgen.html">Next</a>
-</td>
+<td width="40%" align="right">Â </td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">rndc</span>Â </td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top">Â <span class="application">rndc-confgen</span>
-</td>
+<td width="40%" align="right" valign="top">Â </td>
</tr>
</table>
</div>
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: man.rndc.html,v 1.123 2009/06/05 01:12:33 tbox Exp $ -->
+<!-- $Id: man.rndc.html,v 1.124 2009/06/10 01:12:51 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2613212"></a><h2>DESCRIPTION</h2>
+<a name="id2612787"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2613262"></a><h2>OPTIONS</h2>
+<a name="id2612837"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2627346"></a><h2>LIMITATIONS</h2>
+<a name="id2613676"></a><h2>LIMITATIONS</h2>
<p><span><strong class="command">rndc</strong></span>
does not yet support all the commands of
the BIND 8 <span><strong class="command">ndc</strong></span> utility.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2627377"></a><h2>SEE ALSO</h2>
+<a name="id2613707"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2627432"></a><h2>AUTHOR</h2>
+<a name="id2613763"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
This is a summary of the named.conf options supported by
this version of BIND 9.
-acl <string> { <address_match_element>; ... };
-
-controls {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
- ) ] allow { <address_match_element>; ... } [ keys { <string>;
- ... } ];
- unix <quoted_string> perm <integer> owner <integer> group <integer>
- [ keys { <string>; ... } ];
-};
-
-dlz <string> {
- database <string>;
-};
-
-key <string> {
- algorithm <string>;
- secret <string>;
-};
-
-logging {
- category <string> { <string>; ... };
- channel <string> {
- file <quoted_string> [ versions ( "unlimited" | <integer> )
- ] [ size <size> ];
- null;
- print-category <boolean>;
- print-severity <boolean>;
- print-time <boolean>;
- severity <log_severity>;
- stderr;
- syslog <optional_facility>;
- };
-};
-
-lwres {
- listen-on [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
- [ port <integer> ]; ... };
- ndots <integer>;
- search { <string>; ... };
- view <string> <optional_class>;
-};
-
-masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
- <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
-
options {
acache-cleaning-interval <integer>;
acache-enable <boolean>;
additional-from-auth <boolean>;
additional-from-cache <boolean>;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
allow-query-cache { <address_match_element>; ... };
allow-query-cache-on { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
allow-recursion { <address_match_element>; ... };
allow-recursion-on { <address_match_element>; ... };
- allow-transfer { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
allow-v6-synthesis { <address_match_element>; ... }; // obsolete
- also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
- ) [ port <integer> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
- * ) ];
attach-cache <string>;
auth-nxdomain <boolean>; // default changed
avoid-v4-udp-ports { <portrange>; ... };
bindkeys-file <quoted_string>;
blackhole { <address_match_element>; ... };
cache-file <quoted_string>;
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response ) ( fail | warn | ignore );
- check-sibling <boolean>;
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
cleaning-interval <integer>;
clients-per-query <integer>;
coresize <size>;
datasize <size>;
+ ddns-keyalg <string>;
+ ddns-keyfile ( <quoted_string> | none );
+ ddns-keyname <string>;
deallocate-on-exit <boolean>; // obsolete
deny-answer-addresses { <address_match_element>; ... } [
except-from { <quoted_string>; ... } ];
deny-answer-aliases { <quoted_string>; ... } [ except-from {
<quoted_string>; ... } ];
- dialup <dialuptype>;
directory <quoted_string>;
disable-algorithms <string> { <string>; ... };
disable-empty-zone <string>;
fetch-glue <boolean>; // obsolete
files <size>;
flush-zones-on-shutdown <boolean>;
- forward ( first | only );
- forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
- [ port <integer> ]; ... };
has-old-clients <boolean>; // obsolete
heartbeat-interval <integer>;
host-statistics <boolean>; // not implemented
hostname ( <quoted_string> | none );
interface-interval <integer>;
ixfr-from-differences <ixfrdiff>;
- key-directory <quoted_string>;
lame-ttl <integer>;
listen-on [ port <integer> ] { <address_match_element>; ... };
listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
- maintain-ixfr-base <boolean>; // obsolete
- masterfile-format ( text | raw );
match-mapped-addresses <boolean>;
max-acache-size <size_no_default>;
max-cache-size <size_no_default>;
max-cache-ttl <integer>;
max-clients-per-query <integer>;
- max-ixfr-log-size <size>; // obsolete
- max-journal-size <size_no_default>;
max-ncache-ttl <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
max-udp-size <integer>;
memstatistics <boolean>;
memstatistics-file <quoted_string>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
min-roots <integer>; // not implemented
minimal-responses <boolean>;
- multi-master <boolean>;
multiple-cnames <boolean>; // obsolete
named-xfer <quoted_string>; // obsolete
- notify <notifytype>;
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- notify-to-soa <boolean>;
- nsec3-test-zone <boolean>; // test only
pid-file ( <quoted_string> | none );
port <integer>;
preferred-glue <string>;
reserved-sockets <integer>;
rfc2308-type1 <boolean>; // not yet implemented
root-delegation-only [ exclude { <quoted_string>; ... } ];
- rrset-order { [ class <string> ] [ type <string> ] [ name
- <quoted_string> ] <string> <string>; ... };
- serial-queries <integer>; // obsolete
+ rrset-order { [ class <string> ] [ type <string> ] [
+ name <quoted_string> ] <string> <string>; ... };
+ serial-queries <integer>; // obsolete
serial-query-rate <integer>;
server-id ( <quoted_string> | none |;
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- sortlist { <address_match_element>; ... };
stacksize <size>;
statistics-file <quoted_string>;
statistics-interval <integer>; // not yet implemented
- suppress-initial-notify <boolean>; // not yet implemented
tcp-clients <integer>;
tcp-listen-queue <integer>;
tkey-dhkey <quoted_string> <integer>;
tkey-domain <quoted_string>;
tkey-gssapi-credential <quoted_string>;
- topology { <address_match_element>; ... }; // not implemented
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
transfers-in <integer>;
transfers-out <integer>;
transfers-per-ns <integer>;
treat-cr-as-space <boolean>; // obsolete
- try-tcp-refresh <boolean>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
use-id-pool <boolean>; // obsolete
use-ixfr <boolean>;
- use-queryport-pool <boolean>; // obsolete
use-v4-udp-ports { <portrange>; ... };
use-v6-udp-ports { <portrange>; ... };
version ( <quoted_string> | none );
- zero-no-soa-ttl <boolean>;
- zero-no-soa-ttl-cache <boolean>;
- zone-statistics <boolean>;
-};
-
-server <netprefix> {
- bogus <boolean>;
- edns <boolean>;
- edns-udp-size <integer>;
- keys <server_key>;
- max-udp-size <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- provide-ixfr <boolean>;
- query-source <querysource4>;
- query-source-v6 <querysource6>;
- request-ixfr <boolean>;
- support-ixfr <boolean>; // obsolete
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- transfers <integer>;
-};
-
-statistics-channels {
- inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
- ) ] [ allow { <address_match_element>; ... } ];
-};
-
-trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
-
-view <string> <optional_class> {
- acache-cleaning-interval <integer>;
- acache-enable <boolean>;
- additional-from-auth <boolean>;
- additional-from-cache <boolean>;
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-cache { <address_match_element>; ... };
- allow-query-cache-on { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-recursion { <address_match_element>; ... };
- allow-recursion-on { <address_match_element>; ... };
- allow-transfer { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- allow-v6-synthesis { <address_match_element>; ... }; // obsolete
- also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
- ) [ port <integer> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
- * ) ];
- attach-cache <string>;
- auth-nxdomain <boolean>; // default changed
- cache-file <quoted_string>;
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( master | slave | response ) ( fail | warn | ignore );
- check-sibling <boolean>;
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- cleaning-interval <integer>;
- clients-per-query <integer>;
- database <string>;
- deny-answer-addresses { <address_match_element>; ... } [
- except-from { <quoted_string>; ... } ];
- deny-answer-aliases { <quoted_string>; ... } [ except-from {
- <quoted_string>; ... } ];
- dialup <dialuptype>;
- disable-algorithms <string> { <string>; ... };
- disable-empty-zone <string>;
- dlz <string> {
- database <string>;
- };
- dnssec-accept-expired <boolean>;
- dnssec-enable <boolean>;
- dnssec-lookaside <string> trust-anchor <string>;
- dnssec-must-be-secure <string> <boolean>;
- dnssec-validation <boolean>;
- dual-stack-servers [ port <integer> ] { ( <quoted_string> [ port
- <integer> ] | <ipv4_address> [ port <integer> ] |
- <ipv6_address> [ port <integer> ] ); ... };
- edns-udp-size <integer>;
- empty-contact <string>;
- empty-server <string>;
- empty-zones-enable <boolean>;
- fetch-glue <boolean>; // obsolete
- forward ( first | only );
- forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
- [ port <integer> ]; ... };
- ixfr-from-differences <ixfrdiff>;
- key <string> {
- algorithm <string>;
- secret <string>;
- };
- key-directory <quoted_string>;
- lame-ttl <integer>;
- maintain-ixfr-base <boolean>; // obsolete
- masterfile-format ( text | raw );
- match-clients { <address_match_element>; ... };
- match-destinations { <address_match_element>; ... };
- match-recursive-only <boolean>;
- max-acache-size <size_no_default>;
- max-cache-size <size_no_default>;
- max-cache-ttl <integer>;
- max-clients-per-query <integer>;
- max-ixfr-log-size <size>; // obsolete
- max-journal-size <size_no_default>;
- max-ncache-ttl <integer>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- max-udp-size <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- min-roots <integer>; // not implemented
- minimal-responses <boolean>;
- multi-master <boolean>;
- notify <notifytype>;
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- notify-to-soa <boolean>;
- nsec3-test-zone <boolean>; // test only
- preferred-glue <string>;
- provide-ixfr <boolean>;
- query-source <querysource4>;
- query-source-v6 <querysource6>;
- queryport-pool-ports <integer>; // obsolete
- queryport-pool-updateinterval <integer>; // obsolete
- recursion <boolean>;
- request-ixfr <boolean>;
- request-nsid <boolean>;
- rfc2308-type1 <boolean>; // not yet implemented
- root-delegation-only [ exclude { <quoted_string>; ... } ];
- rrset-order { [ class <string> ] [ type <string> ] [ name
- <quoted_string> ] <string> <string>; ... };
- server <netprefix> {
- bogus <boolean>;
- edns <boolean>;
- edns-udp-size <integer>;
- keys <server_key>;
- max-udp-size <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
- ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
- | * ) ];
- provide-ixfr <boolean>;
- query-source <querysource4>;
- query-source-v6 <querysource6>;
- request-ixfr <boolean>;
- support-ixfr <boolean>; // obsolete
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
- * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port (
- <integer> | * ) ];
- transfers <integer>;
- };
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- sortlist { <address_match_element>; ... };
- suppress-initial-notify <boolean>; // not yet implemented
- topology { <address_match_element>; ... }; // not implemented
- transfer-format ( many-answers | one-answer );
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- trusted-keys { <string> <integer> <integer> <integer>
- <quoted_string>; ... };
- try-tcp-refresh <boolean>;
- update-check-ksk <boolean>;
- use-alt-transfer-source <boolean>;
- use-queryport-pool <boolean>; // obsolete
- zero-no-soa-ttl <boolean>;
- zero-no-soa-ttl-cache <boolean>;
- zone <string> <optional_class> {
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-transfer { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] { ( <ipv4_address> |
- <ipv6_address> ) [ port <integer> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port (
- <integer> | * ) ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port (
- <integer> | * ) ];
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( fail | warn | ignore );
- check-sibling <boolean>;
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- database <string>;
- delegation-only <boolean>;
- dialup <dialuptype>;
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] { ( <ipv4_address> |
- <ipv6_address> ) [ port <integer> ]; ... };
- ixfr-base <quoted_string>; // obsolete
- ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
- journal <quoted_string>;
- key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
- masterfile-format ( text | raw );
- masters [ port <integer> ] { ( <masters> | <ipv4_address> [
- port <integer> ] | <ipv6_address> [ port <integer> ] )
- [ key <string> ]; ... };
- max-ixfr-log-size <size>; // obsolete
- max-journal-size <size_no_default>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- multi-master <boolean>;
- notify <notifytype>;
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
- ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer>
- | * ) ];
- notify-to-soa <boolean>;
- nsec3-test-zone <boolean>; // test only
- pubkey <integer> <integer> <integer>
- <quoted_string>; // obsolete
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> |
- * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port (
- <integer> | * ) ];
- try-tcp-refresh <boolean>;
- type ( master | slave | stub | hint | forward |
- delegation-only );
- update-check-ksk <boolean>;
- update-policy { ( grant | deny ) <string> ( name |
- subdomain | wildcard | self | selfsub | selfwild |
- krb5-self | ms-self | krb5-subdomain | ms-subdomain |
- tcp-self | 6to4-self ) <string> <rrtypelist>; ... };
- use-alt-transfer-source <boolean>;
- zero-no-soa-ttl <boolean>;
- zone-statistics <boolean>;
- };
- zone-statistics <boolean>;
-};
-
-zone <string> <optional_class> {
- allow-notify { <address_match_element>; ... };
- allow-query { <address_match_element>; ... };
- allow-query-on { <address_match_element>; ... };
- allow-transfer { <address_match_element>; ... };
- allow-update { <address_match_element>; ... };
- allow-update-forwarding { <address_match_element>; ... };
- also-notify [ port <integer> ] { ( <ipv4_address> | <ipv6_address>
- ) [ port <integer> ]; ... };
- alt-transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- alt-transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> |
- * ) ];
- check-integrity <boolean>;
- check-mx ( fail | warn | ignore );
- check-mx-cname ( fail | warn | ignore );
- check-names ( fail | warn | ignore );
- check-sibling <boolean>;
- check-srv-cname ( fail | warn | ignore );
- check-wildcard <boolean>;
- database <string>;
- delegation-only <boolean>;
- dialup <dialuptype>;
- file <quoted_string>;
- forward ( first | only );
- forwarders [ port <integer> ] { ( <ipv4_address> | <ipv6_address> )
- [ port <integer> ]; ... };
- ixfr-base <quoted_string>; // obsolete
- ixfr-from-differences <boolean>;
- ixfr-tmp-file <quoted_string>; // obsolete
- journal <quoted_string>;
- key-directory <quoted_string>;
- maintain-ixfr-base <boolean>; // obsolete
- masterfile-format ( text | raw );
- masters [ port <integer> ] { ( <masters> | <ipv4_address> [ port
- <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
- <string> ]; ... };
- max-ixfr-log-size <size>; // obsolete
- max-journal-size <size_no_default>;
- max-refresh-time <integer>;
- max-retry-time <integer>;
- max-transfer-idle-in <integer>;
- max-transfer-idle-out <integer>;
- max-transfer-time-in <integer>;
- max-transfer-time-out <integer>;
- min-refresh-time <integer>;
- min-retry-time <integer>;
- multi-master <boolean>;
- notify <notifytype>;
- notify-delay <integer>;
- notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- notify-to-soa <boolean>;
- nsec3-test-zone <boolean>; // test only
- pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
- sig-signing-nodes <integer>;
- sig-signing-signatures <integer>;
- sig-signing-type <integer>;
- sig-validity-interval <integer> [ <integer> ];
- transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
- transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
- try-tcp-refresh <boolean>;
- type ( master | slave | stub | hint | forward | delegation-only );
- update-check-ksk <boolean>;
- update-policy { ( grant | deny ) <string> ( name | subdomain |
- wildcard | self | selfsub | selfwild | krb5-self | ms-self |
- krb5-subdomain | ms-subdomain | tcp-self | 6to4-self ) <string>
- <rrtypelist>; ... };
- use-alt-transfer-source <boolean>;
- zero-no-soa-ttl <boolean>;
- zone-statistics <boolean>;
-};
projects / thirdparty / bind9.git / commitdiff
