.sp
\fBddns\-confgen\fP is an utility that generates keys for use in TSIG signing.
The resulting keys can be used, for example, to secure dynamic DNS updates
-to a zone, or for the \fBrndc\fP command channel.
+to a zone, or for the \fI\%rndc\fP command channel.
.sp
The key name can specified using \fI\%\-k\fP parameter and defaults to \fBddns\-key\fP\&.
The generated key is accompanied by configuration text and instructions that
-can be used with \fBnsupdate\fP and \fBnamed\fP when setting up dynamic DNS,
+can be used with \fI\%nsupdate\fP and \fI\%named\fP when setting up dynamic DNS,
including an example \fBupdate\-policy\fP statement.
-(This usage is similar to the \fBrndc\-confgen\fP command for setting up
+(This usage is similar to the \fI\%rndc\-confgen\fP command for setting up
command\-channel security.)
.sp
-Note that \fBnamed\fP itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fP; it does this when a zone is configured with
+Note that \fI\%named\fP itself can configure a local DDNS key for use with
+\fI\%nsupdate \-l\fP; it does this when a zone is configured with
\fBupdate\-policy local;\fP\&. \fBddns\-confgen\fP is only needed when a more
-elaborate configuration is required: for instance, if \fBnsupdate\fP is to
+elaborate configuration is required: for instance, if \fI\%nsupdate\fP is to
be used from a remote system.
.SH OPTIONS
.INDENT 0.0
.B \-q
This option enables quiet mode, which prints only the key, with no
explanatory text or usage examples. This is essentially identical to
-\fBtsig\-keygen\fP\&.
+\fI\%tsig\-keygen\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-s name
This option generates a configuration example to allow dynamic updates
-of a single hostname. The example \fBnamed.conf\fP text shows how to set
+of a single hostname. The example \fI\%named.conf\fP text shows how to set
an update policy for the specified name using the "name" nametype. The
default key name is \fBddns\-key.name\fP\&. Note that the "self" nametype
cannot be used, since the name to be updated may differ from the key
.TP
.B \-z zone
This option generates a configuration example to allow
-dynamic updates of a zone. The example \fBnamed.conf\fP text shows how
+dynamic updates of a zone. The example \fI\%named.conf\fP text shows how
to set an update policy for the specified zone using the "zonesub"
nametype, allowing updates to all subdomain names within that zone.
This option cannot be used with the \fI\%\-s\fP option.
.UNINDENT
.SH SEE ALSO
.sp
-\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%nsupdate(1)\fP, \fI\%named.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.SH DESCRIPTION
.sp
\fBdelv\fP is a tool for sending DNS queries and validating the results,
-using the same internal resolver and validator logic as \fBnamed\fP\&.
+using the same internal resolver and validator logic as \fI\%named\fP\&.
.sp
\fBdelv\fP sends to a specified name server all queries needed to
fetch and validate the requested data; this includes the original
\fBinitial\-key\fP, and \fBstatic\-key\fP identically. That is, for a managed key,
it is the \fIinitial\fP key that is trusted; \fI\%RFC 5011\fP key management is not
supported. \fBdelv\fP does not consult the managed\-keys database maintained by
-\fBnamed\fP, which means that if either of the keys in \fB@sysconfdir@/bind.keys\fP is
+\fI\%named\fP, which means that if either of the keys in \fB@sysconfdir@/bind.keys\fP is
revoked and rolled over, \fB@sysconfdir@/bind.keys\fP must be updated to
use DNSSEC validation in \fBdelv\fP\&.
.UNINDENT
.TP
.B +[no]dnssec
This option indicates whether to display RRSIG records in the \fBdelv\fP output.
-The default is to do so. Note that (unlike in \fBdig\fP) this does
+The default is to do so. Note that (unlike in \fI\%dig\fP) this does
\fInot\fP control whether to request DNSSEC records or to
validate them. DNSSEC records are always requested, and validation
always occurs unless suppressed by the use of \fI\%\-i\fP or
\fB/etc/resolv.conf\fP
.SH SEE ALSO
.sp
-\fBdig(1)\fP, \fBnamed(8)\fP, \fI\%RFC 4034\fP, \fI\%RFC 4035\fP, \fI\%RFC 4431\fP, \fI\%RFC 5074\fP, \fI\%RFC 5155\fP\&.
+\fI\%dig(1)\fP, \fI\%named(8)\fP, \fI\%RFC 4034\fP, \fI\%RFC 4035\fP, \fI\%RFC 4431\fP, \fI\%RFC 5074\fP, \fI\%RFC 5155\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.INDENT 0.0
.TP
.B \-k keyfile
-This option tells \fBnamed\fP to sign queries using TSIG using a key read from the given file. Key
-files can be generated using \fBtsig\-keygen\fP\&. When using TSIG
+This option tells \fI\%named\fP to sign queries using TSIG using a key read from the given file. Key
+files can be generated using \fI\%tsig\-keygen\fP\&. When using TSIG
authentication with \fBdig\fP, the name server that is queried needs to
know the key and algorithm that is being used. In BIND, this is done
by providing appropriate \fBkey\fP and \fBserver\fP statements in
-\fBnamed.conf\fP\&.
+\fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B +[no]fail
-This option indicates that \fBnamed\fP should try [or not try] the next server if a SERVFAIL is received. The default is
+This option indicates that \fI\%named\fP should try [or not try] the next server if a SERVFAIL is received. The default is
to not try the next server, which is the reverse of normal stub
resolver behavior.
.UNINDENT
.INDENT 0.0
.TP
.B +[no]sigchase
-This feature is now obsolete and has been removed; use \fBdelv\fP
+This feature is now obsolete and has been removed; use \fI\%delv\fP
instead.
.UNINDENT
.INDENT 0.0
.TP
.B +[no]topdown
This feature is related to \fBdig +sigchase\fP, which is obsolete and
-has been removed. Use \fBdelv\fP instead.
+has been removed. Use \fI\%delv\fP instead.
.UNINDENT
.INDENT 0.0
.TP
.TP
.B +trusted\-key=####
This option formerly specified trusted keys for use with \fBdig +sigchase\fP\&. This
-feature is now obsolete and has been removed; use \fBdelv\fP instead.
+feature is now obsolete and has been removed; use \fI\%delv\fP instead.
.UNINDENT
.INDENT 0.0
.TP
\fB${HOME}/.digrc\fP
.SH SEE ALSO
.sp
-\fBdelv(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&.
+\fI\%delv(1)\fP, \fI\%host(1)\fP, \fI\%named(8)\fP, \fI\%dnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&.
.SH BUGS
.sp
There are probably too many query options.
DNSKEY records so that they can be authenticated. The \fI\%\-d path\fP option
specifies the location of a file containing the current DS records. For
example, this could be a \fBdsset\-\fP file generated by
-\fBdnssec\-signzone\fP, or the output of \fBdnssec\-dsfromkey\fP, or the
+\fI\%dnssec\-signzone\fP, or the output of \fI\%dnssec\-dsfromkey\fP, or the
output of a previous run of \fBdnssec\-cds\fP\&.
.sp
The \fBdnssec\-cds\fP command uses special DNSSEC validation logic
.UNINDENT
.UNINDENT
.sp
-Alternatively, :option\(gadnssec\-cds \-u\(ga writes an \fBnsupdate\fP script to the
+Alternatively, :option\(gadnssec\-cds \-u\(ga writes an \fI\%nsupdate\fP script to the
standard output. The \fI\%\-u\fP and \fI\%\-i\fP options can be used together to
-maintain a \fBdsset\-\fP file as well as emit an \fBnsupdate\fP script.
+maintain a \fBdsset\-\fP file as well as emit an \fI\%nsupdate\fP script.
.SH OPTIONS
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-u
-This option writes an \fBnsupdate\fP script to the standard output, instead of
+This option writes an \fI\%nsupdate\fP script to the standard output, instead of
printing the new DS reords. The output is empty if no change is
needed.
.sp
Note: The TTL of new records needs to be specified: it can be done in the
original \fBdsset\-\fP file, with the \fI\%\-T\fP option, or using the
-\fBnsupdate\fP \fBttl\fP command.
+\fI\%nsupdate\fP \fBttl\fP command.
.UNINDENT
.INDENT 0.0
.TP
changed.
.SH EXAMPLES
.sp
-Before running \fBdnssec\-signzone\fP, ensure that the delegations
+Before running \fI\%dnssec\-signzone\fP, ensure that the delegations
are up\-to\-date by running \fBdnssec\-cds\fP on every \fBdsset\-\fP file.
.sp
To fetch the child records required by \fBdnssec\-cds\fP, invoke
-\fBdig\fP as in the script below. It is acceptable if the \fBdig\fP fails, since
+\fI\%dig\fP as in the script below. It is acceptable if the \fI\%dig\fP fails, since
\fBdnssec\-cds\fP performs all the necessary checking.
.INDENT 0.0
.INDENT 3.5
.UNINDENT
.UNINDENT
.sp
-When the parent zone is automatically signed by \fBnamed\fP,
-\fBdnssec\-cds\fP can be used with \fBnsupdate\fP to maintain a delegation as follows.
+When the parent zone is automatically signed by \fI\%named\fP,
+\fBdnssec\-cds\fP can be used with \fI\%nsupdate\fP to maintain a delegation as follows.
The \fBdsset\-\fP file allows the script to avoid having to fetch and
validate the parent DS records, and it maintains the replay attack
protection time.
.UNINDENT
.SH SEE ALSO
.sp
-\fBdig(1)\fP, \fBdnssec\-settime(8)\fP, \fBdnssec\-signzone(8)\fP, \fBnsupdate(1)\fP, BIND 9 Administrator
+\fI\%dig(1)\fP, \fI\%dnssec\-settime(8)\fP, \fI\%dnssec\-signzone(8)\fP, \fI\%nsupdate(1)\fP, BIND 9 Administrator
Reference Manual, \fI\%RFC 7344\fP\&.
.SH AUTHOR
Internet Systems Consortium
The input keys can be specified in a number of ways:
.sp
By default, \fBdnssec\-dsfromkey\fP reads a key file named in the format
-\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fBdnssec\-keygen\fP\&.
+\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fI\%dnssec\-keygen\fP\&.
.sp
With the \fI\%\-f file\fP option, \fBdnssec\-dsfromkey\fP reads keys from a zone
file or partial zone file (which can contain just the DNSKEY records).
.sp
With the \fI\%\-s\fP option, \fBdnssec\-dsfromkey\fP reads a \fBkeyset\-\fP file,
-as generated by \fBdnssec\-keygen\fP \fI\%\-C\fP\&.
+as generated by \fI\%dnssec\-keygen\fP \fI\%\-C\fP\&.
.SH OPTIONS
.INDENT 0.0
.TP
omitted.
.sp
If \fBfile\fP is \fB\-\fP, then the zone data is read from the standard
-input. This makes it possible to use the output of the \fBdig\fP
+input. This makes it possible to use the output of the \fI\%dig\fP
command as input, as in:
.sp
\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fP
.sp
The keyfile can be designated by the key identification
\fBKnnnn.+aaa+iiiii\fP or the full file name \fBKnnnn.+aaa+iiiii.key\fP, as
-generated by \fBdnssec\-keygen\fP\&.
+generated by \fI\%dnssec\-keygen\fP\&.
.sp
The keyset file name is built from the \fBdirectory\fP, the string
\fBkeyset\-\fP, and the \fBdnsname\fP\&.
A keyfile error may return "file not found," even if the file exists.
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
+\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
\fI\%RFC 3658\fP (DS RRs), \fI\%RFC 4509\fP (SHA\-256 for DS RRs),
\fI\%RFC 6605\fP (SHA\-384 for DS RRs), \fI\%RFC 7344\fP (CDS and CDNSKEY RRs).
.SH AUTHOR
.sp
A keyfile can be designed by the key identification \fBKnnnn.+aaa+iiiii\fP
or the full file name \fBKnnnn.+aaa+iiiii.key\fP, as generated by
-\fBdnssec\-keygen\fP\&.
+\fI\%dnssec\-keygen\fP\&.
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
+\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
\fI\%RFC 5011\fP\&.
.SH AUTHOR
Internet Systems Consortium
\fBdnssec\-keyfromlabel\fP generates a pair of key files that reference a
key object stored in a cryptographic hardware service module (HSM). The
private key file can be used for DNSSEC signing of zone data as if it
-were a conventional signing key created by \fBdnssec\-keygen\fP, but the
+were a conventional signing key created by \fI\%dnssec\-keygen\fP, but the
key material is stored within the HSM and the actual signing takes
place there.
.sp
security reasons, this file does not have general read permission.
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
+\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
\fI\%RFC 4034\fP, \fI\%RFC 7512\fP\&.
.SH AUTHOR
Internet Systems Consortium
.sp
In prior releases, HMAC algorithms could be generated for use as TSIG
keys, but that feature was removed in BIND 9.13.0. Use
-\fBtsig\-keygen\fP to generate TSIG keys.
+\fI\%tsig\-keygen\fP to generate TSIG keys.
.UNINDENT
.INDENT 0.0
.TP
\fBKnnnn.+aaa+iiiii.private\fP contains the private key.
.sp
The \fB\&.key\fP file contains a DNSKEY or KEY record. When a zone is being
-signed by \fBnamed\fP or \fBdnssec\-signzone \-S\fP, DNSKEY records are
+signed by \fI\%named\fP or \fI\%dnssec\-signzone \-S\fP, DNSKEY records are
included automatically. In other cases, the \fB\&.key\fP file can be
inserted into a zone file manually or with an \fB$INCLUDE\fP statement.
.sp
\fBdnssec\-keygen \-a ECDSAP256SHA256 \-f KSK example.com\fP
.SH SEE ALSO
.sp
-\fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 2539\fP,
+\fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 2539\fP,
\fI\%RFC 2845\fP, \fI\%RFC 4034\fP\&.
.SH AUTHOR
Internet Systems Consortium
.UNINDENT
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
+\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
\fBdnssec\-settime\fP reads a DNSSEC private key file and sets the key
timing metadata as specified by the \fI\%\-P\fP, \fI\%\-A\fP, \fI\%\-R\fP,
\fI\%\-I\fP, and \fI\%\-D\fP options. The metadata can then be used by
-\fBdnssec\-signzone\fP or other signing software to determine when a key is
+\fI\%dnssec\-signzone\fP or other signing software to determine when a key is
to be published, whether it should be used for signing a zone, etc.
.sp
If none of these options is set on the command line,
.UNINDENT
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
+\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual,
\fI\%RFC 5011\fP\&.
.SH AUTHOR
Internet Systems Consortium
possible time before signatures that have been retrieved by resolvers
expire from resolver caches. Zones that are signed with this
option should be configured to use a matching \fBmax\-zone\-ttl\fP in
-\fBnamed.conf\fP\&. (Note: This option is incompatible with \fI\%\-D\fP,
+\fI\%named.conf\fP\&. (Note: This option is incompatible with \fI\%\-D\fP,
because it modifies non\-DNSSEC data in the output zone.)
.UNINDENT
.INDENT 0.0
textual representation of the zone; \fBfull\fP, which is text output in a
format suitable for processing by external scripts; and \fBraw\fP and
\fBraw=N\fP, which store the zone in binary formats for rapid loading by
-\fBnamed\fP\&. \fBraw=N\fP specifies the format version of the raw zone file:
-if N is 0, the raw file can be read by any version of \fBnamed\fP; if N is
+\fI\%named\fP\&. \fBraw=N\fP specifies the format version of the raw zone file:
+if N is 0, the raw file can be read by any version of \fI\%named\fP; if N is
1, the file can be read by release 9.9.0 or higher. The default is 1.
.UNINDENT
.INDENT 0.0
.B \-x
This option indicates that BIND 9 should only sign the DNSKEY, CDNSKEY, and CDS RRsets with key\-signing keys,
and should omit signatures from zone\-signing keys. (This is similar to the
-\fBdnssec\-dnskey\-kskonly yes;\fP zone option in \fBnamed\fP\&.)
+\fBdnssec\-dnskey\-kskonly yes;\fP zone option in \fI\%named\fP\&.)
.UNINDENT
.INDENT 0.0
.TP
This option indicates that BIND 9 should ignore the KSK flag on keys when determining what to sign. This causes
KSK\-flagged keys to sign all records, not just the DNSKEY RRset.
(This is similar to the \fBupdate\-check\-ksk no;\fP zone option in
-\fBnamed\fP\&.)
+\fI\%named\fP\&.)
.UNINDENT
.INDENT 0.0
.TP
.SH EXAMPLE
.sp
The following command signs the \fBexample.com\fP zone with the
-ECDSAP256SHA256 key generated by \fBdnssec\-keygen\fP
+ECDSAP256SHA256 key generated by \fI\%dnssec\-keygen\fP
(Kexample.com.+013+17247). Because the \fI\%\-S\fP option is not being used,
the zone\(aqs keys must be in the master file (\fBdb.example.com\fP). This
invocation looks for \fBdsset\fP files in the current directory, so that
.sp
In the above example, \fBdnssec\-signzone\fP creates the file
\fBdb.example.com.signed\fP\&. This file should be referenced in a zone
-statement in the \fBnamed.conf\fP file.
+statement in the \fI\%named.conf\fP file.
.sp
This example re\-signs a previously signed zone with default parameters.
The private keys are assumed to be in the current directory.
.UNINDENT
.SH SEE ALSO
.sp
-\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP,
+\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP,
\fI\%RFC 4641\fP\&.
.SH AUTHOR
Internet Systems Consortium
Without this flag, it is assumed that the DNSKEY RRset is signed
by all active keys. When this flag is set, it is not an error if
the DNSKEY RRset is not signed by zone\-signing keys. This corresponds
-to the \fB\-x option in dnssec\-signzone\fP\&.
+to the \fI\%\-x option in dnssec\-signzone\fP\&.
.UNINDENT
.INDENT 0.0
.TP
the KSK flag state, and that other RRsets be signed by a
non\-revoked key for the same algorithm that includes the self\-signed
key; the same key may be used for both purposes. This corresponds to
-the \fB\-z option in dnssec\-signzone\fP\&.
+the \fI\%\-z option in dnssec\-signzone\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.UNINDENT
.SH SEE ALSO
.sp
-\fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP\&.
+\fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.UNINDENT
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBrndc(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%named(8)\fP, \fI\%rndc(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
\fBplugin query\fP "filter\-a.so" [{ parameters }];
.SH DESCRIPTION
.sp
-\fBfilter\-a.so\fP is a query plugin module for \fBnamed\fP, enabling
-\fBnamed\fP to omit some IPv4 addresses when responding to clients.
+\fBfilter\-a.so\fP is a query plugin module for \fI\%named\fP, enabling
+\fI\%named\fP to omit some IPv4 addresses when responding to clients.
.sp
For example:
.INDENT 0.0
\fBplugin query\fP "filter\-aaaa.so" [{ parameters }];
.SH DESCRIPTION
.sp
-\fBfilter\-aaaa.so\fP is a query plugin module for \fBnamed\fP, enabling
-\fBnamed\fP to omit some IPv6 addresses when responding to clients.
+\fBfilter\-aaaa.so\fP is a query plugin module for \fI\%named\fP, enabling
+\fI\%named\fP to omit some IPv6 addresses when responding to clients.
.sp
-Until BIND 9.12, this feature was implemented natively in \fBnamed\fP and
+Until BIND 9.12, this feature was implemented natively in \fI\%named\fP and
enabled with the \fBfilter\-aaaa\fP ACL and the \fBfilter\-aaaa\-on\-v4\fP and
\fBfilter\-aaaa\-on\-v6\fP options. These options are now deprecated in
-\fBnamed.conf\fP but can be passed as parameters to the
+\fI\%named.conf\fP but can be passed as parameters to the
\fBfilter\-aaaa.so\fP plugin, for example:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
.B \-C
-This option indicates that \fBnamed\fP should check consistency, meaning that \fBhost\fP queries the SOA records for zone
+This option indicates that \fI\%named\fP should check consistency, meaning that \fBhost\fP queries the SOA records for zone
\fBname\fP from all the listed authoritative name servers for that
zone. The list of name servers is defined by the NS records that are
found for the zone.
.INDENT 0.0
.TP
.B \-l
-This option tells \fBnamed\fP to list the zone, meaning the \fBhost\fP command performs a zone transfer of zone
+This option tells \fI\%named\fP to list the zone, meaning the \fBhost\fP command performs a zone transfer of zone
\fBname\fP and prints out the NS, PTR, and address records (A/AAAA).
.sp
Together, the \fI\%\-l\fP \fI\%\-a\fP options print all records in the zone.
.INDENT 0.0
.TP
.B \-s
-This option tells \fBnamed\fP \fInot\fP to send the query to the next nameserver if any server responds
+This option tells \fI\%named\fP \fInot\fP to send the query to the next nameserver if any server responds
with a SERVFAIL response, which is the reverse of normal stub
resolver behavior.
.UNINDENT
.INDENT 0.0
.TP
.B \-W wait
-This options sets the length of the wait timeout, indicating that \fBnamed\fP should wait for up to \fBwait\fP seconds for a reply. If \fBwait\fP is
+This options sets the length of the wait timeout, indicating that \fI\%named\fP should wait for up to \fBwait\fP seconds for a reply. If \fBwait\fP is
less than 1, the wait interval is set to 1 second.
.sp
By default, \fBhost\fP waits for 5 seconds for UDP responses and 10
\fB/etc/resolv.conf\fP
.SH SEE ALSO
.sp
-\fBdig(1)\fP, \fBnamed(8)\fP\&.
+\fI\%dig(1)\fP, \fI\%named(8)\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
\fBmdig\fP [@server] {global\-opt...} { {local\-opt...} {query} ...}
.SH DESCRIPTION
.sp
-\fBmdig\fP is a multiple/pipelined query version of \fBdig\fP: instead of
+\fBmdig\fP is a multiple/pipelined query version of \fI\%dig\fP: instead of
waiting for a response after sending each query, it begins by sending
all queries. Responses are displayed in the order in which they are
received, not in the order the corresponding queries were sent.
.sp
-\fBmdig\fP options are a subset of the \fBdig\fP options, and are divided
+\fBmdig\fP options are a subset of the \fI\%dig\fP options, and are divided
into "anywhere options," which can occur anywhere, "global options," which
must occur before the query name (or they are ignored with a warning),
and "local options," which apply to the next query on the command line.
.sp
The \fB@server\fP option is a mandatory global option. It is the name or IP
-address of the name server to query. (Unlike \fBdig\fP, this value is not
+address of the name server to query. (Unlike \fI\%dig\fP, this value is not
retrieved from \fB/etc/resolv.conf\fP\&.) It can be an IPv4 address in
dotted\-decimal notation, an IPv6 address in colon\-delimited notation, or
a hostname. When the supplied \fBserver\fP argument is a hostname,
.UNINDENT
.SH SEE ALSO
.sp
-\fBdig(1)\fP, \fI\%RFC 1035\fP\&.
+\fI\%dig(1)\fP, \fI\%RFC 1035\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.SH DESCRIPTION
.sp
\fBnamed\-checkconf\fP checks the syntax, but not the semantics, of a
-\fBnamed\fP configuration file. The file, along with all files included by it, is parsed and checked for syntax
+\fI\%named\fP configuration file. The file, along with all files included by it, is parsed and checked for syntax
errors. If no file is specified,
\fB@sysconfdir@/named.conf\fP is read by default.
.sp
-Note: files that \fBnamed\fP reads in separate parser contexts, such as
+Note: files that \fI\%named\fP reads in separate parser contexts, such as
\fBrndc.key\fP and \fBbind.keys\fP, are not automatically read by
\fBnamed\-checkconf\fP\&. Configuration errors in these files may cause
-\fBnamed\fP to fail to run, even if \fBnamed\-checkconf\fP was successful.
+\fI\%named\fP to fail to run, even if \fBnamed\-checkconf\fP was successful.
However, \fBnamed\-checkconf\fP can be run on these files explicitly.
.SH OPTIONS
.INDENT 0.0
.INDENT 0.0
.TP
.B \-j
-When loading a zonefile, this option instructs \fBnamed\fP to read the journal if it exists.
+When loading a zonefile, this option instructs \fI\%named\fP to read the journal if it exists.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-p
-This option prints out the \fBnamed.conf\fP and included files in canonical form if
+This option prints out the \fI\%named.conf\fP and included files in canonical form if
no errors were detected. See also the \fI\%\-x\fP option.
.UNINDENT
.INDENT 0.0
.TP
.B \-t directory
-This option instructs \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
+This option instructs \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
configuration file are processed as if run by a similarly chrooted
-\fBnamed\fP\&.
+\fI\%named\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-x
When printing the configuration files in canonical form, this option obscures
shared secrets by replacing them with strings of question marks
-(\fB?\fP). This allows the contents of \fBnamed.conf\fP and related files
+(\fB?\fP). This allows the contents of \fI\%named.conf\fP and related files
to be shared \- for example, when submitting bug reports \-
without compromising private data. This option cannot be used without
\fI\%\-p\fP\&.
.INDENT 0.0
.TP
.B \-z
-This option performs a test load of all zones of type \fBprimary\fP found in \fBnamed.conf\fP\&.
+This option performs a test load of all zones of type \fBprimary\fP found in \fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
and 0 otherwise.
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnamed\-checkzone(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%named(8)\fP, \fI\%named\-checkzone(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.SH DESCRIPTION
.sp
\fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It
-performs the same checks as \fBnamed\fP does when loading a zone. This
+performs the same checks as \fI\%named\fP does when loading a zone. This
makes \fBnamed\-checkzone\fP useful for checking zone files before
configuring them into a name server.
.SH OPTIONS
.INDENT 0.0
.TP
.B \-j
-When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal
+When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal
file name is assumed to be the zone file name with the
string \fB\&.jnl\fP appended.
.UNINDENT
.INDENT 0.0
.TP
.B \-J filename
-When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if
+When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if
it exists. This implies \fI\%\-j\fP\&.
.UNINDENT
.INDENT 0.0
.sp
Possible formats are \fBtext\fP (the default), which is the standard
textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which
-store the zone in a binary format for rapid loading by \fBnamed\fP\&.
+store the zone in a binary format for rapid loading by \fI\%named\fP\&.
\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
-0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the
+0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the
file can only be read by release 9.9.0 or higher. The default is 1.
.UNINDENT
.INDENT 0.0
.B \-l ttl
This option sets a maximum permissible TTL for the input file. Any record with a
TTL higher than this value causes the zone to be rejected. This
-is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&.
+is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-t directory
-This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
+This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
configuration file are processed as if run by a similarly chrooted
-\fBnamed\fP\&.
+\fI\%named\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-w directory
-This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
+This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
\fB$INCLUDE\fP directives work. This is similar to the directory clause in
-\fBnamed.conf\fP\&.
+\fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
and 0 otherwise.
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-compilezone(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference
+\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-compilezone(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference
Manual.
.SH AUTHOR
Internet Systems Consortium
\fBnamed\-compilezone\fP checks the syntax and integrity of a zone file,
and dumps the zone contents to a specified file in a specified format.
It applies strict check levels by default, since the
-dump output is used as an actual zone file loaded by \fBnamed\fP\&.
+dump output is used as an actual zone file loaded by \fI\%named\fP\&.
When manually specified otherwise, the check levels must at least be as
-strict as those specified in the \fBnamed\fP configuration file.
+strict as those specified in the \fI\%named\fP configuration file.
.SH OPTIONS
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-v
-This option prints the version of the \fBnamed\-checkzone\fP program and exits.
+This option prints the version of the \fI\%named\-checkzone\fP program and exits.
.UNINDENT
.INDENT 0.0
.TP
.B \-j
-When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal
+When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal
file name is assumed to be the zone file name with the
string \fB\&.jnl\fP appended.
.UNINDENT
.INDENT 0.0
.TP
.B \-J filename
-When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if
+When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if
it exists. This implies \fI\%\-j\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-F format
This option specifies the format of the output file specified. For
-\fBnamed\-checkzone\fP, this does not have any effect unless it dumps
+\fI\%named\-checkzone\fP, this does not have any effect unless it dumps
the zone contents.
.sp
Possible formats are \fBtext\fP (the default), which is the standard
textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which
-store the zone in a binary format for rapid loading by \fBnamed\fP\&.
+store the zone in a binary format for rapid loading by \fI\%named\fP\&.
\fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is
-0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the
+0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the
file can only be read by release 9.9.0 or higher. The default is 1.
.UNINDENT
.INDENT 0.0
.B \-l ttl
This option sets a maximum permissible TTL for the input file. Any record with a
TTL higher than this value causes the zone to be rejected. This
-is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&.
+is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-t directory
-This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
+This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the
configuration file are processed as if run by a similarly chrooted
-\fBnamed\fP\&.
+\fI\%named\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-w directory
-This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
+This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file
\fB$INCLUDE\fP directives work. This is similar to the directory clause in
-\fBnamed.conf\fP\&.
+\fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
and 0 otherwise.
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP, \fI:rfc:\(ga1035\fP,
+\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI:rfc:\(ga1035\fP,
BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
printing it in a human\-readable form, or, optionally, converting it
to a different journal file format.
.sp
-Journal files are automatically created by \fBnamed\fP when changes are
-made to dynamic zones (e.g., by \fBnsupdate\fP). They record each addition
+Journal files are automatically created by \fI\%named\fP when changes are
+made to dynamic zones (e.g., by \fI\%nsupdate\fP). They record each addition
or deletion of a resource record, in binary format, allowing the changes
to be re\-applied to the zone when the server is restarted after a
shutdown or crash. By default, the name of the journal file is formed by
.sp
The \fB\-c\fP (compact) option provides a mechanism to reduce the size of
a journal by removing (most/all) transactions prior to the specified
-serial number. Note: this option \fImust not\fP be used while \fBnamed\fP is
+serial number. Note: this option \fImust not\fP be used while \fI\%named\fP is
running, and can cause data loss if the zone file has not been updated
to contain the data being removed from the journal. Use with extreme caution.
.sp
versions of BIND up to 9.16.11; \fB\-u\fP writes it out in the format used
by versions since 9.16.13. (9.16.12 is omitted due to a journal\-formatting
bug in that release.) Note that these options \fImust not\fP be used while
-\fBnamed\fP is running.
+\fI\%named\fP is running.
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnsupdate(1)\fP, BIND 9 Administrator Reference Manual.
+\fI\%named(8)\fP, \fI\%nsupdate(1)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.sp
\fBnamed\-nzd2nzf\fP converts an NZD database to NZF format and prints it
to standard output. This can be used to review the configuration of
-zones that were added to \fBnamed\fP via \fBrndc addzone\fP\&. It can also be
+zones that were added to \fI\%named\fP via \fI\%rndc addzone\fP\&. It can also be
used to restore the old file format when rolling back from a newer
version of BIND to an older version.
.SH ARGUMENTS
.UNINDENT
.SH SEE ALSO
.sp
-\fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fBnamed(8)\fP\&.
+\fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named(8)\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
This option acquires a lock on the specified file at runtime; this helps to
prevent duplicate \fBnamed\fP instances from running simultaneously.
Use of this option overrides the \fBlock\-file\fP option in
-\fBnamed.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled.
+\fI\%named.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled.
.UNINDENT
.SH SIGNALS
.sp
In routine operation, signals should not be used to control the
-nameserver; \fBrndc\fP should be used instead.
+nameserver; \fI\%rndc\fP should be used instead.
.INDENT 0.0
.TP
.B SIGHUP
.UNINDENT
.SH SEE ALSO
.sp
-\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP, \fBrndc(8)\fP, \fBnamed.conf(5)\fP, BIND 9 Administrator Reference Manual.
+\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI\%rndc(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
\fBnamed.conf\fP
.SH DESCRIPTION
.sp
-\fBnamed.conf\fP is the configuration file for \fBnamed\fP\&.
+\fBnamed.conf\fP is the configuration file for \fI\%named\fP\&.
Statements are enclosed in braces and terminated with a semi\-colon.
Clauses in the statements are also semi\-colon terminated. The usual
comment styles are supported:
\fB@sysconfdir@/named.conf\fP
.SH SEE ALSO
.sp
-\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBtsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fI\%tsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.INDENT 0.0
.TP
.B \fBhost [server]\fP
-This command looks up information for \fBhost\fP using the current default server or
-using \fBserver\fP, if specified. If \fBhost\fP is an Internet address and the
-query type is A or PTR, the name of the host is returned. If \fBhost\fP is
+This command looks up information for \fI\%host\fP using the current default server or
+using \fBserver\fP, if specified. If \fI\%host\fP is an Internet address and the
+query type is A or PTR, the name of the host is returned. If \fI\%host\fP is
a name and does not have a trailing period (\fB\&.\fP), the search list is used
to qualify the name.
.sp
\fB/etc/resolv.conf\fP
.SH SEE ALSO
.sp
-\fBdig(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP\&.
+\fI\%dig(1)\fP, \fI\%host(1)\fP, \fI\%named(8)\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
statements are added to \fB@sysconfdir@/named.conf\fP so that the name server
can associate the appropriate secret key and algorithm with the IP
address of the client application that is using TSIG
-authentication. \fBddns\-confgen\fP can generate suitable
+authentication. \fI\%ddns\-confgen\fP can generate suitable
configuration fragments. \fBnsupdate\fP uses the \fI\%\-y\fP or \fI\%\-k\fP options
to provide the TSIG shared secret; these options are mutually exclusive.
.sp
.TP
.B \-k keyfile
This option indicates the file containing the TSIG authentication key. Keyfiles may be in
-two formats: a single file containing a \fBnamed.conf\fP\-format \fBkey\fP
-statement, which may be generated automatically by \fBddns\-confgen\fP;
+two formats: a single file containing a \fI\%named.conf\fP\-format \fBkey\fP
+statement, which may be generated automatically by \fI\%ddns\-confgen\fP;
or a pair of files whose names are of the format
\fBK{name}.+157.+{random}.key\fP and
\fBK{name}.+157.+{random}.private\fP, which can be generated by
-\fBdnssec\-keygen\fP\&. The \fI\%\-k\fP option can also be used to specify a SIG(0)
+\fI\%dnssec\-keygen\fP\&. The \fI\%\-k\fP option can also be used to specify a SIG(0)
key used to authenticate Dynamic DNS update requests. In this case,
the key specified is not an HMAC\-MD5 key.
.UNINDENT
(disabling the \fBserver\fP so that the server address cannot be
overridden). Connections to the local server use a TSIG key
found in \fB@runstatedir@/session.key\fP, which is automatically
-generated by \fBnamed\fP if any local \fBprimary\fP zone has set
+generated by \fI\%named\fP if any local \fBprimary\fP zone has set
\fBupdate\-policy\fP to \fBlocal\fP\&. The location of this key file can be
overridden with the \fI\%\-k\fP option.
.UNINDENT
Sets the default TSIG key for use in local\-only mode
.TP
.B \fBK{name}.+157.+{random}.key\fP
-Base\-64 encoding of the HMAC\-MD5 key created by \fBdnssec\-keygen\fP\&.
+Base\-64 encoding of the HMAC\-MD5 key created by \fI\%dnssec\-keygen\fP\&.
.TP
.B \fBK{name}.+157.+{random}.private\fP
-Base\-64 encoding of the HMAC\-MD5 key created by \fBdnssec\-keygen\fP\&.
+Base\-64 encoding of the HMAC\-MD5 key created by \fI\%dnssec\-keygen\fP\&.
.UNINDENT
.SH SEE ALSO
.sp
\fI\%RFC 2136\fP, \fI\%RFC 3007\fP, \fI\%RFC 2104\fP, \fI\%RFC 2845\fP, \fI\%RFC 1034\fP, \fI\%RFC 2535\fP, \fI\%RFC 2931\fP,
-\fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fBtsig\-keygen(8)\fP\&.
+\fI\%named(8)\fP, \fI\%dnssec\-keygen(8)\fP, \fI\%tsig\-keygen(8)\fP\&.
.SH BUGS
.sp
The TSIG key is redundantly stored in two separate files. This is a
\fBrndc\-confgen\fP [\fB\-a\fP] [\fB\-A\fP algorithm] [\fB\-b\fP keysize] [\fB\-c\fP keyfile] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-p\fP port] [\fB\-s\fP address] [\fB\-t\fP chrootdir] [\fB\-u\fP user]
.SH DESCRIPTION
.sp
-\fBrndc\-confgen\fP generates configuration files for \fBrndc\fP\&. It can be
-used as a convenient alternative to writing the \fBrndc.conf\fP file and
-the corresponding \fBcontrols\fP and \fBkey\fP statements in \fBnamed.conf\fP
+\fBrndc\-confgen\fP generates configuration files for \fI\%rndc\fP\&. It can be
+used as a convenient alternative to writing the \fI\%rndc.conf\fP file and
+the corresponding \fBcontrols\fP and \fBkey\fP statements in \fI\%named.conf\fP
by hand. Alternatively, it can be run with the \fI\%\-a\fP option to set up a
-\fBrndc.key\fP file and avoid the need for a \fBrndc.conf\fP file and a
+\fBrndc.key\fP file and avoid the need for a \fI\%rndc.conf\fP file and a
\fBcontrols\fP statement altogether.
.SH OPTIONS
.INDENT 0.0
.TP
.B \-a
-This option sets automatic \fBrndc\fP configuration, which creates a file
-\fB@sysconfdir@/rndc.key\fP that is read by both \fBrndc\fP and \fBnamed\fP on startup.
+This option sets automatic \fI\%rndc\fP configuration, which creates a file
+\fB@sysconfdir@/rndc.key\fP that is read by both \fI\%rndc\fP and \fI\%named\fP on startup.
The \fBrndc.key\fP file defines a default command channel and
-authentication key allowing \fBrndc\fP to communicate with \fBnamed\fP on
+authentication key allowing \fI\%rndc\fP to communicate with \fI\%named\fP on
the local host with no further configuration.
.sp
If a more elaborate configuration than that generated by
\fI\%rndc\-confgen \-a\fP is required, for example if rndc is to be used
remotely, run \fBrndc\-confgen\fP without the \fI\%\-a\fP option
-and set up \fBrndc.conf\fP and \fBnamed.conf\fP as directed.
+and set up \fI\%rndc.conf\fP and \fI\%named.conf\fP as directed.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-k keyname
-This option specifies the key name of the \fBrndc\fP authentication key. This must be a
+This option specifies the key name of the \fI\%rndc\fP authentication key. This must be a
valid domain name. The default is \fBrndc\-key\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.B \-p port
-This option specifies the command channel port where \fBnamed\fP listens for
-connections from \fBrndc\fP\&. The default is 953.
+This option specifies the command channel port where \fI\%named\fP listens for
+connections from \fI\%rndc\fP\&. The default is 953.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B \-s address
-This option specifies the IP address where \fBnamed\fP listens for command\-channel
-connections from \fBrndc\fP\&. The default is the loopback address
+This option specifies the IP address where \fI\%named\fP listens for command\-channel
+connections from \fI\%rndc\fP\&. The default is the loopback address
127.0.0.1.
.UNINDENT
.INDENT 0.0
.TP
.B \-t chrootdir
-This option is used with the \fI\%\-a\fP option to specify a directory where \fBnamed\fP
+This option is used with the \fI\%\-a\fP option to specify a directory where \fI\%named\fP
runs chrooted. An additional copy of the \fBrndc.key\fP is
written relative to this directory, so that it is found by the
-chrooted \fBnamed\fP\&.
+chrooted \fI\%named\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.UNINDENT
.SH EXAMPLES
.sp
-To allow \fBrndc\fP to be used with no manual configuration, run:
+To allow \fI\%rndc\fP to be used with no manual configuration, run:
.sp
\fBrndc\-confgen \-a\fP
.sp
-To print a sample \fBrndc.conf\fP file and the corresponding \fBcontrols\fP and
-\fBkey\fP statements to be manually inserted into \fBnamed.conf\fP, run:
+To print a sample \fI\%rndc.conf\fP file and the corresponding \fBcontrols\fP and
+\fBkey\fP statements to be manually inserted into \fI\%named.conf\fP, run:
.sp
\fBrndc\-confgen\fP
.SH SEE ALSO
.sp
-\fBrndc(8)\fP, \fBrndc.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%rndc(8)\fP, \fI\%rndc.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.sp
\fBrndc\fP communicates with the name server over a TCP connection,
sending commands authenticated with digital signatures. In the current
-versions of \fBrndc\fP and \fBnamed\fP, the only supported authentication
+versions of \fBrndc\fP and \fI\%named\fP, the only supported authentication
algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224,
HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared
secret on each end of the connection, which provides TSIG\-style
.INDENT 0.0
.TP
.B \-r
-This option instructs \fBrndc\fP to print the result code returned by \fBnamed\fP
+This option instructs \fBrndc\fP to print the result code returned by \fI\%named\fP
after executing the requested command (e.g., ISC_R_SUCCESS,
ISC_R_FAILURE, etc.).
.UNINDENT
.TP
.B \-y key_id
This option indicates use of the key \fBkey_id\fP from the configuration file. For control message validation to succeed, \fBkey_id\fP must be known
-by \fBnamed\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified,
+by \fI\%named\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified,
\fBrndc\fP first looks for a key clause in the server statement of
the server being used, or if no server statement is present for that
host, then in the default\-key clause of the options statement. Note that
This command adds a zone while the server is running. This command requires the
\fBallow\-new\-zones\fP option to be set to \fByes\fP\&. The configuration
string specified on the command line is the zone configuration text
-that would ordinarily be placed in \fBnamed.conf\fP\&.
+that would ordinarily be placed in \fI\%named.conf\fP\&.
.sp
The configuration is saved in a file called \fBviewname.nzf\fP (or, if
-\fBnamed\fP is compiled with liblmdb, an LMDB database file called
+\fI\%named\fP is compiled with liblmdb, an LMDB database file called
\fBviewname.nzd\fP). \fBviewname\fP is the name of the view, unless the view
name contains characters that are incompatible with use as a file
name, in which case a cryptographic hash of the view name is used
-instead. When \fBnamed\fP is restarted, the file is loaded into
+instead. When \fI\%named\fP is restarted, the file is loaded into
the view configuration so that zones that were added can persist
after a restart.
.sp
.sp
If the zone was originally added via \fBrndc addzone\fP, then it is
removed permanently. However, if it was originally configured in
-\fBnamed.conf\fP, then that original configuration remains in place;
+\fI\%named.conf\fP, then that original configuration remains in place;
when the server is restarted or reconfigured, the zone is
recreated. To remove it permanently, it must also be removed from
-\fBnamed.conf\fP\&.
+\fI\%named.conf\fP\&.
.sp
See also \fI\%rndc addzone\fP and \fI\%rndc modzone\fP\&.
.UNINDENT
\fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a
specific key (overriding the original key lifetime).
.sp
-\fBrndc dnssec \-checkds\fP will let \fBnamed\fP know that the DS for the given
+\fBrndc dnssec \-checkds\fP will let \fI\%named\fP know that the DS for the given
key has been seen published into or withdrawn from the parent. This is
required in order to complete a KSK rollover. If the \fB\-key id\fP argument
is specified, look for the key with the given identifier, otherwise if there
.TP
.B dnstap (\-reopen | \-roll [number])
This command closes and re\-opens DNSTAP output files. \fBrndc dnstap \-reopen\fP allows
-the output file to be renamed externally, so that \fBnamed\fP can
+the output file to be renamed externally, so that \fI\%named\fP can
truncate and re\-open it. \fBrndc dnstap \-roll\fP causes the output file
to be rolled automatically, similar to log files. The most recent
output file has ".0" appended to its name; the previous most recent
This command stops the server immediately. Recent changes made through dynamic
update or IXFR are not saved to the master files, but are rolled
forward from the journal files when the server is restarted. If
-\fB\-p\fP is specified, \fBnamed\fP\(aqs process ID is returned. This allows
-an external process to determine when \fBnamed\fP has completed
+\fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned. This allows
+an external process to determine when \fI\%named\fP has completed
halting.
.sp
See also \fI\%rndc stop\fP\&.
.sp
Existing keys that are already trusted are not deleted from
memory; DNSSEC validation can continue after this command is used.
-However, key maintenance operations cease until \fBnamed\fP is
+However, key maintenance operations cease until \fI\%named\fP is
restarted or reconfigured, and all existing key maintenance states
are deleted.
.sp
-Running \fI\%rndc reconfig\fP or restarting \fBnamed\fP immediately
+Running \fI\%rndc reconfig\fP or restarting \fI\%named\fP immediately
after this command causes key maintenance to be reinitialized
from scratch, just as if the server were being started for the
first time. This is primarily intended for testing, but it may
command requires the \fBallow\-new\-zones\fP option to be set to \fByes\fP\&.
As with \fBaddzone\fP, the configuration string specified on the
command line is the zone configuration text that would ordinarily be
-placed in \fBnamed.conf\fP\&.
+placed in \fI\%named.conf\fP\&.
.sp
If the zone was originally added via \fI\%rndc addzone\fP, the
configuration changes are recorded permanently and are still
in effect after the server is restarted or reconfigured. However, if
-it was originally configured in \fBnamed.conf\fP, then that original
+it was originally configured in \fI\%named.conf\fP, then that original
configuration remains in place; when the server is restarted or
reconfigured, the zone reverts to its original configuration. To
make the changes permanent, it must also be modified in
-\fBnamed.conf\fP\&.
+\fI\%named.conf\fP\&.
.sp
See also \fI\%rndc addzone\fP and \fI\%rndc delzone\fP\&.
.UNINDENT
.B nta [(\-class class | \-dump | \-force | \-remove | \-lifetime duration)] domain [view]
This command sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fP, with a
lifetime of \fBduration\fP\&. The default lifetime is configured in
-\fBnamed.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one
+\fI\%named.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one
hour. The lifetime cannot exceed one week.
.sp
A negative trust anchor selectively disables DNSSEC validation for
zones that are known to be failing because of misconfiguration rather
than an attack. When data to be validated is at or below an active
-NTA (and above any other configured trust anchors), \fBnamed\fP
+NTA (and above any other configured trust anchors), \fI\%named\fP
aborts the DNSSEC validation process and treats the data as insecure
rather than bogus. This continues until the NTA\(aqs lifetime has
elapsed.
.sp
-NTAs persist across restarts of the \fBnamed\fP server. The NTAs for a
+NTAs persist across restarts of the \fI\%named\fP server. The NTAs for a
view are saved in a file called \fBname.nta\fP, where \fBname\fP is the name
of the view; if it contains characters that are incompatible with
use as a file name, a cryptographic hash is generated from the name of
of existing NTAs is printed. Note that this may include NTAs that are
expired but have not yet been cleaned up.
.sp
-Normally, \fBnamed\fP periodically tests to see whether data below
+Normally, \fI\%named\fP periodically tests to see whether data below
an NTA can now be validated (see the \fBnta\-recheck\fP option in the
Administrator Reference Manual for details). If data can be
validated, then the NTA is regarded as no longer necessary and is
.sp
Query logging can also be enabled by explicitly directing the
\fBqueries\fP \fBcategory\fP to a \fBchannel\fP in the \fBlogging\fP section
-of \fBnamed.conf\fP, or by specifying \fBquerylog yes;\fP in the
-\fBoptions\fP section of \fBnamed.conf\fP\&.
+of \fI\%named.conf\fP, or by specifying \fBquerylog yes;\fP in the
+\fBoptions\fP section of \fI\%named.conf\fP\&.
.UNINDENT
.INDENT 0.0
.TP
.INDENT 0.0
.TP
.B recursing
-This command dumps the list of queries \fBnamed\fP is currently
+This command dumps the list of queries \fI\%named\fP is currently
recursing on, and the list of domains to which iterative queries
are currently being sent.
.sp
\fBrndc\fP response channel and printed to the standard output.
Otherwise, it is written to the secroots dump file, which defaults to
\fBnamed.secroots\fP, but can be overridden via the \fBsecroots\-file\fP
-option in \fBnamed.conf\fP\&.
+option in \fI\%named.conf\fP\&.
.sp
See also \fI\%rndc managed\-keys\fP\&.
.UNINDENT
.TP
.B serve\-stale (on | off | reset | status) [class [view]]
This command enables, disables, resets, or reports the current status of
-the serving of stale answers as configured in \fBnamed.conf\fP\&.
+the serving of stale answers as configured in \fI\%named.conf\fP\&.
.sp
If serving of stale answers is disabled by \fBrndc\-serve\-stale off\fP, then it
-remains disabled even if \fBnamed\fP is reloaded or reconfigured. \fBrndc
-serve\-stale reset\fP restores the setting as configured in \fBnamed.conf\fP\&.
+remains disabled even if \fI\%named\fP is reloaded or reconfigured. \fBrndc
+serve\-stale reset\fP restores the setting as configured in \fI\%named.conf\fP\&.
.sp
\fBrndc serve\-stale status\fP reports whether caching and serving of stale
answers is currently enabled or disabled. It also reports the values of
chain should be set. \fBiterations\fP defines the number of additional times to apply
the algorithm when generating an NSEC3 hash. The \fBsalt\fP is a string
of data expressed in hexadecimal, a hyphen (\fI\-\(aq) if no salt is to be
-used, or the keyword \(ga\(gaauto\(ga\fP, which causes \fBnamed\fP to generate a
+used, or the keyword \(ga\(gaauto\(ga\fP, which causes \fI\%named\fP to generate a
random 64\-bit salt.
.sp
So, for example, to create an NSEC3 chain using the SHA\-1 hash
.B stop \-p
This command stops the server, making sure any recent changes made through dynamic
update or IXFR are first saved to the master files of the updated
-zones. If \fB\-p\fP is specified, \fBnamed\fP\(aqs process ID is returned.
-This allows an external process to determine when \fBnamed\fP has
+zones. If \fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned.
+This allows an external process to determine when \fI\%named\fP has
completed stopping.
.sp
See also \fI\%rndc halt\fP\&.
.TP
.B tsig\-list
This command lists the names of all TSIG keys currently configured for use by
-\fBnamed\fP in each view. The list includes both statically configured keys and
+\fI\%named\fP in each view. The list includes both statically configured keys and
dynamic TKEY\-negotiated keys.
.UNINDENT
.INDENT 0.0
Several error messages could be clearer.
.SH SEE ALSO
.sp
-\fBrndc.conf(5)\fP, \fBrndc\-confgen(8)\fP,
-\fBnamed(8)\fP, \fBnamed.conf(5)\fP, BIND 9 Administrator
+\fI\%rndc.conf(5)\fP, \fI\%rndc\-confgen(8)\fP,
+\fI\%named(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator
Reference Manual.
.SH AUTHOR
Internet Systems Consortium
\fBrndc.conf\fP
.SH DESCRIPTION
.sp
-\fBrndc.conf\fP is the configuration file for \fBrndc\fP, the BIND 9 name
+\fBrndc.conf\fP is the configuration file for \fI\%rndc\fP, the BIND 9 name
server control utility. This file has a similar structure and syntax to
-\fBnamed.conf\fP\&. Statements are enclosed in braces and terminated with a
+\fI\%named.conf\fP\&. Statements are enclosed in braces and terminated with a
semi\-colon. Clauses in the statements are also semi\-colon terminated.
The usual comment styles are supported:
.sp
.sp
Unix style: # to end of line
.sp
-\fBrndc.conf\fP is much simpler than \fBnamed.conf\fP\&. The file uses three
+\fBrndc.conf\fP is much simpler than \fI\%named.conf\fP\&. The file uses three
statements: an options statement, a server statement, and a key
statement.
.sp
The \fBoptions\fP statement contains five clauses. The \fBdefault\-server\fP
clause is followed by the name or address of a name server. This host
-is used when no name server is given as an argument to \fBrndc\fP\&.
+is used when no name server is given as an argument to \fI\%rndc\fP\&.
The \fBdefault\-key\fP clause is followed by the name of a key, which is
identified by a \fBkey\fP statement. If no \fBkeyid\fP is provided on the
rndc command line, and no \fBkey\fP clause is found in a matching
.sp
The \fBkey\fP statement begins with an identifying string, the name of the
key. The statement has two clauses. \fBalgorithm\fP identifies the
-authentication algorithm for \fBrndc\fP to use; currently only HMAC\-MD5
+authentication algorithm for \fI\%rndc\fP to use; currently only HMAC\-MD5
(for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default),
HMAC\-SHA384, and HMAC\-SHA512 are supported. This is followed by a secret
clause which contains the base\-64 encoding of the algorithm\(aqs
authentication key. The base\-64 string is enclosed in double quotes.
.sp
There are two common ways to generate the base\-64 string for the secret.
-The BIND 9 program \fBrndc\-confgen\fP can be used to generate a random
+The BIND 9 program \fI\%rndc\-confgen\fP can be used to generate a random
key, or the \fBmmencode\fP program, also known as \fBmimencode\fP, can be
used to generate a base\-64 string from known input. \fBmmencode\fP does
not ship with BIND 9 but is available on many systems. See the Example
.UNINDENT
.UNINDENT
.sp
-In the above example, \fBrndc\fP by default uses the server at
+In the above example, \fI\%rndc\fP by default uses the server at
localhost (127.0.0.1) and the key called "samplekey". Commands to the
localhost server use the "samplekey" key, which must also be defined
in the server\(aqs configuration file with the same name and secret. The
and its secret clause contains the base\-64 encoding of the HMAC\-SHA256
secret enclosed in double quotes.
.sp
-If \fBrndc \-s testserver\fP is used, then \fBrndc\fP connects to the server
+If \fI\%rndc \-s testserver\fP is used, then \fI\%rndc\fP connects to the server
on localhost port 5353 using the key "testkey".
.sp
-To generate a random secret with \fBrndc\-confgen\fP:
+To generate a random secret with \fI\%rndc\-confgen\fP:
.sp
-\fBrndc\-confgen\fP
+\fI\%rndc\-confgen\fP
.sp
A complete \fBrndc.conf\fP file, including the randomly generated key,
is written to the standard output. Commented\-out \fBkey\fP and
-\fBcontrols\fP statements for \fBnamed.conf\fP are also printed.
+\fBcontrols\fP statements for \fI\%named.conf\fP are also printed.
.sp
To generate a base\-64 secret with \fBmmencode\fP:
.sp
.sp
The name server must be configured to accept rndc connections and to
recognize the key specified in the \fBrndc.conf\fP file, using the
-controls statement in \fBnamed.conf\fP\&. See the sections on the
+controls statement in \fI\%named.conf\fP\&. See the sections on the
\fBcontrols\fP statement in the BIND 9 Administrator Reference Manual for
details.
.SH SEE ALSO
.sp
-\fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBmmencode(1)\fP, BIND 9 Administrator Reference Manual.
+\fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fBmmencode(1)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
.sp
\fBtsig\-keygen\fP is an utility that generates keys for use in TSIG signing.
The resulting keys can be used, for example, to secure dynamic DNS updates
-to a zone, or for the \fBrndc\fP command channel.
+to a zone, or for the \fI\%rndc\fP command channel.
.sp
A domain name can be specified on the command line to be used as the name
of the generated key. If no name is specified, the default is \fBtsig\-key\fP\&.
.UNINDENT
.SH SEE ALSO
.sp
-\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
+\fI\%nsupdate(1)\fP, \fI\%named.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
projects / thirdparty / bind9.git / commitdiff
