From: Tinderbox User Date: Sun, 16 Feb 2014 21:08:15 +0000 (+0000) Subject: regen master X-Git-Tag: v9.10.0b1~110 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6d382c9fcec316a84a237779fb64bb471b6f9d43;p=thirdparty%2Fbind9.git regen master --- diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index e1885c90559..18b5e92d979 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -70,39 +70,39 @@
DNSSEC, Dynamic Zones, and Automatic Signing
-
Converting from insecure to secure
-
Dynamic DNS update method
-
Fully automatic zone signing
-
Private-type records
-
DNSKEY rollovers
-
Dynamic DNS update method
-
Automatic key rollovers
-
NSEC3PARAM rollovers via UPDATE
-
Converting from NSEC to NSEC3
-
Converting from NSEC3 to NSEC
-
Converting from secure to insecure
-
Periodic re-signing
-
NSEC3 and OPTOUT
+
Converting from insecure to secure
+
Dynamic DNS update method
+
Fully automatic zone signing
+
Private-type records
+
DNSKEY rollovers
+
Dynamic DNS update method
+
Automatic key rollovers
+
NSEC3PARAM rollovers via UPDATE
+
Converting from NSEC to NSEC3
+
Converting from NSEC3 to NSEC
+
Converting from secure to insecure
+
Periodic re-signing
+
NSEC3 and OPTOUT
Dynamic Trust Anchor Management
-
Validating Resolver
-
Authoritative Server
+
Validating Resolver
+
Authoritative Server
PKCS#11 (Cryptoki) support
-
Prerequisites
-
Native PKCS#11
-
OpenSSL-based PKCS#11
-
PKCS#11 Tools
-
Using the HSM
-
Specifying the engine on the command line
-
Running named with automatic zone re-signing
+
Prerequisites
+
Native PKCS#11
+
OpenSSL-based PKCS#11
+
PKCS#11 Tools
+
Using the HSM
+
Specifying the engine on the command line
+
Running named with automatic zone re-signing
DLZ (Dynamically Loadable Zones)
-
Configuring DLZ
-
Sample DLZ Driver
+
Configuring DLZ
+
Sample DLZ Driver
IPv6 Support in BIND 9
@@ -1071,7 +1071,7 @@ options { from insecure to signed and back again. A secure zone can use either NSEC or NSEC3 chains.

-Converting from insecure to secure

+Converting from insecure to secure

Changing a zone from insecure to secure can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.

@@ -1097,7 +1097,7 @@ options { well. An NSEC chain will be generated as part of the initial signing process.

-Dynamic DNS update method

+Dynamic DNS update method

To insert the keys via dynamic update:

         % nsupdate
@@ -1133,7 +1133,7 @@ options {
 

While the initial signing and NSEC/NSEC3 chain generation is happening, other updates are possible as well.

-Fully automatic zone signing

+Fully automatic zone signing

To enable automatic signing, add the auto-dnssec option to the zone statement in named.conf. @@ -1189,7 +1189,7 @@ options { configuration. If this has not been done, the configuration will fail.

-Private-type records

+Private-type records

The state of the signing process is signaled by private-type records (with a default type value of 65534). When signing is complete, these records will have a nonzero value for @@ -1230,12 +1230,12 @@ options {

-DNSKEY rollovers

+DNSKEY rollovers

As with insecure-to-secure conversions, rolling DNSSEC keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.

-Dynamic DNS update method

+Dynamic DNS update method

To perform key rollovers via dynamic update, you need to add the K* files for the new keys so that named can find them. You can then add the new @@ -1257,7 +1257,7 @@ options { named will clean out any signatures generated by the old key after the update completes.

-Automatic key rollovers

+Automatic key rollovers

When a new key reaches its activation date (as set by dnssec-keygen or dnssec-settime), if the auto-dnssec zone option is set to @@ -1272,27 +1272,27 @@ options { completes in 30 days, after which it will be safe to remove the old key from the DNSKEY RRset.

-NSEC3PARAM rollovers via UPDATE

+NSEC3PARAM rollovers via UPDATE

Add the new NSEC3PARAM record via dynamic update. When the new NSEC3 chain has been generated, the NSEC3PARAM flag field will be zero. At this point you can remove the old NSEC3PARAM record. The old chain will be removed after the update request completes.

-Converting from NSEC to NSEC3

+Converting from NSEC to NSEC3

To do this, you just need to add an NSEC3PARAM record. When the conversion is complete, the NSEC chain will have been removed and the NSEC3PARAM record will have a zero flag field. The NSEC3 chain will be generated before the NSEC chain is destroyed.

-Converting from NSEC3 to NSEC

+Converting from NSEC3 to NSEC

To do this, use nsupdate to remove all NSEC3PARAM records with a zero flag field. The NSEC chain will be generated before the NSEC3 chain is removed.

-Converting from secure to insecure

+Converting from secure to insecure

To convert a signed zone to unsigned using dynamic DNS, delete all the DNSKEY records from the zone apex using nsupdate. All signatures, NSEC or NSEC3 chains, @@ -1307,14 +1307,14 @@ options { allow instead (or it will re-sign).

-Periodic re-signing

+Periodic re-signing

In any secure zone which supports dynamic updates, named will periodically re-sign RRsets which have not been re-signed as a result of some update action. The signature lifetimes will be adjusted so as to spread the re-sign load over time rather than all at once.

-NSEC3 and OPTOUT

+NSEC3 and OPTOUT

named only supports creating new NSEC3 chains where all the NSEC3 records in the zone have the same OPTOUT @@ -1336,7 +1336,7 @@ options { configuration files.

-Validating Resolver

+Validating Resolver

To configure a validating resolver to use RFC 5011 to maintain a trust anchor, configure the trust anchor using a managed-keys statement. Information about @@ -1347,7 +1347,7 @@ options {

-Authoritative Server

+Authoritative Server

To set up an authoritative zone for RFC 5011 trust anchor maintenance, generate two (or more) key signing keys (KSKs) for the zone. Sign the zone with one of them; this is the "active" @@ -1443,7 +1443,7 @@ $ dnssec-signzone -S -K keys example.net<

-Prerequisites

+Prerequisites

See the documentation provided by your HSM vendor for information about installing, initializing, testing and @@ -1452,7 +1452,7 @@ $ dnssec-signzone -S -K keys example.net<

-Native PKCS#11

+Native PKCS#11

Native PKCS#11 mode will only work with an HSM capable of carrying out every cryptographic operation BIND 9 may @@ -1486,7 +1486,7 @@ $ ./configure --enable-native-pkcs11 \

-OpenSSL-based PKCS#11

+OpenSSL-based PKCS#11

OpenSSL-based PKCS#11 mode uses a modified version of the OpenSSL library; stock OpenSSL does not fully support PKCS#11. @@ -1544,7 +1544,7 @@ $ ./configure --enable-native-pkcs11 \

-Patching OpenSSL

+Patching OpenSSL
 $ wget http://www.openssl.org/source/openssl-0.9.8y.tar.gz
   
@@ -1577,7 +1577,7 @@ $ patch -p1 -d openssl-0.9.8y \

-Building OpenSSL for the AEP Keyper on Linux

+Building OpenSSL for the AEP Keyper on Linux

The AEP Keyper is a highly secure key storage device, but does not provide hardware cryptographic acceleration. It @@ -1619,7 +1619,7 @@ $ ./Configure linux-generic32 -m32 -pthread \

-Building OpenSSL for the SCA 6000 on Solaris

+Building OpenSSL for the SCA 6000 on Solaris

The SCA-6000 PKCS#11 provider is installed as a system library, libpkcs11. It is a true crypto accelerator, up to 4 @@ -1648,7 +1648,7 @@ $ ./Configure solaris64-x86_64-cc \

-Building OpenSSL for SoftHSM

+Building OpenSSL for SoftHSM

SoftHSM is a software library provided by the OpenDNSSEC project (http://www.opendnssec.org) which provides a PKCS#11 @@ -1721,7 +1721,7 @@ $ ./Configure linux-x86_64 -pthread \

-Configuring BIND 9 for Linux with the AEP Keyper

+Configuring BIND 9 for Linux with the AEP Keyper

To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -1741,7 +1741,7 @@ $ ./configure CC="gcc -m32" --enable-threads \

-Configuring BIND 9 for Solaris with the SCA 6000

+Configuring BIND 9 for Solaris with the SCA 6000

To link with the PKCS#11 provider, threads must be enabled in the BIND 9 build. @@ -1763,7 +1763,7 @@ $ ./configure CC="cc -xarch=amd64" --enable-thre

-Configuring BIND 9 for SoftHSM

+Configuring BIND 9 for SoftHSM
 $ cd ../bind9
 $ ./configure --enable-threads \
@@ -1784,7 +1784,7 @@ $ ./configure --enable-threads \
 
 

-PKCS#11 Tools

+PKCS#11 Tools

BIND 9 includes a minimal set of tools to operate the HSM, including @@ -1807,7 +1807,7 @@ $ ./configure --enable-threads \

-Using the HSM

+Using the HSM

For OpenSSL-based PKCS#11, we must first set up the runtime environment so the OpenSSL and PKCS#11 libraries can be loaded: @@ -1928,7 +1928,7 @@ example.net.signed

-Specifying the engine on the command line

+Specifying the engine on the command line

When using OpenSSL-based PKCS#11, the "engine" to be used by OpenSSL can be specified in named and all of @@ -1960,7 +1960,7 @@ $ dnssec-signzone -E '' -S example.net

-Running named with automatic zone re-signing

+Running named with automatic zone re-signing

If you want named to dynamically re-sign zones using HSM keys, and/or to to sign new records inserted via nsupdate, @@ -2047,7 +2047,7 @@ $ dnssec-signzone -E '' -S example.net

-Configuring DLZ

+Configuring DLZ

A DLZ database is configured with a dlz statement in named.conf: @@ -2096,7 +2096,7 @@ $ dnssec-signzone -E '' -S example.net

-Sample DLZ Driver

+Sample DLZ Driver

For guidance in implementation of DLZ modules, the directory contrib/dlz/example contains a basic diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html index fb251a9e6b2..b5d7ed40350 100644 --- a/doc/arm/Bv9ARM.ch09.html +++ b/doc/arm/Bv9ARM.ch09.html @@ -57,13 +57,13 @@

BIND 9 DNS Library Support
-
Prerequisite
-
Compilation
-
Installation
-
Known Defects/Restrictions
-
The dns.conf File
-
Sample Applications
-
Library References
+
Prerequisite
+
Compilation
+
Installation
+
Known Defects/Restrictions
+
The dns.conf File
+
Sample Applications
+
Library References
@@ -648,7 +648,7 @@

-Prerequisite

+Prerequisite

GNU make is required to build the export libraries (other part of BIND 9 can still be built with other types of make). In the reminder of this document, "make" means GNU make. Note that @@ -657,7 +657,7 @@

-Compilation

+Compilation
 $ ./configure --enable-exportlib [other flags]
 $ make
@@ -672,7 +672,7 @@ $ make
 
 

-Installation

+Installation
 $ cd lib/export
 $ make install
@@ -694,7 +694,7 @@ $ make install
 
 

-Known Defects/Restrictions

+Known Defects/Restrictions
  • Currently, win32 is not supported for the export library. (Normal BIND 9 application can be built as @@ -734,7 +734,7 @@ $ make

-The dns.conf File

+The dns.conf File

The IRS library supports an "advanced" configuration file related to the DNS library for configuration parameters that would be beyond the capability of the @@ -752,14 +752,14 @@ $ make

-Sample Applications

+Sample Applications

Some sample application programs using this API are provided for reference. The following is a brief description of these applications.

-sample: a simple stub resolver utility

+sample: a simple stub resolver utility

It sends a query of a given name (of a given optional RR type) to a specified recursive server, and prints the result as a list of @@ -823,7 +823,7 @@ $ make

-sample-async: a simple stub resolver, working asynchronously

+sample-async: a simple stub resolver, working asynchronously

Similar to "sample", but accepts a list of (query) domain names as a separate file and resolves the names @@ -864,7 +864,7 @@ $ make

-sample-request: a simple DNS transaction client

+sample-request: a simple DNS transaction client

It sends a query to a specified server, and prints the response with minimal processing. It doesn't act as a @@ -905,7 +905,7 @@ $ make

-sample-gai: getaddrinfo() and getnameinfo() test code

+sample-gai: getaddrinfo() and getnameinfo() test code

This is a test program to check getaddrinfo() and getnameinfo() behavior. It takes a @@ -922,7 +922,7 @@ $ make

-sample-update: a simple dynamic update client program

+sample-update: a simple dynamic update client program

It accepts a single update command as a command-line argument, sends an update request message to the @@ -1017,7 +1017,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm

-nsprobe: domain/name server checker in terms of RFC 4074

+nsprobe: domain/name server checker in terms of RFC 4074

It checks a set of domains to see the name servers of the domains behave @@ -1074,7 +1074,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm

-Library References

+Library References

As of this writing, there is no formal "manual" of the libraries, except this document, header files (some of them provide pretty detailed explanations), and sample application diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html index 0bec17ce22f..484c0615ba3 100644 --- a/doc/arm/Bv9ARM.ch10.html +++ b/doc/arm/Bv9ARM.ch10.html @@ -55,6 +55,9 @@ host — DNS lookup utility

+delve — DNS lookup and validation utility +
+
dnssec-checkds — A DNSSEC delegation consistency checking tool.
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 8ae49e29a47..39d0809893e 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -113,39 +113,39 @@
DNSSEC, Dynamic Zones, and Automatic Signing
-
Converting from insecure to secure
-
Dynamic DNS update method
-
Fully automatic zone signing
-
Private-type records
-
DNSKEY rollovers
-
Dynamic DNS update method
-
Automatic key rollovers
-
NSEC3PARAM rollovers via UPDATE
-
Converting from NSEC to NSEC3
-
Converting from NSEC3 to NSEC
-
Converting from secure to insecure
-
Periodic re-signing
-
NSEC3 and OPTOUT
+
Converting from insecure to secure
+
Dynamic DNS update method
+
Fully automatic zone signing
+
Private-type records
+
DNSKEY rollovers
+
Dynamic DNS update method
+
Automatic key rollovers
+
NSEC3PARAM rollovers via UPDATE
+
Converting from NSEC to NSEC3
+
Converting from NSEC3 to NSEC
+
Converting from secure to insecure
+
Periodic re-signing
+
NSEC3 and OPTOUT
Dynamic Trust Anchor Management
-
Validating Resolver
-
Authoritative Server
+
Validating Resolver
+
Authoritative Server
PKCS#11 (Cryptoki) support
-
Prerequisites
-
Native PKCS#11
-
OpenSSL-based PKCS#11
-
PKCS#11 Tools
-
Using the HSM
-
Specifying the engine on the command line
-
Running named with automatic zone re-signing
+
Prerequisites
+
Native PKCS#11
+
OpenSSL-based PKCS#11
+
PKCS#11 Tools
+
Using the HSM
+
Specifying the engine on the command line
+
Running named with automatic zone re-signing
DLZ (Dynamically Loadable Zones)
-
Configuring DLZ
-
Sample DLZ Driver
+
Configuring DLZ
+
Sample DLZ Driver
IPv6 Support in BIND 9
@@ -251,13 +251,13 @@
BIND 9 DNS Library Support
-
Prerequisite
-
Compilation
-
Installation
-
Known Defects/Restrictions
-
The dns.conf File
-
Sample Applications
-
Library References
+
Prerequisite
+
Compilation
+
Installation
+
Known Defects/Restrictions
+
The dns.conf File
+
Sample Applications
+
Library References
I. Manual pages
@@ -269,6 +269,9 @@ host — DNS lookup utility
+delve — DNS lookup and validation utility +
+
dnssec-checkds — A DNSSEC delegation consistency checking tool.
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index c250c20be81..96af559b39e 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -50,20 +50,20 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index fefb429a96a..d6642e642f3 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -50,7 +50,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name | -z zone ] [-q] [name]

-

DESCRIPTION

+

DESCRIPTION

ddns-confgen generates a key for use by nsupdate and named. It simplifies configuration @@ -77,7 +77,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -144,7 +144,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), @@ -152,7 +152,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.delve.html b/doc/arm/man.delve.html index c5f6cb6b1a7..e6fa25e5136 100644 --- a/doc/arm/man.delve.html +++ b/doc/arm/man.delve.html @@ -52,7 +52,7 @@

delve [queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

delve (Domain Entity Lookup & Validation Engine) is a tool for sending DNS queries and validating the results, using the the same internal @@ -95,7 +95,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of delve looks like:

@@ -150,7 +150,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -265,7 +265,7 @@
-

QUERY OPTIONS

+

QUERY OPTIONS

delve provides a number of query options which affect the way results are displayed, and in some cases the way lookups are performed. @@ -445,12 +445,12 @@

-

FILES

+

FILES

/etc/bind.keys

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8), RFC4034, diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index fa50f9851ae..dd39ee631a2 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -52,7 +52,7 @@

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -99,7 +99,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of dig looks like:

@@ -152,7 +152,7 @@

-

OPTIONS

+

OPTIONS

The -b option sets the source IP address of the query to address. This must be a valid @@ -256,7 +256,7 @@

-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -623,7 +623,7 @@

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports @@ -669,7 +669,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

IDN SUPPORT

+

IDN SUPPORT

If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -683,14 +683,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

${HOME}/.digrc

-

SEE ALSO

+

SEE ALSO

host(1), named(8), dnssec-keygen(8), @@ -698,7 +698,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index aa567ba9027..12070f545af 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -22,7 +22,7 @@ - + @@ -31,7 +31,7 @@ dnssec-checkds -Prev  +Prev  Manual pages  Next @@ -51,7 +51,7 @@

dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

-

DESCRIPTION

+

DESCRIPTION

dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified @@ -59,7 +59,7 @@

-

OPTIONS

+

OPTIONS

-f file

@@ -88,14 +88,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

@@ -105,13 +105,13 @@ +Prev  - + diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index 5800b83f095..257fce97a67 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -50,7 +50,7 @@

dnssec-coverage [-K directory] [-l length] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [-k] [-z] [zone]

-

DESCRIPTION

+

DESCRIPTION

dnssec-coverage verifies that the DNSSEC keys for a given zone or a set of zones have timing metadata set properly to ensure no future lapses in DNSSEC @@ -78,7 +78,7 @@

-

OPTIONS

+

OPTIONS

-K directory

@@ -192,7 +192,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-checkds(8), dnssec-dsfromkey(8), @@ -201,7 +201,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index 6a1f7a12ec7..6780df2bd6a 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -51,14 +51,14 @@

dnssec-dsfromkey {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-T TTL] [-f file] [-A] [-v level] {dnsname}

-

DESCRIPTION

+

DESCRIPTION

dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).

-

OPTIONS

+

OPTIONS

-1

@@ -135,7 +135,7 @@

-

EXAMPLE

+

EXAMPLE

To build the SHA-256 DS RR from the Kexample.com.+003+26160 @@ -150,7 +150,7 @@

-

FILES

+

FILES

The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -164,13 +164,13 @@

-

CAVEAT

+

CAVEAT

A keyfile error can give a "file not found" even if the file exists.

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -180,7 +180,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 926350476f3..9c0f67c5ae3 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -50,7 +50,7 @@

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] [-y] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keyfromlabel gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 @@ -63,7 +63,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -226,7 +226,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -274,7 +274,7 @@

-

GENERATED KEY FILES

+

GENERATED KEY FILES

When dnssec-keyfromlabel completes successfully, @@ -313,7 +313,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -322,7 +322,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 8572e494950..84fa923795d 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -50,7 +50,7 @@

dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-z] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -64,7 +64,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -281,7 +281,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -355,7 +355,7 @@

-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, @@ -401,7 +401,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -422,7 +422,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 2539, @@ -431,7 +431,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index 01608df6a3b..cadbb5e6d2a 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -50,7 +50,7 @@

dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -58,7 +58,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -105,14 +105,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index 83392ab9792..efdeaa689b4 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -50,7 +50,7 @@

dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-settime reads a DNSSEC private key file and sets the key timing metadata as specified by the -P, -A, @@ -76,7 +76,7 @@

-

OPTIONS

+

OPTIONS

-f

@@ -127,7 +127,7 @@

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -206,7 +206,7 @@

-

PRINTING OPTIONS

+

PRINTING OPTIONS

dnssec-settime can also be used to print the timing metadata associated with a key. @@ -232,7 +232,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -240,7 +240,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 5674a46bbc2..d67b64e39e5 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -50,7 +50,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -490,7 +490,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated by dnssec-keygen @@ -520,14 +520,14 @@ db.example.com.signed %

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 4033, RFC 4641.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index f15f5871e61..81cffd0d741 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -50,7 +50,7 @@

dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -58,7 +58,7 @@

-

OPTIONS

+

OPTIONS

-c class

@@ -134,7 +134,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -142,7 +142,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 9e15fd90c3e..188cca907ba 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -50,7 +50,7 @@

genrandom [-n number] {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file or a set of files containing a specified quantity @@ -59,7 +59,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number

@@ -77,14 +77,14 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3)

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index 88413f29d60..5badecd7e47 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -23,7 +23,7 @@ - + -
-Prev  Up  Next
host delve  Home  dnssec-coverage Prev  Manual pages Next + Next
@@ -50,7 +50,7 @@

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -202,7 +202,7 @@

-

IDN SUPPORT

+

IDN SUPPORT

If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -216,12 +216,12 @@

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8).

@@ -234,14 +234,13 @@ Prev  UpNextNext dig  Homednssec-checkds - + delve
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 9708b072318..ddb1f29c87a 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -50,7 +50,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index cfa6f36e367..f9ef6671f07 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -50,7 +50,7 @@

named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -70,7 +70,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -119,21 +119,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkzone(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index fa20f6329ef..a0f905bd759 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -51,7 +51,7 @@

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -71,7 +71,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -297,14 +297,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkconf(8), RFC 1035, @@ -312,7 +312,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 0a175843835..e75a346a5b0 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -50,7 +50,7 @@

named-journalprint {journal}

-

DESCRIPTION

+

DESCRIPTION

named-journalprint prints the contents of a zone journal file in a human-readable @@ -76,7 +76,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), nsupdate(8), @@ -84,7 +84,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 6f9a2a1efac..bc9c128dd26 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -50,7 +50,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -65,7 +65,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -271,7 +271,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -292,7 +292,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is provided @@ -309,7 +309,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -322,7 +322,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, @@ -335,7 +335,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index d8d59140df2..65c3087d8fb 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -48,7 +48,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -80,14 +80,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 0fa598c0f2f..9f82369bda4 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -50,7 +50,7 @@

nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -226,7 +226,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -514,7 +514,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -568,7 +568,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -591,7 +591,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -606,7 +606,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index ab80427bffe..1f191d69313 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -50,7 +50,7 @@

rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -180,7 +180,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -197,7 +197,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -205,7 +205,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 7de076f4745..acb844918dc 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -50,7 +50,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -136,7 +136,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -210,7 +210,7 @@
     

-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -220,7 +220,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -228,7 +228,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 346c956b119..52573372e2e 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -50,7 +50,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -81,7 +81,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -147,7 +147,7 @@

-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can be seen by running rndc without arguments. @@ -530,7 +530,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -540,7 +540,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), @@ -550,7 +550,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium