ISC BIND 9 compiles and runs on a large number - of Unix-like operating systems and on + of Unix-like operating systems and on Microsoft Windows Server 2003 and 2008, and Windows XP and Vista. For an up-to-date list of supported systems, see the README file in the top level diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 90e6784d8f..3be703bc47 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -65,17 +65,17 @@
The dnssec-signzone program is used to sign a zone. @@ -914,7 +914,7 @@ allow-update { key host1-host2. ;};
To enable named to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -925,7 +925,7 @@ allow-update { key host1-host2. ;};
To enable named to validate answers from
other servers, the dnssec-enable option
must be set to yes, and the
- dnssec-validation options must be set to
+ dnssec-validation options must be set to
yes or auto.
@@ -1041,7 +1041,7 @@ options { including missing, expired, or invalid signatures, a key which does not match the DS RRset in the parent zone, or an insecure response from a zone which, according to its parent, should have - been secure. + been secure.
The state of the signing process is signaled by private-type records (with a default type value of 65534). When signing is complete, these records will have a nonzero value for @@ -1240,12 +1240,12 @@ options {
+DNSKEY rollovers
As with insecure-to-secure conversions, rolling DNSSEC keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.
+Dynamic DNS update method To perform key rollovers via dynamic update, you need to add
the K* files for the new keys so that
named can find them. You can then add the new
@@ -1346,7 +1346,7 @@ options {
configuration files.
To configure a validating resolver to use RFC 5011 to maintain a trust anchor, configure the trust anchor using a managed-keys statement. Information about @@ -1357,7 +1357,7 @@ options {
To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1510,7 +1510,7 @@ $ patch -p1 -d openssl-0.9.8s \
when we configure BIND 9.
The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -1542,7 +1542,7 @@ $ The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -1564,7 +1564,7 @@ $ SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
@@ -1624,12 +1624,12 @@ $ When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure. To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build. The PKCS #11 library for the AEP Keyper is currently
@@ -1645,7 +1645,7 @@ $ To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build. The OpenSSL engine can be specified in
named and all of the BIND
dnssec-* tools by using the "-E
@@ -1807,7 +1807,7 @@ $ If you want
named to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
@@ -1843,7 +1843,7 @@ $
BIND 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -1865,7 +1865,7 @@ $
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -1900,7 +1900,7 @@ host 3600 IN AAAA 2001:db8::1
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 029c0ae962..cc7bb3fa8e 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -45,13 +45,13 @@
Table of Contents
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 848664aee0..cf5ae74211 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -66,9 +66,9 @@
Numeric values can optionally be followed by a
@@ -443,12 +443,12 @@
(including
-
defines a named masters list for
inclusion in stub and slave zones'
- masters or
+ masters or
also-notify lists.
This is the grammar of the lwres
statement in the
The lwres statement configures the
name
@@ -2130,9 +2130,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
Each dns64 supports an optional
mapped ACL that selects which
- IPv4 addresses are to be mapped in the corresponding
+ IPv4 addresses are to be mapped in the corresponding
A RRset. If not defined it defaults to
If
If
- This mechanism can erroneously cause other servers to
- not give AAAA records to their clients.
+ This mechanism can erroneously cause other servers to
+ not give AAAA records to their clients.
A recursing server with both IPv6 and IPv4 network connections
that queries an authoritative server using this mechanism
via IPv4 will be denied AAAA records even if its client is
@@ -3877,7 +3877,7 @@ options {
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -4355,7 +4355,7 @@ avoid-v6-udp-ports {};
Note: BIND 9.5.0 introduced
- the use-queryport-pool
+ the use-queryport-pool
option to support a pool of such random ports, but this
option is now obsolete because reusing the same ports in
the pool may not be sufficiently secure.
@@ -4663,7 +4663,7 @@ avoid-v6-udp-ports {};
use-v4-udp-ports,
avoid-v4-udp-ports,
@@ -4705,7 +4705,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -4820,7 +4820,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
A "soft quota" is also set. When this lower
quota is exceeded, incoming requests are accepted, but
- for each one, a pending request will be dropped.
+ for each one, a pending request will be dropped.
If
BIND 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -6117,7 +6117,7 @@ deny-answer-aliases { "example.net"; };
BIND 9 includes a limited
mechanism to modify DNS responses for requests
@@ -6384,7 +6384,7 @@ ns.domain.com.rpz-nsdname CNAME .
This feature is only available when BIND 9
is compiled with the
Applications that depend on a particular XML schema
- can request
+ can request
http://127.0.0.1:8888/xml/v2 for version 2
- of the statistics XML schema or
+ of the statistics XML schema or
http://127.0.0.1:8888/xml/v3 for version 3.
If the requested schema is supported by the server, then
it will respond; if not, it will return a "page not found"
@@ -6962,7 +6962,7 @@ ns.domain.com.rpz-nsdname CNAME .
managed-keys Statement Definition
and Usage
- The managed-keys statement, like
+ The managed-keys statement, like
trusted-keys, defines DNSSEC
security roots. The difference is that
managed-keys can be kept up to date
@@ -7008,7 +7008,7 @@ ns.domain.com.rpz-nsdname CNAME .
The view statement is a powerful
feature
@@ -7374,7 +7374,7 @@ zone
The zone's name may optionally be followed by a class. If
a class is not specified, class
@@ -8176,7 +8176,7 @@ example.com. NS ns2.example.net.
- When set to
+ When set to
serial-update-method unixtime;, the
SOA serial number will be set to the number of seconds
since the UNIX epoch, unless the serial number is
@@ -8497,7 +8497,7 @@ example.com. NS ns2.example.net.
This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
+ and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the
- This rule takes a Windows machine principal
+ This rule takes a Windows machine principal
(machine$@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
@@ -8531,7 +8531,7 @@ example.com. NS ns2.example.net.
This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
- and converts it machine.realm allowing the machine
+ and converts it machine.realm allowing the machine
to update machine.realm. The REALM to be matched
is specified in the
- This rule takes a Kerberos machine principal
+ This rule takes a Kerberos machine principal
(host/machine@REALM) for machine in REALM and
converts it to machine.realm allowing the machine
to update subdomains of machine.realm. The REALM
@@ -9410,7 +9410,7 @@ example.com. NS ns2.example.net.
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -9944,18 +9944,18 @@ example.com. NS ns2.example.net.
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
- At the start of the zone file, it is the
+ At the start of the zone file, it is the
<
Syntax: $ORIGIN
Syntax: $INCLUDE
Syntax: $TTL
Syntax: $GENERATE
Table of Contents
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
The Internet Systems Consortium
(ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 7d22ab2ff3..f9299d8e2f 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,7 +45,7 @@
Table of Contents [RFC3597] Handling of Unknown DNS Resource Record (RR) Types. September 2003. [RFC3597] Handling of Unknown DNS Resource Record (RR) Types. September 2003. [RFC1101] DNS Encoding of Network Names
+ [RFC1101] DNS Encoding of Network Names
and Other Types. April 1989. GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -193,14 +193,14 @@ $ Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $
It checks a set
of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 4fe3d5182e..69aae283d7 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -109,17 +109,17 @@
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
dig
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -649,7 +649,7 @@
The BIND 9 implementation of dig
supports
@@ -695,7 +695,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -709,14 +709,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
host(1),
named(8),
dnssec-keygen(8),
@@ -724,7 +724,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
There are probably too many query options.
dnssec-checkds
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
dnssec-dsfromkey
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
The keyfile can be designed by the key identification
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -195,7 +195,7 @@
dnssec-keyfromlabel
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -66,7 +66,7 @@
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 0c34071325..73e92d3e4d 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -203,7 +203,7 @@
dnssec-settime can also be used to print the
timing metadata associated with a key.
@@ -229,7 +229,7 @@
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -237,7 +237,7 @@
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
@@ -520,7 +520,7 @@ db.example.com.signed
dnssec-verify
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
genrandom
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
host
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -206,7 +206,7 @@
If host has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -220,12 +220,12 @@
dig(1),
named(8).
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
named-checkconf
checks the syntax, but not the semantics, of a
named configuration file. The file is parsed
@@ -70,7 +70,7 @@
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index b47217a015..28b14695ba 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -50,7 +50,7 @@
named-journalprint
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
nsec3hash generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index b595c03a71..6019e85fcc 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -574,7 +574,7 @@
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 14c63333c5..a16beb78cd 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
./Configure linux-generic32 -m32 -pthread \
./Configure solaris64-x86_64-cc \
./Configure linux-x86_64 -pthread \
./configure CC="gcc -m32" --enable-threads \
@@ -1663,7 +1663,7 @@ $
./configure CC="cc -xarch=amd64" --enable-thre
and
$
cd ../bind9
$ ./configure --enable-threads \
@@ -1786,7 +1786,7 @@ example.net.signed
dnssec-signzone -E '' -S example.net
dnssec-signzone -E '' -S example.net
dnssec-signzone -E '' -S example.netip6.arpa domain, as well as the older, deprecated
ip6.int domain.
- Older versions of BIND 9
+ Older versions of BIND 9
supported the "binary label" (also known as "bitstring") format,
but support of binary labels has been completely removed per
RFC 3363.
@@ -1881,7 +1881,7 @@ $ dnssec-signzone -E '' -S example.net
size_spec
- for details on how they interpret its use.
+ for details on how they interpret its use.
max-cache-size), it may
mean the largest possible 32-bit unsigned integer
(0xffffffff); this distinction can be important when
- dealing with larger quantities.
+ dealing with larger quantities.
unlimited is usually the best way
to safely set a very large number.
default
+ default
uses the limit that was in force when the server was started.
named.conf file:
@@ -2079,7 +2079,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
-masters
@@ -2208,7 +2208,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[ forwarders { [ name [port ip_port] { ( masters_list |
+masters name [port ip_port] { ( masters_list |
ip_addr [port ip_port] [key key] ) ; [...] };
ip_addr [port ip_port] ; ... ] }; ]
[ dual-stack-servers [port ip_port] {
( domain_name [port ip_port] |
- ip_addr [port ip_port] ) ;
+ ip_addr [port ip_port] ) ;
... }; ]
[ check-names ( master | slave | response )
( warn | fail | ignore ); ]
@@ -2251,8 +2251,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[ address ( ip4_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ query-source-v6 ( ( ip6_addr | * )
- [ port ( ip_port | * ) ] |
- [ address ( ip6_addr | * ) ]
+ [ port ( ip_port | * ) ] |
+ [ address ( ip6_addr | * ) ]
[ port ( ip_port | * ) ] ) ; ]
[ use-queryport-pool yes_or_no; ]
[ queryport-pool-ports number; ]
@@ -2643,7 +2643,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
The pathname of a file to override the built-in trusted
keys provided by named.
See the discussion of dnssec-lookaside
- and dnssec-validation for details.
+ and dnssec-validation for details.
If not specified, the default is
/etc/bind.keys.
any;.
yes, then an empty EDNS(0)
- NSID (Name Server Identifier) option is sent with all
+ NSID (Name Server Identifier) option is sent with all
queries to authoritative name servers during iterative
resolution. If the authoritative server returns an NSID
option in its response, then its contents are logged in
@@ -3552,7 +3552,7 @@ options {
yes,
the DNS client is at an IPv4 address, in filter-aaaa,
- and if the response does not include DNSSEC signatures,
+ and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
@@ -3564,8 +3564,8 @@ options {
because the DNSSEC protocol is designed detect deletions.
recursive-clients is greater than
1000, the soft quota is set to
recursive-clients minus 100;
@@ -5055,7 +5055,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
waiting for
some data before being passed to accept. Nonzero values
less than 10 will be silently raised. A value of 0 may also
- be used; on most platforms this sets the listen queue
+ be used; on most platforms this sets the listen queue
length to a system-defined default value.
--enable-rrl
@@ -6811,7 +6811,7 @@ ns.domain.com.rpz-nsdname CNAME .
whether the local server will add a NSID EDNS option
to requests sent to the server. This overrides
request-nsid set at the view or
- option level.
+ option level.
initial-key. The difference is, whereas the
keys listed in a trusted-keys continue to be
trusted until they are removed from
- named.conf, an initializing key listed
+ named.conf, an initializing key listed
in a managed-keys statement is only trusted
once: for as long as it takes to load the
managed key database and start the RFC 5011 key maintenance
@@ -7088,7 +7088,7 @@ ns.domain.com.rpz-nsdname CNAME .
zone_name [ allow-query { address_match_list }; ]
[ server-addresses { [ ip_addr ; ... ] }; ]
- [ server-names { [ namelist ] }; ]
+ [ server-names { [ namelist ] }; ]
[ zone-statistics yes_or_no ; ]
};
@@ -7574,7 +7574,7 @@ zone zone_name [
Each static-stub zone is configured with
internally generated NS and (if necessary)
- glue A or AAAA RRs
+ glue A or AAAA RRs
zone_name ["*. IN A 100.100.100.2""*. IN AAAA 2001:ffff:ffff::100.100.100.2".
@@ -7666,7 +7666,7 @@ zone zone_name [
To redirect all Spanish names (under .ES) one
would use similar entries but with the names
- "*.ES." instead of "*.". To redirect all
+ "*.ES." instead of "*.". To redirect all
commercial Spanish names (under COM.ES) one
would use wildcard entries called "*.COM.ES.".
zone_name [
IN (for Internet),
@@ -7743,7 +7743,7 @@ zone zone_name [
zonename causes
named to load keys from the key
repository and sign the zone with all keys that are
- active.
+ active.
rndc loadkeys
zonename causes
named to load keys from the key
@@ -8207,7 +8207,7 @@ example.com. NS ns2.example.net.
the zone is updated.
identity
field.
@@ -8512,7 +8512,7 @@ example.com. NS ns2.example.net.
identity
field.
@@ -8546,7 +8546,7 @@ example.com. NS ns2.example.net.
zone_name> (followed by
trailing dot).
domain-name
@@ -9984,7 +9984,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
filename
@@ -10020,7 +10020,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
default-ttl
@@ -10039,7 +10039,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
range
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 0c424fd0b6..84843d53c3 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -45,18 +45,18 @@
-
DNS and the Internet
$
./configure --enable-exportlib
$ [other flags]make
@@ -113,7 +113,7 @@ $ make
$
cd lib/export
$ make install
@@ -135,7 +135,7 @@ $ make install
make
make
make
make
make
make
sample-update -a sample-update -k Kxxx.+nnn+mm
sample-update -a sample-update -k Kxxx.+nnn+mm
-
arpaname {ipaddress ...}DESCRIPTION
+DESCRIPTION
ddns-confgen [-a ] [algorithm-h] [-k ] [keyname-r ] [ -s randomfilename | -z zone ] [-q] [name]QUERY OPTIONS
+QUERY OPTIONS
MULTIPLE QUERIES
+MULTIPLE QUERIES
IDN SUPPORT
+IDN SUPPORT
SEE ALSO
+SEE ALSO
BUGS
+BUGS
dnssec-dsfromkey [-l ] [domain-f ] [file-d ] [dig path-D ] {zone}dsfromkey pathDESCRIPTION
+DESCRIPTION
dnssec-dsfromkey [-h] [-V]DESCRIPTION
+DESCRIPTION
FILES
+FILES
Knnnn.+aaa+iiiii or the full file name
@@ -179,13 +179,13 @@
SEE ALSO
+SEE ALSO
dnssec-keyfromlabel {-l label} [-3] [-a ] [algorithm-A ] [date/offset-c ] [class-D ] [date/offset-E ] [engine-f ] [flag-G] [-I ] [date/offset-i ] [interval-k] [-K ] [directory-L ] [ttl-n ] [nametype-P ] [date/offset-p ] [protocol-R ] [date/offset-S ] [key-t ] [type-v ] [level-V] [-y] {name}DESCRIPTION
+DESCRIPTION
TIMING OPTIONS
+TIMING OPTIONS
dnssec-keygen [-a ] [algorithm-b ] [keysize-n ] [nametype-3] [-A ] [date/offset-C] [-c ] [class-D ] [date/offset-E ] [engine-f ] [flag-G] [-g ] [generator-h] [-I ] [date/offset-i ] [interval-K ] [directory-L ] [ttl-k] [-P ] [date/offset-p ] [protocol-q] [-R ] [date/offset-r ] [randomdev-S ] [key-s ] [strength-t ] [type-v ] [level-V] [-z] {name}DESCRIPTION
+DESCRIPTION
OPTIONS
+OPTIONS
algorithmdnssec-revoke [-hr] [-v ] [level-V] [-K ] [directory-E ] [engine-f] [-R] {keyfile}DESCRIPTION
+DESCRIPTION
dnssec-settime [-f] [-K ] [directory-L ] [ttl-P ] [date/offset-A ] [date/offset-R ] [date/offset-I ] [date/offset-D ] [date/offset-h] [-V] [-v ] [level-E ] {keyfile}engineDESCRIPTION
+DESCRIPTION
-P, -A,
@@ -76,7 +76,7 @@
TIMING OPTIONS
+TIMING OPTIONS
PRINTING OPTIONS
+PRINTING OPTIONS
SEE ALSO
+SEE ALSO
dnssec-signzone [-a] [-c ] [class-d ] [directory-D] [-E ] [engine-e ] [end-time-f ] [output-file-g] [-h] [-K ] [directory-k ] [key-L ] [serial-l ] [domain-i ] [interval-I ] [input-format-j ] [jitter-N ] [soa-serial-format-o ] [origin-O ] [output-format-P] [-p] [-R] [-r ] [randomdev-S] [-s ] [start-time-T ] [ttl-t] [-u] [-v ] [level-V] [-X ] [extended end-time-x] [-z] [-3 ] [salt-H ] [iterations-A] {zonefile} [key...]DESCRIPTION
+DESCRIPTION
OPTIONS
+OPTIONS
dnssec-verify [-c ] [class-E ] [engine-I ] [input-format-o ] [origin-v ] [level-V] [-x] [-z] {zonefile}DESCRIPTION
+DESCRIPTION
genrandom [-n ] {numbersize} {filename}DESCRIPTION
+DESCRIPTION
host [-aCdlnrsTwv] [-c ] [class-N ] [ndots-R ] [number-t ] [type-W ] [wait-m ] [flag-4] [-6] [-v] [-V] {name} [server]DESCRIPTION
+DESCRIPTION
IDN SUPPORT
+IDN SUPPORT
SEE ALSO
+SEE ALSO
isc-hmac-fixup {algorithm} {secret}DESCRIPTION
+DESCRIPTION
SECURITY CONSIDERATIONS
+SECURITY CONSIDERATIONS
named-checkconf [-h] [-v] [-j] [-t ] {filename} [directory-p] [-x] [-z]DESCRIPTION
+DESCRIPTION
RETURN VALUES
+RETURN VALUES
named-compilezone [-d] [-j] [-q] [-v] [-c ] [class-C ] [mode-f ] [format-F ] [format-i ] [mode-k ] [mode-m ] [mode-n ] [mode-L ] [serial-r ] [mode-s ] [style-t ] [directory-T ] [mode-w ] [directory-D] [-W ] {mode-o } {zonename} {filename}filenameDESCRIPTION
+DESCRIPTION
OPTIONS
+OPTIONS
named-journalprint {journal}DESCRIPTION
+DESCRIPTION
nsec3hash {salt} {algorithm} {iterations} {domain}DESCRIPTION
+DESCRIPTION
FILES
+FILES
/etc/resolv.confrndc-confgen [-a] [-b ] [keysize-c ] [keyfile-h] [-k ] [keyname-p ] [port-r ] [randomfile-s ] [address-t ] [chrootdir-u ]userDESCRIPTION
+DESCRIPTION
rndc.conf DESCRIPTION
+DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -219,7 +219,7 @@