diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8
index 6397b888f2..76448d4bad 100644
--- a/bin/dnssec/dnssec-revoke.8
+++ b/bin/dnssec/dnssec-revoke.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-revoke.8,v 1.9 2010/05/19 01:14:14 tbox Exp $
+.\" $Id: dnssec-revoke.8,v 1.10 2011/10/21 01:14:50 tbox Exp $
.\"
.hy 0
.ad l
@@ -32,7 +32,7 @@
dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
.SH "SYNOPSIS"
.HP 14
-\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] {keyfile}
+\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-revoke\fR
@@ -70,6 +70,11 @@ Force overwrite: Causes
\fBdnssec\-revoke\fR
to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
.RE
+.PP
+\-R
+.RS 4
+Print the key tag of the key with the REVOKE bit set but do not revoke the key.
+.RE
.SH "SEE ALSO"
.PP
\fBdnssec\-keygen\fR(8),
@@ -79,5 +84,5 @@ RFC 5011.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html
index bfb896e87f..1667808b6a 100644
--- a/bin/dnssec/dnssec-revoke.html
+++ b/bin/dnssec/dnssec-revoke.html
@@ -1,5 +1,5 @@
-
+
@@ -28,10 +28,10 @@
Synopsis
-
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}
+
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -39,7 +39,7 @@
-
OPTIONS
+
OPTIONS
- -h
@@ -69,17 +69,22 @@
write the new key pair even if a file already exists matching
the algorithm and key ID of the revoked key.
- -R
+
+ Print the key tag of the key with the REVOKE bit set but do
+ not revoke the key.
+
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
ddns-confgen [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name | -z zone ] [-q] [name]
-
DESCRIPTION
+
DESCRIPTION
ddns-confgen
generates a key for use by nsupdate
and named. It simplifies configuration
@@ -77,7 +77,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
@@ -144,7 +144,7 @@
-
SEE ALSO
+
SEE ALSO
nsupdate(1),
named.conf(5),
named(8),
@@ -152,7 +152,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
Synopsis
-
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}
+
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
-
OPTIONS
+
OPTIONS
- -h
@@ -88,17 +88,22 @@
write the new key pair even if a file already exists matching
the algorithm and key ID of the revoked key.
- -R
+
+ Print the key tag of the key with the REVOKE bit set but do
+ not revoke the key.
+
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the -P, -A,
@@ -75,7 +75,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -196,7 +196,7 @@
-
PRINTING OPTIONS
+
PRINTING OPTIONS
dnssec-settime can also be used to print the
timing metadata associated with a key.
@@ -222,7 +222,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -230,7 +230,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
-
DESCRIPTION
+
DESCRIPTION
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
-
EXAMPLE
+
EXAMPLE
The following command signs the example.com
zone with the DSA key generated by dnssec-keygen
@@ -478,14 +478,14 @@ db.example.com.signed
%
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 4033.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
genrandom [-n number] {size} {filename}
-
DESCRIPTION
+
DESCRIPTION
genrandom
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
-
ARGUMENTS
+
ARGUMENTS
- -n
number
@@ -77,14 +77,14 @@
-
SEE ALSO
+
SEE ALSO
rand(3),
arc4random(3)
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
isc-hmac-fixup {algorithm} {secret}
-
DESCRIPTION
+
DESCRIPTION
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
-
SECURITY CONSIDERATIONS
+
SECURITY CONSIDERATIONS
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 2104.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]
-
DESCRIPTION
+
DESCRIPTION
named-checkconf
checks the syntax, but not the semantics, of a
named configuration file. The file is parsed
@@ -70,7 +70,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkzone(8),
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-r mode] [-s style] [-t directory] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}
-
DESCRIPTION
+
DESCRIPTION
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkconf(8),
RFC 1035,
@@ -280,7 +280,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-journalprint {journal}
-
DESCRIPTION
+
DESCRIPTION
named-journalprint
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
-
SEE ALSO
+
SEE ALSO
named(8),
nsupdate(8),
@@ -84,7 +84,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]
-
DESCRIPTION
+
DESCRIPTION
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
-
SIGNALS
+
SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -267,7 +267,7 @@
-
CONFIGURATION
+
CONFIGURATION
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -284,7 +284,7 @@
-
FILES
+
FILES
/etc/named.conf
@@ -297,7 +297,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 1033,
RFC 1034,
RFC 1035,
@@ -310,7 +310,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsec3hash {salt} {algorithm} {iterations} {domain}
-
DESCRIPTION
+
DESCRIPTION
nsec3hash generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 5155.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]
-
DESCRIPTION
+
DESCRIPTION
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -210,7 +210,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -498,7 +498,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -552,7 +552,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -575,7 +575,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -590,7 +590,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index bf7ef3daf7..6d1901dbd0 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-
DESCRIPTION
+
DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
-
EXAMPLES
+
EXAMPLES
To allow rndc to be used with
no manual configuration, run
@@ -190,7 +190,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
@@ -198,7 +198,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
-
EXAMPLE
+
EXAMPLE
options {
default-server localhost;
@@ -209,7 +209,7 @@
-
NAME SERVER CONFIGURATION
+
NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc-confgen(8),
mmencode(1),
@@ -227,7 +227,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}
-
DESCRIPTION
+
DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -79,7 +79,7 @@
-
OPTIONS
+
OPTIONS
- -b
source-address
@@ -151,7 +151,7 @@
-
LIMITATIONS
+
LIMITATIONS
rndc
does not yet support all the commands of
the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
-
SEE ALSO
+
SEE ALSO
rndc.conf(5),
rndc-confgen(8),
named(8),
@@ -175,7 +175,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium