From 1e9517ea2156b990be21f44676d3370318eacf17 Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Wed, 27 Jul 2016 01:12:35 +0000 Subject: [PATCH] regen v9_11 --- bin/tools/named-nzd2nzf.8 | 2 +- bin/tools/named-nzd2nzf.html | 2 +- doc/arm/Bv9ARM.ch13.html | 20 ++ doc/arm/Bv9ARM.html | 20 ++ doc/arm/man.arpaname.html | 4 +- doc/arm/man.ddns-confgen.html | 6 +- doc/arm/man.delv.html | 12 +- doc/arm/man.dig.html | 9 +- doc/arm/man.dnssec-checkds.html | 6 +- doc/arm/man.dnssec-coverage.html | 6 +- doc/arm/man.dnssec-dsfromkey.html | 12 +- doc/arm/man.dnssec-importkey.html | 10 +- doc/arm/man.dnssec-keyfromlabel.html | 10 +- doc/arm/man.dnssec-keygen.html | 12 +- doc/arm/man.dnssec-revoke.html | 6 +- doc/arm/man.dnssec-settime.html | 10 +- doc/arm/man.dnssec-signzone.html | 8 +- doc/arm/man.dnssec-verify.html | 6 +- doc/arm/man.dnstap-read.html | 6 +- doc/arm/man.genrandom.html | 6 +- doc/arm/man.host.html | 19 +- doc/arm/man.isc-hmac-fixup.html | 6 +- doc/arm/man.lwresd.html | 8 +- doc/arm/man.mdig.html | 463 +++++++++++++++++++++++++++ doc/arm/man.named-checkconf.html | 8 +- doc/arm/man.named-checkzone.html | 8 +- doc/arm/man.named-journalprint.html | 12 +- doc/arm/man.named-nzd2nzf.html | 99 ++++++ doc/arm/man.named-rrchecker.html | 12 +- doc/arm/man.named.conf.html | 30 +- doc/arm/man.named.html | 12 +- doc/arm/man.nsec3hash.html | 16 +- doc/arm/man.nsupdate.html | 14 +- doc/arm/man.pkcs11-destroy.html | 120 +++++++ doc/arm/man.pkcs11-keygen.html | 144 +++++++++ doc/arm/man.pkcs11-list.html | 118 +++++++ doc/arm/man.pkcs11-tokens.html | 87 +++++ doc/arm/man.rndc-confgen.html | 8 +- doc/arm/man.rndc.conf.html | 8 +- doc/arm/man.rndc.html | 10 +- 40 files changed, 1226 insertions(+), 149 deletions(-) create mode 100644 doc/arm/man.mdig.html create mode 100644 doc/arm/man.named-nzd2nzf.html create mode 100644 doc/arm/man.pkcs11-destroy.html create mode 100644 doc/arm/man.pkcs11-keygen.html create mode 100644 doc/arm/man.pkcs11-list.html create mode 100644 doc/arm/man.pkcs11-tokens.html diff --git a/bin/tools/named-nzd2nzf.8 b/bin/tools/named-nzd2nzf.8 index 3d5ee0ec6e..a08b8fef64 100644 --- a/bin/tools/named-nzd2nzf.8 +++ b/bin/tools/named-nzd2nzf.8 @@ -56,7 +56,7 @@ file whose contents should be printed\&. .RE .SH "SEE ALSO" .PP -BIND 9 Administrator Reference Manual, +BIND 9 Administrator Reference Manual .SH "AUTHOR" .PP Internet Systems Consortium diff --git a/bin/tools/named-nzd2nzf.html b/bin/tools/named-nzd2nzf.html index 3ce654a7bf..71ec287a09 100644 --- a/bin/tools/named-nzd2nzf.html +++ b/bin/tools/named-nzd2nzf.html @@ -68,7 +68,7 @@

SEE ALSO

- BIND 9 Administrator Reference Manual, + BIND 9 Administrator Reference Manual

diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html index 6c3e0e14cb..f7a1f20732 100644 --- a/doc/arm/Bv9ARM.ch13.html +++ b/doc/arm/Bv9ARM.ch13.html @@ -42,6 +42,9 @@ dig — DNS lookup utility
+mdig — DNS pipelined lookup utility +
+
host — DNS lookup utility
@@ -96,6 +99,11 @@ named-journalprint — print zone journal in human-readable form
+named-nzd2nzf — + Convert an NZD database to NZF text format + +
+
named-rrchecker — syntax checker for individual DNS resource records
@@ -128,6 +136,18 @@
nsec3hash — generate NSEC3 hash
+
+pkcs11-destroy — destroy PKCS#11 objects +
+
+pkcs11-list — list PKCS#11 objects +
+
+pkcs11-keygen — generate keys on a PKCS#11 device +
+
+pkcs11-tokens — list PKCS#11 available tokens +
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 84058ad0f9..bd365dd6f0 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -284,6 +284,9 @@ dig — DNS lookup utility
+mdig — DNS pipelined lookup utility +
+
host — DNS lookup utility
@@ -338,6 +341,11 @@ named-journalprint — print zone journal in human-readable form
+named-nzd2nzf — + Convert an NZD database to NZF text format + +
+
named-rrchecker — syntax checker for individual DNS resource records
@@ -370,6 +378,18 @@
nsec3hash — generate NSEC3 hash
+
+pkcs11-destroy — destroy PKCS#11 objects +
+
+pkcs11-list — list PKCS#11 objects +
+
+pkcs11-keygen — generate keys on a PKCS#11 device +
+
+pkcs11-tokens — list PKCS#11 available tokens +
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 5fa8fe37c9..35e986be2a 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -40,14 +40,14 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 230644aa02..f3c6c8e920 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -41,7 +41,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]

-

DESCRIPTION

+

DESCRIPTION

tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use @@ -77,7 +77,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -149,7 +149,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index de0deb20b7..f3a18f259a 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -43,7 +43,7 @@

delv [queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

delv (Domain Entity Lookup & Validation) is a tool for sending DNS queries and validating the results, using the same internal @@ -86,7 +86,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of delv looks like:

@@ -141,7 +141,7 @@

-

OPTIONS

+

OPTIONS

-a anchor-file
@@ -275,7 +275,7 @@
-

QUERY OPTIONS

+

QUERY OPTIONS

delv provides a number of query options which affect the way results are displayed, and in some cases the way lookups are performed. @@ -467,12 +467,12 @@

-

FILES

+

FILES

/etc/bind.keys

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8), RFC4034, diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index 65c8fa45aa..84fbbb7041 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -13,7 +13,7 @@ - +

@@ -23,7 +23,7 @@ Prev  Manual pages - NextNext @@ -835,13 +835,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr Prev  UpNextNext Manual pages  Home - host + mdig +
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index 7e9f33e2cd..65ec6115e2 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -41,7 +41,7 @@

dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

-

DESCRIPTION

+

DESCRIPTION

dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified @@ -49,7 +49,7 @@

-

OPTIONS

+

OPTIONS

-f file

@@ -78,7 +78,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8), diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index 825da88c6e..1d3be3ad3c 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -40,7 +40,7 @@

dnssec-coverage [-K directory] [-l length] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [-k] [-z] [zone...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-coverage verifies that the DNSSEC keys for a given zone or a set of zones have timing metadata set properly to ensure no future lapses in DNSSEC @@ -68,7 +68,7 @@

-

OPTIONS

+

OPTIONS

-K directory

@@ -192,7 +192,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-checkds(8), dnssec-dsfromkey(8), diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index a06e726d72..f71668e642 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -42,14 +42,14 @@

dnssec-dsfromkey [-h] [-V]

-

DESCRIPTION

+

DESCRIPTION

dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).

-

OPTIONS

+

OPTIONS

-1

@@ -140,7 +140,7 @@

-

EXAMPLE

+

EXAMPLE

To build the SHA-256 DS RR from the Kexample.com.+003+26160 @@ -155,7 +155,7 @@

-

FILES

+

FILES

The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -169,13 +169,13 @@

-

CAVEAT

+

CAVEAT

A keyfile error can give a "file not found" even if the file exists.

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index d4d6e748c9..494ac3987f 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -41,7 +41,7 @@

dnssec-importkey {-f filename} [-K directory] [-L ttl] [-P date/offset] [-P sync date/offset] [-D date/offset] [-D sync date/offset] [-h] [-v level] [-V] [dnsname]

-

DESCRIPTION

+

DESCRIPTION

dnssec-importkey reads a public DNSKEY record and generates a pair of .key/.private files. The DNSKEY record may be read from an @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-f filename
@@ -104,7 +104,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -142,7 +142,7 @@

-

FILES

+

FILES

A keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -151,7 +151,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 9c55b912dc..bd296c659a 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -40,7 +40,7 @@

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-D sync date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-P sync date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-V] [-y] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keyfromlabel generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key @@ -56,7 +56,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -233,7 +233,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -315,7 +315,7 @@

-

GENERATED KEY FILES

+

GENERATED KEY FILES

When dnssec-keyfromlabel completes successfully, @@ -354,7 +354,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 91feb60cb8..51c9d274e6 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -40,7 +40,7 @@

dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-D sync date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-k] [-L ttl] [-P date/offset] [-P sync date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-V] [-v level] [-z] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -54,7 +54,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -277,7 +277,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -361,7 +361,7 @@

-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, @@ -407,7 +407,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -428,7 +428,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 2539, diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index c99ab68cda..31e97bbb68 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -40,7 +40,7 @@

dnssec-revoke [-hr] [-v level] [-V] [-K directory] [-E engine] [-f] [-R] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -48,7 +48,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -99,7 +99,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011. diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index aebd9fb0f4..4176e2413a 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -40,7 +40,7 @@

dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-P sync date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-D sync date/offset] [-h] [-V] [-v level] [-E engine] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-settime reads a DNSSEC private key file and sets the key timing metadata as specified by the -P, -A, @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-f

@@ -123,7 +123,7 @@

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -212,7 +212,7 @@

-

PRINTING OPTIONS

+

PRINTING OPTIONS

dnssec-settime can also be used to print the timing metadata associated with a key. @@ -241,7 +241,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 4a65d8e83d..a2531b92bc 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -40,7 +40,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-M domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-Q] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-V] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -51,7 +51,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -502,7 +502,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated by dnssec-keygen @@ -532,7 +532,7 @@ db.example.com.signed %

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 4033, RFC 4641. diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 3b8bdccba6..ae8d51aa47 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -40,7 +40,7 @@

dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-V] [-x] [-z] {zonefile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -48,7 +48,7 @@

-

OPTIONS

+

OPTIONS

-c class

@@ -128,7 +128,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index 96dfad2b35..c7deedb1dd 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -40,7 +40,7 @@

dnstap-read [-m] [-p] [-y] {file}

-

DESCRIPTION

+

DESCRIPTION

dnstap-read reads dnstap data from a specified file @@ -51,7 +51,7 @@

-

OPTIONS

+

OPTIONS

-m

@@ -71,7 +71,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), nsupdate(8), diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 24980bcbd2..da7a7feef1 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -40,7 +40,7 @@

genrandom [-n number] {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file or a set of files containing a specified quantity @@ -49,7 +49,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number

@@ -67,7 +67,7 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3) diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index ce074f5b91..95ab32a147 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ host -Prev  +Prev  Manual pages  Next @@ -40,7 +40,7 @@

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] [-v] [-V] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -62,7 +62,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -240,7 +240,7 @@

-

IDN SUPPORT

+

IDN SUPPORT

If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -254,12 +254,12 @@

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8).

@@ -270,13 +270,14 @@ +Prev  - + diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 405f932c24..2b374c7973 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -40,7 +40,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -66,7 +66,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -77,7 +77,7 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104. diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html index 479d0f2c52..e277299b71 100644 --- a/doc/arm/man.lwresd.html +++ b/doc/arm/man.lwresd.html @@ -40,7 +40,7 @@

lwresd [-c config-file] [-C config-file] [-d debug-level] [-f] [-g] [-i pid-file] [-m flag] [-n #cpus] [-P port] [-p port] [-s] [-t directory] [-u user] [-v] [-4] [-6]

-

DESCRIPTION

+

DESCRIPTION

lwresd is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -75,7 +75,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -205,7 +205,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -218,7 +218,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), lwres(3), resolver(5). diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html new file mode 100644 index 0000000000..2ad94f4127 --- /dev/null +++ b/doc/arm/man.mdig.html @@ -0,0 +1,463 @@ + + + + +mdig + + + + + + + +

+
-Prev  Up  Next
dig  +mdig  Home  delv
+ + + + + + +
mdig
+Prev Manual pages Next +
+
+
+
+
+
+

Name

+

mdig — DNS pipelined lookup utility

+
+
+

Synopsis

+

mdig {@server} [-f filename] [-h] [-v] [-4] [-6] [-b address] [-p port#] [-c class] [-t type] [-i] [-x addr] [plusopt...]

+

mdig {-h}

+

mdig [@server] {global-opt...} { + {local-opt...} + {query} + ...}

+
+
+

DESCRIPTION

+

mdig + is a multiple/pipelined query version of dig: + instead of waiting for a response after sending each query, + it begins by sending all queries. Responses are displayed in + the order in which they are received, not in the order the + corresponding queries were sent. +

+

+ mdig options are a subset of the + dig options, and are divided into "anywhere + options" which can occur anywhere, "global options" which must + occur before the query name (or they are ignored with a warning), + and "local options" which apply to the next query on the command + line. +

+

+ The {@server} option is a mandatory global + option. It is the name or IP address of the name server to query. + (Unlike dig, this value is not retrieved from + /etc/resolv.conf.) It can be an IPv4 address + in dotted-decimal notation, an IPv6 address in colon-delimited + notation, or a hostname. When the supplied + server argument is a hostname, + mdig resolves that name before querying + the name server. +

+

mdig + provides a number of query options which affect + the way in which lookups are made and the results displayed. Some of + these set or reset flag bits in the query header, some determine which + sections of the answer get printed, and others determine the timeout + and retry strategies. +

+

+ Each query option is identified by a keyword preceded by a plus + sign (+). Some keywords set or reset an + option. These may be preceded by the string no + to negate the meaning of that keyword. Other keywords assign + values to options like the timeout interval. They have the + form +keyword=value. +

+
+
+

ANYWHERE OPTIONS

+

+ The -f option makes mdig + operate in batch mode by reading a list of lookup requests to + process from the file filename. The file + contains a number of queries, one per line. Each entry in the + file should be organized in the same way they would be presented + as queries to mdig using the command-line interface. +

+

+ The -h causes mdig to + print the detailed help with the full list of options and exit. +

+

+ The -v causes mdig to + print the version number and exit. +

+
+
+

GLOBAL OPTIONS

+

+ The -4 option forces mdig to + only use IPv4 query transport. +

+

+ The -6 option forces mdig to + only use IPv6 query transport. +

+

+ The -b option sets the source IP address of the + query to address. This must be a valid + address on one of the host's network interfaces or "0.0.0.0" or + "::". An optional port may be specified by appending + "#<port>" +

+

+ The -p option is used when a non-standard port + number is to be queried. + port# is the port number + that mdig will send its queries instead of + the standard DNS port number 53. This option would be used to + test a name server that has been configured to listen for + queries on a non-standard port number. +

+

+ The global query options are: +

+
+
+[no]additional
+

+ Display [do not display] the additional section of a + reply. The default is to display it. +

+
+[no]all
+

+ Set or clear all display flags. +

+
+[no]answer
+

+ Display [do not display] the answer section of a + reply. The default is to display it. +

+
+[no]authority
+

+ Display [do not display] the authority section of a + reply. The default is to display it. +

+
+[no]besteffort
+

+ Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. +

+
+[no]cl
+

+ Display [do not display] the CLASS when printing the + record. +

+
+[no]comments
+

+ Toggle the display of comment lines in the output. + The default is to print comments. +

+
+[no]crypto
+

+ Toggle the display of cryptographic fields in DNSSEC + records. The contents of these field are unnecessary + to debug most DNSSEC validation failures and removing + them makes it easier to see the common failures. The + default is to display the fields. When omitted they + are replaced by the string "[omitted]" or in the + DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". +

+
+dscp[=value]
+

+ Set the DSCP code point to be used when sending the + query. Valid DSCP code points are in the range + [0..63]. By default no code point is explicitly set. +

+
+[no]multiline
+

+ Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the mdig + output. +

+
+[no]question
+

+ Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. +

+
+[no]rrcomments
+

+ Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. +

+
+[no]short
+

+ Provide a terse answer. The default is to print the + answer in a verbose form. +

+
+split=W
+

+ Split long hex- or base64-formatted fields in resource + records into chunks of W + characters (where W is rounded + up to the nearest multiple of 4). + +nosplit or + +split=0 causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. +

+
+[no]tcp
+

+ Use [do not use] TCP when querying name servers. The + default behavior is to use UDP. +

+
+[no]ttlid
+

+ Display [do not display] the TTL when printing the + record. +

+
+[no]ttlunits
+

+ Display [do not display] the TTL in friendly human-readable + time units of "s", "m", "h", "d", and "w", representing + seconds, minutes, hours, days and weeks. Implies +ttlid. +

+
+[no]vc
+

+ Use [do not use] TCP when querying name servers. This + alternate syntax to +[no]tcp + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". +

+
+

+ +

+
+
+

LOCAL OPTIONS

+

+ The -c option sets the query class to + class. It can be any valid query class + which is supported in BIND 9. The default query class is "IN". +

+

+ The -t option sets the query type to + type. It can be any valid query type + which is supported in BIND 9. The default query type is "A", + unless the -x option is supplied to indicate + a reverse lookup with the "PTR" query type. +

+

+ The -i option sets the reverse domain for + IPv6 addresses to IP6.INT. +

+

+ Reverse lookups — mapping addresses to names — are + simplified by the -x option. + addr is an IPv4 + address in dotted-decimal notation, or a colon-delimited IPv6 address. + mdig automatically performs a lookup for a + query name like 11.12.13.10.in-addr.arpa and + sets the query type and class to PTR and IN respectively. + By default, IPv6 addresses are looked up using nibble format + under the IP6.ARPA domain. To use the older RFC1886 method + using the IP6.INT domain specify the -i option. +

+

+ The local query options are: +

+
+
+[no]aaflag
+

+ A synonym for +[no]aaonly. +

+
+[no]aaonly
+

+ Sets the "aa" flag in the query. +

+
+[no]adflag
+

+ Set [do not set] the AD (authentic data) bit in the + query. This requests the server to return whether + all of the answer and authority sections have all + been validated as secure according to the security + policy of the server. AD=1 indicates that all records + have been validated as secure and the answer is not + from a OPT-OUT range. AD=0 indicate that some part + of the answer was insecure or not validated. This + bit is set by default. +

+
+bufsize=B
+

+ Set the UDP message buffer size advertised using EDNS0 + to B bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. +

+
+[no]cdflag
+

+ Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. +

+
+[no]cookie[=####]
+

+ Send a COOKIE EDNS option, with optional value. + Replaying a COOKIE from a previous response will allow + the server to identify a previous client. The default + is +nocookie. +

+
+[no]dnssec
+

+ Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. +

+
+[no]edns[=#]
+

+ Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. +noedns + clears the remembered EDNS version. EDNS is set to + 0 by default. +

+
+[no]ednsflags[=#]
+

+ Set the must-be-zero EDNS flags bits (Z bits) to the + specified value. Decimal, hex and octal encodings are + accepted. Setting a named flag (e.g. DO) will silently be + ignored. By default, no Z bits are set. +

+
+[no]ednsopt[=code[:value]]
+

+ Specify EDNS option with code point code + and optionally payload of value as a + hexadecimal string. +noednsopt + clears the EDNS options to be sent. +

+
+[no]expire
+

+ Send an EDNS Expire option. +

+
+[no]nsid
+

+ Include an EDNS name server ID request when sending + a query. +

+
+[no]recurse
+

+ Toggle the setting of the RD (recursion desired) bit + in the query. This bit is set by default, which means + mdig normally sends recursive + queries. +

+
+retry=T
+

+ Sets the number of times to retry UDP queries to + server to T instead of the + default, 2. Unlike +tries, + this does not include the initial query. +

+
+[no]subnet=addr[/prefix-length]
+
+

+ Send (don't send) an EDNS Client Subnet option with the + specified IP address or network prefix. +

+

+ mdig +subnet=0.0.0.0/0, or simply + mdig +subnet=0 for short, sends an EDNS + client-subnet option with an empty address and a source + prefix-length of zero, which signals a resolver that + the client's address information must + not be used when resolving + this query. +

+
+
+timeout=T
+

+ Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds for UDP transport and 10 for TCP. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied. +

+
+tries=T
+

+ Sets the number of times to try UDP queries to server + to T instead of the default, + 3. If T is less than or equal + to zero, the number of tries is silently rounded up + to 1. +

+
+udptimeout=T
+

+ Sets the timeout between UDP query retries. +

+
+[no]unknownformat
+

+ Print all RDATA in unknown RR type presentation format + (RFC 3597). The default is to print RDATA for known types + in the type's presentation format. +

+
+[no]zflag
+

+ Set [do not set] the last unassigned DNS header flag in a + DNS query. This flag is off by default. +

+
+

+ +

+
+
+

SEE ALSO

+

dig(1), + RFC1035. +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up Next +
dig Home host
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 2e8662fb18..da772d2b00 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -40,7 +40,7 @@

named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -60,7 +60,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -109,14 +109,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkzone(8), BIND 9 Administrator Reference Manual. diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index e6acd70359..713e945fb9 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -41,7 +41,7 @@

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-l ttl] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -295,14 +295,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkconf(8), RFC 1035, diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 9fe2b0b555..7d81d65515 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -13,7 +13,7 @@ - +

@@ -23,7 +23,7 @@ Prev  Manual pages - NextNext @@ -40,7 +40,7 @@

named-journalprint {journal}

-

DESCRIPTION

+

DESCRIPTION

named-journalprint prints the contents of a zone journal file in a human-readable @@ -66,7 +66,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), nsupdate(8), @@ -81,14 +81,14 @@ Prev  UpNextNext named-checkzone  Homenamed-rrcheckernamed-nzd2nzf diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html new file mode 100644 index 0000000000..a38de1668a --- /dev/null +++ b/doc/arm/man.named-nzd2nzf.html @@ -0,0 +1,99 @@ + + + + +named-nzd2nzf + + + + + + + +

+ + + + + + + +
named-nzd2nzf
+Prev Manual pages Next +
+
+
+
+
+
+

Name

+

named-nzd2nzf — + Convert an NZD database to NZF text format +

+
+
+

Synopsis

+

named-nzd2nzf {filename}

+
+
+

DESCRIPTION

+

+ named-nzd2nzf converts an NZD database to NZF + format and prints it to standard output. This can be used to + review the configuration of zones that were added to + named via rndc addzone. + It can also be used to restore the old file format + when rolling back from a newer version + of BIND to an older version. +

+
+
+

ARGUMENTS

+
+
filename
+

+ The name of the .nzd file whose contents + should be printed. +

+
+
+
+

SEE ALSO

+

+ BIND 9 Administrator Reference Manual +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up Next +
+named-journalprint Home named-rrchecker +
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index 4f629be4a3..df4ed90052 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -12,7 +12,7 @@ - + @@ -21,7 +21,7 @@ named-rrchecker -Prev  +Prev  Manual pages  Next @@ -40,7 +40,7 @@

named-rrchecker [-h] [-o origin] [-p] [-u] [-C] [-T] [-P]

-

DESCRIPTION

+

DESCRIPTION

named-rrchecker read a individual DNS resource record from standard input and checks if it is syntactically correct. @@ -68,7 +68,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1034, RFC 1035, @@ -81,14 +81,14 @@ +Prev  +named-nzd2nzf  diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index f24b0b14cb..4efaaa945c 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -40,7 +40,7 @@

named.conf

-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for named. Statements are enclosed @@ -59,14 +59,14 @@

-

ACL

+

ACL


acl string { address_match_element; ... };

-

KEY

+

KEY


key domain_name {
algorithm string;
@@ -75,7 +75,7 @@ key

-

MASTERS

+

MASTERS


masters string [ port integer ] {
masters | ipv4_address [port integer] |
@@ -84,7 +84,7 @@ masters

-

SERVER

+

SERVER


server ( ipv4_address[/prefixlen] | ipv6_address[/prefixlen] ) {
bogus boolean;
@@ -107,7 +107,7 @@ server

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys {
domain_name flags protocol algorithm key; ...
@@ -115,7 +115,7 @@ trusted-keys

-

MANAGED-KEYS

+

MANAGED-KEYS


managed-keys {
domain_name initial-key flags protocol algorithm key; ...
@@ -123,7 +123,7 @@ managed-keys

-

CONTROLS

+

CONTROLS


controls {
inet ( ipv4_address | ipv6_address | * )
@@ -135,7 +135,7 @@ controls

-

LOGGING

+

LOGGING


logging {
channel string {
@@ -153,7 +153,7 @@ logging

-

LWRES

+

LWRES


lwres {
listen-on [ port integer ] {
@@ -168,7 +168,7 @@ lwres

-

OPTIONS

+

OPTIONS


options {
avoid-v4-udp-ports { port; ... };
@@ -395,7 +395,7 @@ options

-

VIEW

+

VIEW


view string optional_class {
match-clients { address_match_element; ... };
@@ -565,7 +565,7 @@ view

-

ZONE

+

ZONE


zone string optional_class {
type ( master | slave | stub | hint | redirect |
@@ -662,12 +662,12 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

named(8), named-checkconf(8), rndc(8), diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 250922f069..14facbb0d5 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -40,7 +40,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-L logfile] [-M option] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-X lock-file] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -55,7 +55,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -292,7 +292,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -313,7 +313,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is provided @@ -330,7 +330,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -343,7 +343,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index ab9157d5a9..b020277531 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -13,6 +13,7 @@ +

@@ -22,7 +23,8 @@
- +
-Prev  Up  Next
-named-journalprint  Home  nsupdate Prev  Manual pages  Next +

@@ -38,7 +40,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -46,7 +48,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -70,7 +72,7 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155. @@ -84,13 +86,15 @@ Prev  Up -  + Next + isc-hmac-fixup  Home -  + pkcs11-destroy +

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index fb90f370f5..1fa8c2af9d 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -40,7 +40,7 @@

nsupdate [-d] [-D] [-L level] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -98,7 +98,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -232,7 +232,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -545,7 +545,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -599,7 +599,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -622,7 +622,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -637,7 +637,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html new file mode 100644 index 0000000000..d0e47202c9 --- /dev/null +++ b/doc/arm/man.pkcs11-destroy.html @@ -0,0 +1,120 @@ + + + + +pkcs11-destroy + + + + + + + +

+ + + + + + + +
pkcs11-destroy
+Prev Manual pages Next +
+
+
+
+
+
+

Name

+

pkcs11-destroy — destroy PKCS#11 objects

+
+
+

Synopsis

+

pkcs11-destroy [-m module] [-s slot] { -i ID | -l label } [-p PIN] [-w seconds]

+
+
+

DESCRIPTION

+

+ pkcs11-destroy destroys keys stored in a + PKCS#11 device, identified by their ID or + label. +

+

+ Matching keys are displayed before being destroyed. By default, + there is a five second delay to allow the user to interrupt the + process before the destruction takes place. +

+
+
+

ARGUMENTS

+
+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
-i ID
+

+ Destroy keys with the given object ID. +

+
-l label
+

+ Destroy keys with the given label. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on the + command line, pkcs11-destroy will prompt for it. +

+
-w seconds
+

+ Specify how long to pause before carrying out key destruction. + The default is five seconds. If set to 0, + destruction will be immediate. +

+
+
+
+

SEE ALSO

+

+ pkcs11-keygen(8), + pkcs11-list(8), + pkcs11-tokens(8) +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up Next +
+nsec3hash Home pkcs11-list +
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html new file mode 100644 index 0000000000..696f57026b --- /dev/null +++ b/doc/arm/man.pkcs11-keygen.html @@ -0,0 +1,144 @@ + + + + +pkcs11-keygen + + + + + + + +
+ + + + + + + +
pkcs11-keygen
+Prev Manual pages Next +
+
+
+
+
+
+

Name

+

pkcs11-keygen — generate keys on a PKCS#11 device

+
+
+

Synopsis

+

pkcs11-keygen {-a algorithm} [-b keysize] [-e] [-i id] [-m module] [-P] [-p PIN] [-q] [-S] [-s slot] {label}

+
+
+

DESCRIPTION

+

+ pkcs11-keygen causes a PKCS#11 device to generate + a new key pair with the given label (which must be + unique) and with keysize bits of prime. +

+
+
+

ARGUMENTS

+
+
-a algorithm
+

+ Specify the key algorithm class: Supported classes are RSA, + DSA, DH, and ECC. In addition to these strings, the + algorithm can be specified as a DNSSEC + signing algorithm that will be used with this key; for + example, NSEC3RSASHA1 maps to RSA, and ECDSAP256SHA256 maps + to ECC. The default class is "RSA". +

+
-b keysize
+

+ Create the key pair with keysize bits of + prime. For ECC keys, the only valid values are 256 and 384, + and the default is 256. +

+
-e
+

+ For RSA keys only, use a large exponent. +

+
-i id
+

+ Create key objects with id. The id is either + an unsigned short 2 byte or an unsigned long 4 byte number. +

+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-P
+

+ Set the new private key to be non-sensitive and extractable. + The allows the private key data to be read from the PKCS#11 + device. The default is for private keys to be sensitive and + non-extractable. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on + the command line, pkcs11-keygen will + prompt for it. +

+
-q
+

+ Quiet mode: suppress unnecessary output. +

+
-S
+

+ For Diffie-Hellman (DH) keys only, use a special prime of + 768, 1024 or 1536 bit size and base (aka generator) 2. + If not specified, bit size will default to 1024. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
+
+
+

SEE ALSO

+

+ pkcs11-destroy(8), + pkcs11-list(8), + pkcs11-tokens(8), + dnssec-keyfromlabel(8) +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up Next +
+pkcs11-list Home pkcs11-tokens +
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html new file mode 100644 index 0000000000..65859a1a2d --- /dev/null +++ b/doc/arm/man.pkcs11-list.html @@ -0,0 +1,118 @@ + + + + +pkcs11-list + + + + + + + +
+ + + + + + + +
pkcs11-list
+Prev Manual pages Next +
+
+
+
+
+
+

Name

+

pkcs11-list — list PKCS#11 objects

+
+
+

Synopsis

+

pkcs11-list [-P] [-m module] [-s slot] [-i ID] [-l label] [-p PIN]

+
+
+

DESCRIPTION

+

+ pkcs11-list + lists the PKCS#11 objects with ID or + label or by default all objects. + The object class, label, and ID are displayed for all + keys. For private or secret keys, the extractability + attribute is also displayed, as either true, + false, or never. +

+
+
+

ARGUMENTS

+
+
-P
+

+ List only the public objects. (Note that on some PKCS#11 + devices, all objects are private.) +

+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
-s slot
+

+ Open the session with the given PKCS#11 slot. The default is + slot 0. +

+
-i ID
+

+ List only key objects with the given object ID. +

+
-l label
+

+ List only key objects with the given label. +

+
-p PIN
+

+ Specify the PIN for the device. If no PIN is provided on the + command line, pkcs11-list will prompt for it. +

+
+
+
+

SEE ALSO

+

+ pkcs11-destroy(8), + pkcs11-keygen(8), + pkcs11-tokens(8) +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up Next +
+pkcs11-destroy Home pkcs11-keygen +
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html new file mode 100644 index 0000000000..4a085046d1 --- /dev/null +++ b/doc/arm/man.pkcs11-tokens.html @@ -0,0 +1,87 @@ + + + + +pkcs11-tokens + + + + + + +
+ + + + + + + +
pkcs11-tokens
+Prev Manual pages 
+
+
+
+
+
+

Name

+

pkcs11-tokens — list PKCS#11 available tokens

+
+
+

Synopsis

+

pkcs11-tokens [-m module]

+
+
+

DESCRIPTION

+

+ pkcs11-tokens + lists the PKCS#11 available tokens with defaults from the slot/token + scan performed at application initialization. +

+
+
+

ARGUMENTS

+
+
-m module
+

+ Specify the PKCS#11 provider module. This must be the full + path to a shared library object implementing the PKCS#11 API + for the device. +

+
+
+
+

SEE ALSO

+

+ pkcs11-destroy(8), + pkcs11-keygen(8), + pkcs11-list(8) +

+
+
+
+
+ + + + + + + + + + + +
+Prev Up 
+pkcs11-keygen Home 
+
+

BIND 9.11.0b3

+ + diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 0dd6aa658b..8899d2aec4 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -40,7 +40,7 @@

rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -56,7 +56,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -170,7 +170,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -187,7 +187,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 9fd42e97dd..256d3d5fa9 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -40,7 +40,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -126,7 +126,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -200,7 +200,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -210,7 +210,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 718689caf0..b97e325712 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -40,7 +40,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-r] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -71,7 +71,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -148,7 +148,7 @@

-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can be seen by running rndc without arguments. @@ -746,7 +746,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -756,7 +756,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8),