upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 03:19:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

regen master

Browse source
This commit is contained in:
Tinderbox User 2016-04-30 01:05:59 +00:00
parent 21635968f7
commit 3241ddcf93
6 changed files with 589 additions and 425 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

264
bin/dig/host.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
@ -65,59 +65,74 @@ is an optional argument which is either the name or IP address of the name serve
\fBhost\fR
should query instead of the server or servers listed in
/etc/resolv\&.conf\&.
.SH "OPTIONS"
.PP
The
\-4
.RS 4
Use IPv4 only for query transport\&. See also the
\fB\-6\fR
option\&.
.RE
.PP
\-6
.RS 4
Use IPv6 only for query transport\&. See also the
\fB\-4\fR
option\&.
.RE
.PP
\-a
.RS 4
"All"\&. The
\fB\-a\fR
(all) option is equivalent to setting the
\fB\-v\fR
option and asking
\fBhost\fR
to make a query of type ANY\&.
option is normally equivalent to
\fB\-v\fR\fB\-t\fRANY\&. It also affects the behaviour of the
\fB\-l\fR
list zone option\&.
.RE
.PP
When the
\fB\-C\fR
option is used,
\-c \fIclass\fR
.RS 4
Query class: This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&.
.RE
.PP
\-C
.RS 4
Check consistency:
\fBhost\fR
will attempt to display the SOA records for zone
will query the SOA records for zone
\fIname\fR
from all the listed authoritative name servers for that zone\&. The list of name servers is defined by the NS records that are found for the zone\&.
.RE
.PP
The
\fB\-c\fR
option instructs to make a DNS query of class
\fIclass\fR\&. This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&.
.PP
Verbose output is generated by
\fBhost\fR
when the
\fB\-d\fR
or
\-d
.RS 4
Print debugging traces\&. Equivalent to the
\fB\-v\fR
option is used\&. The two options are equivalent\&. They have been provided for backwards compatibility\&. In previous versions, the
\fB\-d\fR
option switched on debugging traces and
\fB\-v\fR
enabled verbose output\&. Verbose output can also be enabled by setting the
\fIdebug\fR
option in
/etc/resolv\&.conf\&.
verbose option\&.
.RE
.PP
List mode is selected by the
\fB\-l\fR
option\&. This makes
\-i
.RS 4
Obsolete\&. Use the IP6\&.INT domain for reverse lookups of IPv6 addresses as defined in RFC1886 and deprecated in RFC4159\&. The default is to use IP6\&.ARPA as specified in RFC3596\&.
.RE
.PP
\-l
.RS 4
List zone: The
\fBhost\fR
perform a zone transfer for zone
\fIname\fR\&. Transfer the zone printing out the NS, PTR and address records (A/AAAA)\&. If combined with
\fB\-a\fR
all records will be printed\&.
performs a zone transfer of zone
\fIname\fR
and prints out the NS, PTR and address records (A/AAAA)\&.
.sp
Together, the
\fB\-l\fR\fB\-a\fR
options print all records in the zone\&.
.RE
.PP
The
\fB\-i\fR
option specifies that reverse lookups of IPv6 addresses should use the IP6\&.INT domain as defined in RFC1886\&. The default is to use IP6\&.ARPA\&.
.PP
The
\fB\-N\fR
option sets the number of dots that have to be in
\-N \fIndots\fR
.RS 4
The number of dots that have to be in
\fIname\fR
for it to be considered absolute\&. The default value is that defined using the ndots statement in
/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
@ -126,105 +141,116 @@ or
\fBdomain\fR
directive in
/etc/resolv\&.conf\&.
.RE
.PP
The number of UDP retries for a lookup can be changed with the
\fB\-R\fR
option\&.
\fInumber\fR
indicates how many times
\-r
.RS 4
Non\-recursive query: Setting this option clears the
\fBRD\fR
\(em recursion desired \(em bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
\fIname\fR\&. The
\fB\-r\fR
option enables
\fBhost\fR
will repeat a query that does not get answered\&. If
to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that can be referrals to other name servers\&.
.RE
.PP
\-R \fInumber\fR
.RS 4
Number of retries for UDP queries: If
\fInumber\fR
is negative or zero, the number of retries will default to 1\&. The default value is 1, or the value of the
\fIattempts\fR
option in
/etc/resolv\&.conf, if set\&.
.RE
.PP
Non\-recursive queries can be made via the
\fB\-r\fR
option\&. Setting this option clears the
\fBRD\fR
\(em recursion desired \(em bit in the query which
\fBhost\fR
makes\&. This should mean that the name server receiving the query will not attempt to resolve
\fIname\fR\&. The
\fB\-r\fR
option enables
\fBhost\fR
to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers\&.
\-s
.RS 4
Do
\fInot\fR
send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior\&.
.RE
.PP
By default,
\-t \fItype\fR
.RS 4
Query type: the
\fItype\fR
argument can be any recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc\&.
.sp
When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type\&. By default, it looks for A, AAAA, and MX records\&. If the
\fB\-C\fR
option is given, queries will be made for SOA records\&. If
\fIname\fR
is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
\fBhost\fR
will query for PTR records\&.
.sp
If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&.
\fB\-t\fRIXFR=12345678)\&.
.RE
.PP
\-T
.RS 4
TCP: By default,
\fBhost\fR
uses UDP when making queries\&. The
\fB\-T\fR
option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&.
.RE
.PP
The
\fB\-4\fR
option forces
\fBhost\fR
to only use IPv4 query transport\&. The
\fB\-6\fR
option forces
\fBhost\fR
to only use IPv6 query transport\&.
\-m \fIflag\fR
.RS 4
Memory usage debugging: the flag can be
\fIrecord\fR,
\fIusage\fR, or
\fItrace\fR\&. You can specify the
\fB\-m\fR
option more than once to set multiple flags\&.
.RE
.PP
The
\fB\-t\fR
option is used to select the query type\&.
\fItype\fR
can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc\&. When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type\&. By default, it looks for A, AAAA, and MX records, but if the
\fB\-C\fR
option was given, queries will be made for SOA records, and if
\fIname\fR
is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
\fBhost\fR
will query for PTR records\&. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&. \-t IXFR=12345678)\&.
\-v
.RS 4
Verbose output\&. Equivalent to the
\fB\-d\fR
debug option\&. Verbose output can also be enabled by setting the
\fIdebug\fR
option in/etc/resolv\&.conf\&.
.RE
.PP
The time to wait for a reply can be controlled through the
\-V
.RS 4
Print the version number and exit\&.
.RE
.PP
\-w
.RS 4
Wait forever: the query timeout is set to the maximum possible\&. See also the
\fB\-W\fR
and
\fB\-w\fR
options\&. The
\fB\-W\fR
option makes
\fBhost\fR
wait for
option\&.
.RE
.PP
\-W \fIwait\fR
.RS 4
Timeout: wait for up to
\fIwait\fR
seconds\&. If
seconds for a reply\&. If
\fIwait\fR
is less than one, the wait interval is set to one second\&. When the
\fB\-w\fR
option is used,
\fBhost\fR
will effectively wait forever for a reply\&. The time to wait for a response will be set to the number of seconds given by the hardware\*(Aqs maximum value for an integer quantity\&. By default,
is less than one, the wait interval is set to one second\&.
.sp
By default,
\fBhost\fR
will wait for 5 seconds for UDP responses and 10 seconds for TCP connections\&. These defaults can be overridden by the
\fItimeout\fR
option in
/etc/resolv\&.conf\&.
.PP
The
\fB\-s\fR
option tells
\fBhost\fR\fInot\fR
to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior\&.
.PP
The
\fB\-m\fR
can be used to set the memory usage debugging flags
\fIrecord\fR,
\fIusage\fR
and
\fItrace\fR\&.
.PP
The
\fB\-V\fR
option causes
\fBhost\fR
to print the version number and exit\&.
.sp
See also the
\fB\-w\fR
option\&.
.RE
.SH "IDN SUPPORT"
.PP
If
@ -248,7 +274,7 @@ runs\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000-2002 Internet Software Consortium.
.br

328
bin/dig/host.html
View file

@ -1,5 +1,5 @@
<!--
- Copyright (C) 2004, 2005, 2007-2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@ -51,151 +51,187 @@
should query instead of the server or servers listed in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-a</code> (all) option is equivalent to setting the
<code class="option">-v</code> option and asking <span class="command"><strong>host</strong></span> to make
a query of type ANY.
</p>
<p>
When the <code class="option">-C</code> option is used, <span class="command"><strong>host</strong></span>
will attempt to display the SOA records for zone
<em class="parameter"><code>name</code></em> from all the listed
authoritative name
servers for that zone. The list of name servers is defined by the NS
records that are found for the zone.
</p>
<p>
The <code class="option">-c</code> option instructs to make a DNS query of class
<em class="parameter"><code>class</code></em>. This can be used to lookup
Hesiod or
Chaosnet class resource records. The default class is IN (Internet).
</p>
<p>
Verbose output is generated by <span class="command"><strong>host</strong></span> when
the
<code class="option">-d</code> or <code class="option">-v</code> option is used. The two
options are equivalent. They have been provided for backwards
compatibility. In previous versions, the <code class="option">-d</code> option
switched on debugging traces and <code class="option">-v</code> enabled verbose
output. Verbose output can also be enabled by setting the
<em class="parameter"><code>debug</code></em> option in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
List mode is selected by the <code class="option">-l</code> option. This makes
<span class="command"><strong>host</strong></span> perform a zone transfer for zone
<em class="parameter"><code>name</code></em>. Transfer the zone printing out
the NS, PTR
and address records (A/AAAA). If combined with <code class="option">-a</code>
all records will be printed.
</p>
<p>
The <code class="option">-i</code>
option specifies that reverse lookups of IPv6 addresses should
use the IP6.INT domain as defined in RFC1886.
The default is to use IP6.ARPA.
</p>
<p>
The <code class="option">-N</code> option sets the number of dots that have to be
in <em class="parameter"><code>name</code></em> for it to be considered
absolute. The
default value is that defined using the ndots statement in
<code class="filename">/etc/resolv.conf</code>, or 1 if no ndots
statement is
present. Names with fewer dots are interpreted as relative names and
will be searched for in the domains listed in the <span class="type">search</span>
or <span class="type">domain</span> directive in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The number of UDP retries for a lookup can be changed with the
<code class="option">-R</code> option. <em class="parameter"><code>number</code></em>
indicates
how many times <span class="command"><strong>host</strong></span> will repeat a query
that does
not get answered. If
<em class="parameter"><code>number</code></em> is negative or zero, the
number of
retries will default to 1. The default value is 1, or
the value of the <em class="parameter"><code>attempts</code></em> option in
<code class="filename">/etc/resolv.conf</code>, if set.
</p>
<p>
Non-recursive queries can be made via the <code class="option">-r</code> option.
Setting this option clears the <span class="type">RD</span> &#8212; recursion
desired &#8212; bit in the query which <span class="command"><strong>host</strong></span> makes.
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
<code class="option">-r</code> option enables <span class="command"><strong>host</strong></span>
to mimic
the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
<p>
By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The
<code class="option">-T</code> option makes it use a TCP connection when querying
the name server. TCP will be automatically selected for queries that
require it, such as zone transfer (AXFR) requests.
</p>
<p>
The <code class="option">-4</code> option forces <span class="command"><strong>host</strong></span> to only
use IPv4 query transport. The <code class="option">-6</code> option forces
<span class="command"><strong>host</strong></span> to only use IPv6 query transport.
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
<em class="parameter"><code>type</code></em> can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span class="command"><strong>host</strong></span> automatically selects an appropriate
query
type. By default, it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
address or colon-delimited IPv6 address, <span class="command"><strong>host</strong></span> will
query for PTR records. If a query type of IXFR is chosen the starting
serial number can be specified by appending an equal followed by the
starting serial number (e.g. -t IXFR=12345678).
</p>
<p>
The time to wait for a reply can be controlled through the
<code class="option">-W</code> and <code class="option">-w</code> options. The
<code class="option">-W</code> option makes <span class="command"><strong>host</strong></span>
wait for
<em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
is less than one, the wait interval is set to one second. When the
<code class="option">-w</code> option is used, <span class="command"><strong>host</strong></span>
will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
value for an integer quantity. By default, <span class="command"><strong>host</strong></span>
will wait for 5 seconds for UDP responses and 10 seconds for TCP
connections. These defaults can be overridden by the
<em class="parameter"><code>timeout</code></em> option in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-s</code> option tells <span class="command"><strong>host</strong></span>
<span class="emphasis"><em>not</em></span> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
</p>
<p>
The <code class="option">-m</code> can be used to set the memory usage debugging
flags
<em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
<em class="parameter"><code>trace</code></em>.
</p>
<p>
The <code class="option">-V</code> option causes <span class="command"><strong>host</strong></span>
to print the version number and exit.
</p>
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>IDN SUPPORT</h2>
<a name="id-1.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only for query transport.
See also the <code class="option">-6</code> option.
</p></dd>
<dt><span class="term">-6</span></dt>
<dd><p>
Use IPv6 only for query transport.
See also the <code class="option">-4</code> option.
</p></dd>
<dt><span class="term">-a</span></dt>
<dd><p>
"All". The <code class="option">-a</code> option is normally equivalent
to <code class="option">-v</code> <code class="option">-t</code> <code class="literal">ANY</code>.
It also affects the behaviour of the <code class="option">-l</code>
list zone option.
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Query class: This can be used to lookup Hesiod or Chaosnet
class resource records. The default class is IN
(Internet).
</p></dd>
<dt><span class="term">-C</span></dt>
<dd><p>
Check consistency: <span class="command"><strong>host</strong></span> will query the
SOA records for zone <em class="parameter"><code>name</code></em> from all
the listed authoritative name servers for that zone. The
list of name servers is defined by the NS records that are
found for the zone.
</p></dd>
<dt><span class="term">-d</span></dt>
<dd><p>
Print debugging traces.
Equivalent to the <code class="option">-v</code> verbose option.
</p></dd>
<dt><span class="term">-i</span></dt>
<dd><p>
Obsolete.
Use the IP6.INT domain for reverse lookups of IPv6
addresses as defined in RFC1886 and deprecated in RFC4159.
The default is to use IP6.ARPA as specified in RFC3596.
</p></dd>
<dt><span class="term">-l</span></dt>
<dd>
<p>
List zone:
The <span class="command"><strong>host</strong></span> performs a zone transfer of
zone <em class="parameter"><code>name</code></em> and prints out the NS,
PTR and address records (A/AAAA).
</p>
<p>
Together, the <code class="option">-l</code> <code class="option">-a</code>
options print all records in the zone.
</p>
</dd>
<dt><span class="term">-N <em class="replaceable"><code>ndots</code></em></span></dt>
<dd><p>
The number of dots that have to be
in <em class="parameter"><code>name</code></em> for it to be considered
absolute. The default value is that defined using the
ndots statement in <code class="filename">/etc/resolv.conf</code>,
or 1 if no ndots statement is present. Names with fewer
dots are interpreted as relative names and will be
searched for in the domains listed in
the <span class="type">search</span> or <span class="type">domain</span> directive
in <code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term">-r</span></dt>
<dd><p>
Non-recursive query:
Setting this option clears the <span class="type">RD</span> &#8212;
recursion desired &#8212; bit in the query. This should
mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>.
The <code class="option">-r</code> option
enables <span class="command"><strong>host</strong></span> to mimic the behavior of a
name server by making non-recursive queries and expecting
to receive answers to those queries that can be
referrals to other name servers.
</p></dd>
<dt><span class="term">-R <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
Number of retries for UDP queries:
If <em class="parameter"><code>number</code></em> is negative or zero, the
number of retries will default to 1. The default value is
1, or the value of the <em class="parameter"><code>attempts</code></em>
option in <code class="filename">/etc/resolv.conf</code>, if set.
</p></dd>
<dt><span class="term">-s</span></dt>
<dd><p>
Do <span class="emphasis"><em>not</em></span> send the query to the next
nameserver if any server responds with a SERVFAIL
response, which is the reverse of normal stub resolver
behavior.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
Query type:
the <em class="parameter"><code>type</code></em> argument can be any
recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
</p>
<p>
When no query type is specified, <span class="command"><strong>host</strong></span>
automatically selects an appropriate query type. By default, it
looks for A, AAAA, and MX records.
If the <code class="option">-C</code> option is given, queries will
be made for SOA records.
If <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
address or colon-delimited IPv6
address, <span class="command"><strong>host</strong></span> will query for PTR
records.
</p>
<p>
If a query type of IXFR is chosen the starting serial
number can be specified by appending an equal followed by
the starting serial number
(e.g. <code class="option">-t</code> <code class="literal">IXFR=12345678</code>).
</p>
</dd>
<dt><span class="term">-T</span></dt>
<dd><p>
TCP:
By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The <code class="option">-T</code> option makes it use a TCP
connection when querying the name server. TCP will be
automatically selected for queries that require it, such
as zone transfer (AXFR) requests.
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
<dd><p>
Memory usage debugging: the flag can
be <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em>,
or <em class="parameter"><code>trace</code></em>. You can specify
the <code class="option">-m</code> option more than once to set
multiple flags.
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
Verbose output.
Equivalent to the <code class="option">-d</code> debug option.
Verbose output can also be enabled by setting
the <em class="parameter"><code>debug</code></em> option
in<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Print the version number and exit.
</p></dd>
<dt><span class="term">-w</span></dt>
<dd><p>
Wait forever: the query timeout is set to the maximum possible.
See also the <code class="option">-W</code> option.
</p></dd>
<dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
<dd>
<p>
Timeout: wait for up to <em class="parameter"><code>wait</code></em>
seconds for a reply. If <em class="parameter"><code>wait</code></em> is
less than one, the wait interval is set to one second.
</p>
<p>
By default, <span class="command"><strong>host</strong></span> will wait for 5
seconds for UDP responses and 10 seconds for TCP
connections. These defaults can be overridden by
the <em class="parameter"><code>timeout</code></em> option
in <code class="filename">/etc/resolv.conf</code>.
</p>
<p>
See also the <code class="option">-w</code> option.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>IDN SUPPORT</h2>
<p>
If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -209,12 +245,12 @@
</p>
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>FILES</h2>
<a name="id-1.10"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsection">
<a name="id-1.10"></a><h2>SEE ALSO</h2>
<a name="id-1.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

28
doc/arm/Bv9ARM.ch09.html
View file

@ -184,6 +184,34 @@
or
<a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
</p></li>
<li class="listitem">
<p>
A new DNSSEC key management utility,
<span class="command"><strong>dnssec-keymgr</strong></span>, has been added. This tool
is meant to run unattended (e.g., under <span class="command"><strong>cron</strong></span>).
It reads a policy definition file
(default: <code class="filename">/etc/dnssec.policy</code>)
and creates or updates DNSSEC keys as necessary to ensure that a
zone's keys match the defined policy for that zone. New keys are
created whenever necessary to ensure rollovers occur correctly.
Existing keys' timing metadata is adjusted as needed to set the
correct rollover period, prepublication interval, etc. If
the configured policy changes, keys are corrected automatically.
See the <span class="command"><strong>dnssec-keymgr</strong></span> man page for full details.
</p>
<p>
Note: <span class="command"><strong>dnssec-keymgr</strong></span> depends on Python and on
the Python lex/yacc module, PLY. The other Python-based tools,
<span class="command"><strong>dnssec-coverage</strong></span> and
<span class="command"><strong>dnssec-checkds</strong></span>, have been
refactored and updated as part of this work.
</p>
<p>
(Many thanks to Sebastián
Castro for his assistance in developing this tool at the IETF
95 Hackathon in Buenos Aires, April 2016.)
</p>
</li>
<li class="listitem"><p>
The serial number of a dynamically updatable zone can
now be set using

40
doc/arm/man.dnssec-coverage.html
View file

@ -46,7 +46,7 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone...]</p></div>
</div>
<div class="refsection">
<a name="id-1.14.6.7"></a><h2>DESCRIPTION</h2>
@ -123,10 +123,15 @@
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
This option is mandatory unless the <code class="option">-f</code> has
been used to specify a zone file. (If <code class="option">-f</code> has
This option is not necessary if the <code class="option">-f</code> has
been used to specify a zone file. If <code class="option">-f</code> has
been specified, this option may still be used; it will override
the value found in the file.)
the value found in the file.
</p>
<p>
If this option is not used and the maximum TTL cannot be retrieved
from a zone file, a warning is generated and a default value of
1 week is used.
</p>
</dd>
<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt>
@ -135,11 +140,10 @@
Sets the value to be used as the DNSKEY TTL for the zone or
zones being analyzed when determining whether there is a
possibility of validation failure. When a key is rolled (that
is, replaced with a new key), there must be enough time
for the old DNSKEY RRset to have expired from resolver caches
before the new key is activated and begins generating
signatures. If that condition does not apply, a warning
will be generated.
is, replaced with a new key), there must be enough time for the
old DNSKEY RRset to have expired from resolver caches before
the new key is activated and begins generating signatures. If
that condition does not apply, a warning will be generated.
</p>
<p>
The length of the TTL can be set in seconds, or in larger units
@ -147,12 +151,18 @@
'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
</p>
<p>
This option is mandatory unless the <code class="option">-f</code> has
been used to specify a zone file, or a default key TTL was
set with the <code class="option">-L</code> to
<span class="command"><strong>dnssec-keygen</strong></span>. (If either of those is true,
this option may still be used; it will override the value found
in the zone or key file.)
This option is not necessary if <code class="option">-f</code> has
been used to specify a zone file from which the TTL
of the DNSKEY RRset can be read, or if a default key TTL was
set using ith the <code class="option">-L</code> to
<span class="command"><strong>dnssec-keygen</strong></span>. If either of those is true,
this option may still be used; it will override the values
found in the zone file or the key file.
</p>
<p>
If this option is not used and the key TTL cannot be retrieved
from the zone file or the key file, then a warning is generated
and a default value of 1 day is used.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt>

326
doc/arm/man.host.html
View file

@ -69,151 +69,187 @@
should query instead of the server or servers listed in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-a</code> (all) option is equivalent to setting the
<code class="option">-v</code> option and asking <span class="command"><strong>host</strong></span> to make
a query of type ANY.
</p>
<p>
When the <code class="option">-C</code> option is used, <span class="command"><strong>host</strong></span>
will attempt to display the SOA records for zone
<em class="parameter"><code>name</code></em> from all the listed
authoritative name
servers for that zone. The list of name servers is defined by the NS
records that are found for the zone.
</p>
<p>
The <code class="option">-c</code> option instructs to make a DNS query of class
<em class="parameter"><code>class</code></em>. This can be used to lookup
Hesiod or
Chaosnet class resource records. The default class is IN (Internet).
</p>
<p>
Verbose output is generated by <span class="command"><strong>host</strong></span> when
the
<code class="option">-d</code> or <code class="option">-v</code> option is used. The two
options are equivalent. They have been provided for backwards
compatibility. In previous versions, the <code class="option">-d</code> option
switched on debugging traces and <code class="option">-v</code> enabled verbose
output. Verbose output can also be enabled by setting the
<em class="parameter"><code>debug</code></em> option in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
List mode is selected by the <code class="option">-l</code> option. This makes
<span class="command"><strong>host</strong></span> perform a zone transfer for zone
<em class="parameter"><code>name</code></em>. Transfer the zone printing out
the NS, PTR
and address records (A/AAAA). If combined with <code class="option">-a</code>
all records will be printed.
</p>
<p>
The <code class="option">-i</code>
option specifies that reverse lookups of IPv6 addresses should
use the IP6.INT domain as defined in RFC1886.
The default is to use IP6.ARPA.
</p>
<p>
The <code class="option">-N</code> option sets the number of dots that have to be
in <em class="parameter"><code>name</code></em> for it to be considered
absolute. The
default value is that defined using the ndots statement in
<code class="filename">/etc/resolv.conf</code>, or 1 if no ndots
statement is
present. Names with fewer dots are interpreted as relative names and
will be searched for in the domains listed in the <span class="type">search</span>
or <span class="type">domain</span> directive in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The number of UDP retries for a lookup can be changed with the
<code class="option">-R</code> option. <em class="parameter"><code>number</code></em>
indicates
how many times <span class="command"><strong>host</strong></span> will repeat a query
that does
not get answered. If
<em class="parameter"><code>number</code></em> is negative or zero, the
number of
retries will default to 1. The default value is 1, or
the value of the <em class="parameter"><code>attempts</code></em> option in
<code class="filename">/etc/resolv.conf</code>, if set.
</p>
<p>
Non-recursive queries can be made via the <code class="option">-r</code> option.
Setting this option clears the <span class="type">RD</span> &#8212; recursion
desired &#8212; bit in the query which <span class="command"><strong>host</strong></span> makes.
This should mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>. The
<code class="option">-r</code> option enables <span class="command"><strong>host</strong></span>
to mimic
the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
<p>
By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The
<code class="option">-T</code> option makes it use a TCP connection when querying
the name server. TCP will be automatically selected for queries that
require it, such as zone transfer (AXFR) requests.
</p>
<p>
The <code class="option">-4</code> option forces <span class="command"><strong>host</strong></span> to only
use IPv4 query transport. The <code class="option">-6</code> option forces
<span class="command"><strong>host</strong></span> to only use IPv6 query transport.
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
<em class="parameter"><code>type</code></em> can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span class="command"><strong>host</strong></span> automatically selects an appropriate
query
type. By default, it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
address or colon-delimited IPv6 address, <span class="command"><strong>host</strong></span> will
query for PTR records. If a query type of IXFR is chosen the starting
serial number can be specified by appending an equal followed by the
starting serial number (e.g. -t IXFR=12345678).
</p>
<p>
The time to wait for a reply can be controlled through the
<code class="option">-W</code> and <code class="option">-w</code> options. The
<code class="option">-W</code> option makes <span class="command"><strong>host</strong></span>
wait for
<em class="parameter"><code>wait</code></em> seconds. If <em class="parameter"><code>wait</code></em>
is less than one, the wait interval is set to one second. When the
<code class="option">-w</code> option is used, <span class="command"><strong>host</strong></span>
will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
value for an integer quantity. By default, <span class="command"><strong>host</strong></span>
will wait for 5 seconds for UDP responses and 10 seconds for TCP
connections. These defaults can be overridden by the
<em class="parameter"><code>timeout</code></em> option in
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
The <code class="option">-s</code> option tells <span class="command"><strong>host</strong></span>
<span class="emphasis"><em>not</em></span> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behavior.
</p>
<p>
The <code class="option">-m</code> can be used to set the memory usage debugging
flags
<em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
<em class="parameter"><code>trace</code></em>.
</p>
<p>
The <code class="option">-V</code> option causes <span class="command"><strong>host</strong></span>
to print the version number and exit.
</p>
</div>
<div class="refsection">
<a name="id-1.14.3.8"></a><h2>IDN SUPPORT</h2>
<a name="id-1.14.3.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-4</span></dt>
<dd><p>
Use IPv4 only for query transport.
See also the <code class="option">-6</code> option.
</p></dd>
<dt><span class="term">-6</span></dt>
<dd><p>
Use IPv6 only for query transport.
See also the <code class="option">-4</code> option.
</p></dd>
<dt><span class="term">-a</span></dt>
<dd><p>
"All". The <code class="option">-a</code> option is normally equivalent
to <code class="option">-v</code> <code class="option">-t</code> <code class="literal">ANY</code>.
It also affects the behaviour of the <code class="option">-l</code>
list zone option.
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Query class: This can be used to lookup Hesiod or Chaosnet
class resource records. The default class is IN
(Internet).
</p></dd>
<dt><span class="term">-C</span></dt>
<dd><p>
Check consistency: <span class="command"><strong>host</strong></span> will query the
SOA records for zone <em class="parameter"><code>name</code></em> from all
the listed authoritative name servers for that zone. The
list of name servers is defined by the NS records that are
found for the zone.
</p></dd>
<dt><span class="term">-d</span></dt>
<dd><p>
Print debugging traces.
Equivalent to the <code class="option">-v</code> verbose option.
</p></dd>
<dt><span class="term">-i</span></dt>
<dd><p>
Obsolete.
Use the IP6.INT domain for reverse lookups of IPv6
addresses as defined in RFC1886 and deprecated in RFC4159.
The default is to use IP6.ARPA as specified in RFC3596.
</p></dd>
<dt><span class="term">-l</span></dt>
<dd>
<p>
List zone:
The <span class="command"><strong>host</strong></span> performs a zone transfer of
zone <em class="parameter"><code>name</code></em> and prints out the NS,
PTR and address records (A/AAAA).
</p>
<p>
Together, the <code class="option">-l</code> <code class="option">-a</code>
options print all records in the zone.
</p>
</dd>
<dt><span class="term">-N <em class="replaceable"><code>ndots</code></em></span></dt>
<dd><p>
The number of dots that have to be
in <em class="parameter"><code>name</code></em> for it to be considered
absolute. The default value is that defined using the
ndots statement in <code class="filename">/etc/resolv.conf</code>,
or 1 if no ndots statement is present. Names with fewer
dots are interpreted as relative names and will be
searched for in the domains listed in
the <span class="type">search</span> or <span class="type">domain</span> directive
in <code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term">-r</span></dt>
<dd><p>
Non-recursive query:
Setting this option clears the <span class="type">RD</span> &#8212;
recursion desired &#8212; bit in the query. This should
mean that the name server receiving the query will not
attempt to resolve <em class="parameter"><code>name</code></em>.
The <code class="option">-r</code> option
enables <span class="command"><strong>host</strong></span> to mimic the behavior of a
name server by making non-recursive queries and expecting
to receive answers to those queries that can be
referrals to other name servers.
</p></dd>
<dt><span class="term">-R <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
Number of retries for UDP queries:
If <em class="parameter"><code>number</code></em> is negative or zero, the
number of retries will default to 1. The default value is
1, or the value of the <em class="parameter"><code>attempts</code></em>
option in <code class="filename">/etc/resolv.conf</code>, if set.
</p></dd>
<dt><span class="term">-s</span></dt>
<dd><p>
Do <span class="emphasis"><em>not</em></span> send the query to the next
nameserver if any server responds with a SERVFAIL
response, which is the reverse of normal stub resolver
behavior.
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
Query type:
the <em class="parameter"><code>type</code></em> argument can be any
recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
</p>
<p>
When no query type is specified, <span class="command"><strong>host</strong></span>
automatically selects an appropriate query type. By default, it
looks for A, AAAA, and MX records.
If the <code class="option">-C</code> option is given, queries will
be made for SOA records.
If <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
address or colon-delimited IPv6
address, <span class="command"><strong>host</strong></span> will query for PTR
records.
</p>
<p>
If a query type of IXFR is chosen the starting serial
number can be specified by appending an equal followed by
the starting serial number
(e.g. <code class="option">-t</code> <code class="literal">IXFR=12345678</code>).
</p>
</dd>
<dt><span class="term">-T</span></dt>
<dd><p>
TCP:
By default, <span class="command"><strong>host</strong></span> uses UDP when making
queries. The <code class="option">-T</code> option makes it use a TCP
connection when querying the name server. TCP will be
automatically selected for queries that require it, such
as zone transfer (AXFR) requests.
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
<dd><p>
Memory usage debugging: the flag can
be <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em>,
or <em class="parameter"><code>trace</code></em>. You can specify
the <code class="option">-m</code> option more than once to set
multiple flags.
</p></dd>
<dt><span class="term">-v</span></dt>
<dd><p>
Verbose output.
Equivalent to the <code class="option">-d</code> debug option.
Verbose output can also be enabled by setting
the <em class="parameter"><code>debug</code></em> option
in<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Print the version number and exit.
</p></dd>
<dt><span class="term">-w</span></dt>
<dd><p>
Wait forever: the query timeout is set to the maximum possible.
See also the <code class="option">-W</code> option.
</p></dd>
<dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
<dd>
<p>
Timeout: wait for up to <em class="parameter"><code>wait</code></em>
seconds for a reply. If <em class="parameter"><code>wait</code></em> is
less than one, the wait interval is set to one second.
</p>
<p>
By default, <span class="command"><strong>host</strong></span> will wait for 5
seconds for UDP responses and 10 seconds for TCP
connections. These defaults can be overridden by
the <em class="parameter"><code>timeout</code></em> option
in <code class="filename">/etc/resolv.conf</code>.
</p>
<p>
See also the <code class="option">-w</code> option.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.3.9"></a><h2>IDN SUPPORT</h2>
<p>
If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -227,12 +263,12 @@
</p>
</div>
<div class="refsection">
<a name="id-1.14.3.9"></a><h2>FILES</h2>
<a name="id-1.14.3.10"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsection">
<a name="id-1.14.3.10"></a><h2>SEE ALSO</h2>
<a name="id-1.14.3.11"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

28
doc/arm/notes.html
View file

@ -145,6 +145,34 @@
or
<a class="link" href="http://localhost:8888/json/v1/traffic" target="_top">http://localhost:8888/json/v1/traffic</a>.
</p></li>
<li class="listitem">
<p>
A new DNSSEC key management utility,
<span class="command"><strong>dnssec-keymgr</strong></span>, has been added. This tool
is meant to run unattended (e.g., under <span class="command"><strong>cron</strong></span>).
It reads a policy definition file
(default: <code class="filename">/etc/dnssec.policy</code>)
and creates or updates DNSSEC keys as necessary to ensure that a
zone's keys match the defined policy for that zone. New keys are
created whenever necessary to ensure rollovers occur correctly.
Existing keys' timing metadata is adjusted as needed to set the
correct rollover period, prepublication interval, etc. If
the configured policy changes, keys are corrected automatically.
See the <span class="command"><strong>dnssec-keymgr</strong></span> man page for full details.
</p>
<p>
Note: <span class="command"><strong>dnssec-keymgr</strong></span> depends on Python and on
the Python lex/yacc module, PLY. The other Python-based tools,
<span class="command"><strong>dnssec-coverage</strong></span> and
<span class="command"><strong>dnssec-checkds</strong></span>, have been
refactored and updated as part of this work.
</p>
<p>
(Many thanks to Sebastián
Castro for his assistance in developing this tool at the IETF
95 Hackathon in Buenos Aires, April 2016.)
</p>
</li>
<li class="listitem"><p>
The serial number of a dynamically updatable zone can
now be set using