"
.PP
The default query class (IN for internet) is overridden by the
\fB\-c\fR
-option\&.
+option.
\fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for Chaosnet records\&.
+is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
.PP
The
\fB\-f\fR
option makes
\fBdig \fR
operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR\&. The file contains a number of queries, one per line\&. Each entry in the file should be organized in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
-using the command\-line interface\&.
+using the command\-line interface.
.PP
The
\fB\-m\fR
-option enables memory usage debugging\&.
+option enables memory usage debugging.
.PP
If a non\-standard port number is to be queried, the
\fB\-p\fR
-option is used\&.
+option is used.
\fIport#\fR
is the port number that
\fBdig\fR
-will send its queries instead of the standard DNS port number 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
+will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
.PP
The
\fB\-4\fR
option forces
\fBdig\fR
-to only use IPv4 query transport\&. The
+to only use IPv4 query transport. The
\fB\-6\fR
option forces
\fBdig\fR
-to only use IPv6 query transport\&.
+to only use IPv6 query transport.
.PP
The
\fB\-t\fR
option sets the query type to
-\fItype\fR\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
\fB\-x\fR
-option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required,
+option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
\fItype\fR
is set to
-ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
-\fIN\fR\&.
+ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
+\fIN\fR.
.PP
The
\fB\-q\fR
option sets the query name to
-\fIname\fR\&. This useful do distinguish the
+\fIname\fR. This useful do distinguish the
\fIname\fR
-from other arguments\&.
+from other arguments.
.PP
Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
-option\&.
+option.
\fIaddr\fR
-is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When this option is used, there is no need to provide the
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
\fIname\fR,
\fIclass\fR
and
\fItype\fR
-arguments\&.
+arguments.
\fBdig\fR
automatically performs a lookup for a name like
-11\&.12\&.13\&.10\&.in\-addr\&.arpa
-and sets the query type and class to PTR and IN respectively\&. By default, IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&. To use the older RFC1886 method using the IP6\&.INT domain specify the
+11.12.13.10.in\-addr.arpa
+and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the
\fB\-i\fR
-option\&. Bit string labels (RFC2874) are now experimental and are not attempted\&.
+option. Bit string labels (RFC2874) are now experimental and are not attempted.
.PP
To sign the DNS queries sent by
\fBdig\fR
and their responses using transaction signatures (TSIG), specify a TSIG key file using the
\fB\-k\fR
-option\&. You can also specify the TSIG key itself on the command line using the
+option. You can also specify the TSIG key itself on the command line using the
\fB\-y\fR
option;
\fIhmac\fR
@@ -240,43 +219,43 @@ is the type of the TSIG, default HMAC\-MD5,
\fIname\fR
is the name of the TSIG key and
\fIkey\fR
-is the actual key\&. The key is a base\-64 encoded string, typically generated by
-\fBdnssec-keygen\fR(8)\&. Caution should be taken when using the
+is the actual key. The key is a base\-64 encoded string, typically generated by
+\fBdnssec\-keygen\fR(8). Caution should be taken when using the
\fB\-y\fR
option on multi\-user systems as the key can be visible in the output from
\fBps\fR(1)
-or in the shell\*(Aqs history file\&. When using TSIG authentication with
-\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate
+or in the shell's history file. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
\fBkey\fR
and
\fBserver\fR
statements in
-named\&.conf\&.
+\fInamed.conf\fR.
.SH "QUERY OPTIONS"
.PP
\fBdig\fR
-provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&.
+provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
.PP
-Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string
+Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
no
-to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form
-\fB+keyword=value\fR\&. The query options are:
+to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
+\fB+keyword=value\fR. The query options are:
.PP
\fB+[no]tcp\fR
.RS 4
-Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used\&.
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
.RE
.PP
\fB+[no]vc\fR
.RS 4
-Use [do not use] TCP when querying name servers\&. This alternate syntax to
+Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
-is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
.RE
.PP
\fB+[no]ignore\fR
.RS 4
-Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
.RE
.PP
\fB+domain=somename\fR
@@ -285,21 +264,21 @@ Set the search list to contain the single domain
\fIsomename\fR, as if specified in a
\fBdomain\fR
directive in
-/etc/resolv\&.conf, and enable search list processing as if the
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
\fI+search\fR
-option were given\&.
+option were given.
.RE
.PP
\fB+[no]search\fR
.RS 4
Use [do not use] the search list defined by the searchlist or domain directive in
-resolv\&.conf
-(if any)\&. The search list is not used by default\&.
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
.RE
.PP
\fB+[no]showsearch\fR
.RS 4
-Perform [do not perform] a search showing intermediate results\&.
+Perform [do not perform] a search showing intermediate results.
.RE
.PP
\fB+[no]defname\fR
@@ -310,95 +289,95 @@ Deprecated, treated as a synonym for
.PP
\fB+[no]aaonly\fR
.RS 4
-Sets the "aa" flag in the query\&.
+Sets the "aa" flag in the query.
.RE
.PP
\fB+[no]aaflag\fR
.RS 4
A synonym for
-\fI+[no]aaonly\fR\&.
+\fI+[no]aaonly\fR.
.RE
.PP
\fB+[no]adflag\fR
.RS 4
-Set [do not set] the AD (authentic data) bit in the query\&. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server\&. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range\&. AD=0 indicate that some part of the answer was insecure or not validated\&. This bit is set by default\&.
+Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
.RE
.PP
\fB+[no]cdflag\fR
.RS 4
-Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&.
+Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
.RE
.PP
\fB+[no]cl\fR
.RS 4
-Display [do not display] the CLASS when printing the record\&.
+Display [do not display] the CLASS when printing the record.
.RE
.PP
\fB+[no]ttlid\fR
.RS 4
-Display [do not display] the TTL when printing the record\&.
+Display [do not display] the TTL when printing the record.
.RE
.PP
\fB+[no]recurse\fR
.RS 4
-Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
\fBdig\fR
-normally sends recursive queries\&. Recursion is automatically disabled when the
+normally sends recursive queries. Recursion is automatically disabled when the
\fI+nssearch\fR
or
\fI+trace\fR
-query options are used\&.
+query options are used.
.RE
.PP
\fB+[no]nssearch\fR
.RS 4
When this option is set,
\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
.RE
.PP
\fB+[no]trace\fR
.RS 4
-Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled,
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
-makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&.
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.sp
\fB+dnssec\fR
-is also set when +trace is set to better emulate the default queries from a nameserver\&.
+is also set when +trace is set to better emulate the default queries from a nameserver.
.RE
.PP
\fB+[no]cmd\fR
.RS 4
Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
-and the query options that have been applied\&. This comment is printed by default\&.
+and the query options that have been applied. This comment is printed by default.
.RE
.PP
\fB+[no]short\fR
.RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&.
+Provide a terse answer. The default is to print the answer in a verbose form.
.RE
.PP
\fB+[no]identify\fR
.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
-option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
+option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
.RE
.PP
\fB+[no]comments\fR
.RS 4
-Toggle the display of comment lines in the output\&. The default is to print comments\&.
+Toggle the display of comment lines in the output. The default is to print comments.
.RE
.PP
\fB+[no]rrcomments\fR
.RS 4
-Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is not to print record comments unless multiline mode is active\&.
+Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
.RE
.PP
\fB+[no]crypto\fR
.RS 4
-Toggle the display of cryptographic fields in DNSSEC records\&. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures\&. The default is to display the fields\&. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e\&.g\&. "[ key id = value ]"\&.
+Toggle the display of cryptographic fields in DNSSEC records. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures. The default is to display the fields. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e.g. "[ key id = value ]".
.RE
.PP
\fB+split=W\fR
@@ -407,72 +386,72 @@ Split long hex\- or base64\-formatted fields in resource records into chunks of
\fIW\fR
characters (where
\fIW\fR
-is rounded up to the nearest multiple of 4)\&.
+is rounded up to the nearest multiple of 4).
\fI+nosplit\fR
or
\fI+split=0\fR
-causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&.
+causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
.RE
.PP
\fB+[no]stats\fR
.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
.RE
.PP
\fB+[no]qr\fR
.RS 4
-Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
+Print [do not print] the query as it is sent. By default, the query is not printed.
.RE
.PP
\fB+[no]question\fR
.RS 4
-Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
.RE
.PP
\fB+[no]answer\fR
.RS 4
-Display [do not display] the answer section of a reply\&. The default is to display it\&.
+Display [do not display] the answer section of a reply. The default is to display it.
.RE
.PP
\fB+[no]authority\fR
.RS 4
-Display [do not display] the authority section of a reply\&. The default is to display it\&.
+Display [do not display] the authority section of a reply. The default is to display it.
.RE
.PP
\fB+[no]additional\fR
.RS 4
-Display [do not display] the additional section of a reply\&. The default is to display it\&.
+Display [do not display] the additional section of a reply. The default is to display it.
.RE
.PP
\fB+[no]all\fR
.RS 4
-Set or clear all display flags\&.
+Set or clear all display flags.
.RE
.PP
\fB+time=T\fR
.RS 4
Sets the timeout for a query to
\fIT\fR
-seconds\&. The default timeout is 5 seconds\&. An attempt to set
+seconds. The default timeout is 5 seconds. An attempt to set
\fIT\fR
-to less than 1 will result in a query timeout of 1 second being applied\&.
+to less than 1 will result in a query timeout of 1 second being applied.
.RE
.PP
\fB+tries=T\fR
.RS 4
Sets the number of times to try UDP queries to server to
\fIT\fR
-instead of the default, 3\&. If
+instead of the default, 3. If
\fIT\fR
-is less than or equal to zero, the number of tries is silently rounded up to 1\&.
+is less than or equal to zero, the number of tries is silently rounded up to 1.
.RE
.PP
\fB+retry=T\fR
.RS 4
Sets the number of times to retry UDP queries to server to
\fIT\fR
-instead of the default, 2\&. Unlike
-\fI+tries\fR, this does not include the initial query\&.
+instead of the default, 2. Unlike
+\fI+tries\fR, this does not include the initial query.
.RE
.PP
\fB+ndots=D\fR
@@ -481,91 +460,91 @@ Set the number of dots that have to appear in
\fIname\fR
to
\fID\fR
-for it to be considered absolute\&. The default value is that defined using the ndots statement in
-/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
\fBsearch\fR
or
\fBdomain\fR
directive in
-/etc/resolv\&.conf\&.
+\fI/etc/resolv.conf\fR.
.RE
.PP
\fB+bufsize=B\fR
.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
-bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
.RE
.PP
\fB+edns=#\fR
.RS 4
-Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&.
+Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
\fB+noedns\fR
-clears the remembered EDNS version\&. EDNS is set to 0 by default\&.
+clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]multiline\fR
.RS 4
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
-output\&.
+output.
.RE
.PP
\fB+[no]onesoa\fR
.RS 4
-Print only one (starting) SOA record when performing an AXFR\&. The default is to print both the starting and ending SOA records\&.
+Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
.RE
.PP
\fB+[no]fail\fR
.RS 4
-Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
.RE
.PP
\fB+[no]besteffort\fR
.RS 4
-Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
.RE
.PP
\fB+[no]dnssec\fR
.RS 4
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&.
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
.RE
.PP
\fB+[no]sigchase\fR
.RS 4
-Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
+Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+trusted\-key=####\fR
.RS 4
Specifies a file containing trusted keys to be used with
-\fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&.
+\fB+sigchase\fR. Each DNSKEY record must be on its own line.
.sp
If not specified,
\fBdig\fR
will look for
-/etc/trusted\-key\&.key
+\fI/etc/trusted\-key.key\fR
then
-trusted\-key\&.key
-in the current directory\&.
+\fItrusted\-key.key\fR
+in the current directory.
.sp
-Requires dig be compiled with \-DDIG_SIGCHASE\&.
+Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+[no]topdown\fR
.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
+When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+[no]nsid\fR
.RS 4
-Include an EDNS name server ID request when sending a query\&.
+Include an EDNS name server ID request when sending a query.
.RE
.PP
\fB+[no]keepopen\fR
.RS 4
-Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup\&. The default is
-\fB+nokeepopen\fR\&.
+Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
+\fB+nokeepopen\fR.
.RE
.SH "MULTIPLE QUERIES"
.PP
@@ -573,68 +552,63 @@ The BIND 9 implementation of
\fBdig \fR
supports specifying multiple queries on the command line (in addition to supporting the
\fB\-f\fR
-batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&.
+batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
.PP
In this case, each
\fIquery\fR
-argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
+argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
.PP
-A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the
+A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
\fB+[no]cmd\fR
-option) can be overridden by a query\-specific set of query options\&. For example:
+option) can be overridden by a query\-specific set of query options. For example:
.sp
-.if n \{\
.RS 4
-.\}
.nf
-dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
.fi
-.if n \{\
.RE
-.\}
.sp
shows how
\fBdig\fR
could be used from the command line to make three lookups: an ANY query for
-www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of
-isc\&.org\&. A global query option of
+www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org. A global query option of
\fI+qr\fR
is applied, so that
\fBdig\fR
-shows the initial query it made for each lookup\&. The final query has a local query option of
+shows the initial query it made for each lookup. The final query has a local query option of
\fI+noqr\fR
which means that
\fBdig\fR
will not print the initial query when it looks up the NS records for
-isc\&.org\&.
+isc.org.
.SH "IDN SUPPORT"
.PP
If
\fBdig\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
+environment variable. The IDN support is disabled if the variable is set when
\fBdig\fR
-runs\&.
+runs.
.SH "FILES"
.PP
-/etc/resolv\&.conf
+\fI/etc/resolv.conf\fR
.PP
-${HOME}/\&.digrc
+\fI${HOME}/.digrc\fR
.SH "SEE ALSO"
.PP
\fBhost\fR(1),
\fBnamed\fR(8),
-\fBdnssec-keygen\fR(8),
-RFC1035\&.
+\fBdnssec\-keygen\fR(8),
+RFC1035.
.SH "BUGS"
.PP
-There are probably too many query options\&.
+There are probably too many query options.
.SH "COPYRIGHT"
+Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
.br
-Copyright \(co 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000-2003 Internet Software Consortium.
+Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 5881a783e1..6068d7f2d4 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -19,9 +19,9 @@
dig
-
+
-
+
Name
@@ -33,41 +33,41 @@
dig [global-queryopt...] [query...]
-
-
DESCRIPTION
-
dig
+
+
DESCRIPTION
+
dig
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
displays the answers that are returned from the name server(s) that
- were queried. Most DNS administrators use dig to
+ were queried. Most DNS administrators use dig to
troubleshoot DNS problems because of its flexibility, ease of use and
clarity of output. Other lookup tools tend to have less functionality
- than dig.
+ than dig.
- Although dig is normally used with
+ Although dig is normally used with
command-line
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the -h option is given.
Unlike earlier versions, the BIND 9 implementation of
- dig allows multiple lookups to be issued
+ dig allows multiple lookups to be issued
from the
command line.
Unless it is told to query a specific name server,
- dig will try each of the servers listed in
+ dig will try each of the servers listed in
/etc/resolv.conf. If no usable server addreses
- are found, dig will send the query to the local
+ are found, dig will send the query to the local
host.
When no command line arguments or options are given,
- dig will perform an NS query for "." (the root).
+ dig will perform an NS query for "." (the root).
- It is possible to set per-user defaults for dig via
+ It is possible to set per-user defaults for dig via
${HOME}/.digrc. This file is read and
any options in it
are applied before the command line arguments.
@@ -80,17 +80,17 @@
use "IN." and "CH." when looking up these top level domains.
-
-
SIMPLE USAGE
+
+
SIMPLE USAGE
- A typical invocation of dig looks like:
+ A typical invocation of dig looks like:
dig @server name type
where:
-
+
server-
@@ -98,19 +98,19 @@
can be an IPv4 address in dotted-decimal notation or an IPv6
address in colon-delimited notation. When the supplied
server argument is a hostname,
- dig resolves that name before querying
+ dig resolves that name before querying
that name server.
If no server argument is
- provided, dig consults
+ provided, dig consults
/etc/resolv.conf; if an
address is found there, it queries the name server at
that address. If either of the -4 or
-6 options are in use, then
only addresses for the corresponding transport
will be tried. If no usable addresses are found,
- dig will send the query to the
+ dig will send the query to the
local host. The reply from the name server that
responds is displayed.
@@ -126,15 +126,15 @@
type can be any valid query
type. If no
type argument is supplied,
- dig will perform a lookup for an
+ dig will perform a lookup for an
A record.
-
-
OPTIONS
+
+
OPTIONS
The -b option sets the source IP address of the query
to address. This must be a valid
@@ -150,14 +150,14 @@
class, such as HS for Hesiod records or CH for Chaosnet records.
- The -f option makes dig
+ The -f option makes dig
operate
in batch mode by reading a list of lookup requests to process from the
file filename. The file contains a
number of
queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
- dig using the command-line interface.
+ dig using the command-line interface.
The -m option enables memory usage debugging.
@@ -166,17 +166,17 @@
If a non-standard port number is to be queried, the
-p option is used. port# is
- the port number that dig will send its
+ the port number that dig will send its
queries
instead of the standard DNS port number 53. This option would be used
to test a name server that has been configured to listen for queries
on a non-standard port number.
- The -4 option forces dig
+ The -4 option forces dig
to only
use IPv4 query transport. The -6 option forces
- dig to only use IPv6 query transport.
+ dig to only use IPv6 query transport.
The -t option sets the query type to
@@ -203,7 +203,7 @@
address in dotted-decimal notation, or a colon-delimited IPv6 address.
When this option is used, there is no need to provide the
name, class and
- type arguments. dig
+ type arguments. dig
automatically performs a lookup for a name like
11.12.13.10.in-addr.arpa and sets the
query type and
@@ -214,7 +214,7 @@
are now experimental and are not attempted.
- To sign the DNS queries sent by dig and
+ To sign the DNS queries sent by dig and
their
responses using transaction signatures (TSIG), specify a TSIG key file
using the -k option. You can also specify the TSIG
@@ -230,16 +230,16 @@
multi-user systems as the key can be visible in the output from
ps(1)
or in the shell's history file. When
- using TSIG authentication with dig, the name
+ using TSIG authentication with dig, the name
server that is queried needs to know the key and algorithm that is
being used. In BIND, this is done by providing appropriate
- key and server statements in
+ key and server statements in
named.conf.
-
-
QUERY OPTIONS
-
dig
+
+
QUERY OPTIONS
+
dig
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
these set or reset flag bits in the query header, some determine which
@@ -257,7 +257,7 @@
The query options are:
-
+
+[no]tcp
Use [do not use] TCP when querying name servers. The default
@@ -283,7 +283,7 @@
Set the search list to contain the single domain
somename, as if specified in
a
- domain directive in
+ domain directive in
/etc/resolv.conf, and enable
search list
processing as if the +search
@@ -345,14 +345,14 @@
Toggle the setting of the RD (recursion desired) bit
in the query. This bit is set by default, which means
- dig normally sends recursive
+ dig normally sends recursive
queries. Recursion is automatically disabled when
the +nssearch or
+trace query options are used.
+[no]nssearch
- When this option is set, dig
+ When this option is set, dig
attempts to find the
authoritative name servers for the zone containing the name
being
@@ -366,13 +366,13 @@
Toggle tracing of the delegation path from the root
name servers for the name being looked up. Tracing
is disabled by default. When tracing is enabled,
- dig makes iterative queries to
+ dig makes iterative queries to
resolve the name being looked up. It will follow
referrals from the root servers, showing the answer
from each server that was used to resolve the lookup.
- +dnssec is also set when +trace is
+ +dnssec is also set when +trace is
set to better emulate the default queries from a nameserver.
Toggles the printing of the initial comment in the output
identifying
- the version of dig and the query
+ the version of dig and the query
options that have
been applied. This comment is printed by default.
+[no]onesoa
@@ -575,7 +575,7 @@
on its own line.
- If not specified, dig will look for
+ If not specified, dig will look for
/etc/trusted-key.key then
trusted-key.key in the current directory.
@@ -604,10 +604,10 @@
-
MULTIPLE QUERIES
+
+
MULTIPLE QUERIES
- The BIND 9 implementation of dig
+ The BIND 9 implementation of dig
supports
specifying multiple queries on the command line (in addition to
supporting the -f batch file option). Each of those
@@ -634,7 +634,7 @@
dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
- shows how dig could be used from the
+ shows how dig could be used from the
command line
to make three lookups: an ANY query for www.isc.org, a
reverse lookup of 127.0.0.1 and a query for the NS records of
@@ -642,45 +642,45 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
A global query option of +qr is
applied, so
- that dig shows the initial query it made
+ that dig shows the initial query it made
for each
lookup. The final query has a local query option of
- +noqr which means that dig
+ +noqr which means that dig
will not print the initial query when it looks up the NS records for
isc.org.
-
-
IDN SUPPORT
+
+
IDN SUPPORT
- If dig has been built with IDN (internationalized
+ If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
- dig appropriately converts character encoding of
+ dig appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
the IDN_DISABLE environment variable.
The IDN support is disabled if the variable is set when
- dig runs.
+ dig runs.
-
-
FILES
+
+
FILES
/etc/resolv.conf
${HOME}/.digrc
-
-
SEE ALSO
+
+
SEE ALSO
host(1),
named(8),
dnssec-keygen(8),
RFC1035.
-
-
BUGS
+
+
BUGS
There are probably too many query options.
diff --git a/bin/tools/named-rrchecker.1 b/bin/tools/named-rrchecker.1
index 586491f6d2..fa5cd077c3 100644
--- a/bin/tools/named-rrchecker.1
+++ b/bin/tools/named-rrchecker.1
@@ -16,73 +16,55 @@
.\"
.hy 0
.ad l
-'\" t
-.\" Title: named-rrchecker
-.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.78.1
+.\" Title: named\-rrchecker
+.\" Author:
+.\" Generator: DocBook XSL Stylesheets v1.71.1
.\" Date: Aug 25, 2009
.\" Manual: BIND9
.\" Source: BIND9
-.\" Language: English
.\"
.TH "NAMED\-RRCHECKER" "1" "Aug 25, 2009" "BIND9" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
.SH "NAME"
-named-rrchecker \- A syntax checker for individual DNS resource records
+named\-rrchecker \- A syntax checker for individual DNS resource records
.SH "SYNOPSIS"
.HP 16
\fBnamed\-rrchecker\fR [\fB\-h\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-u\fR] [\fB\-C\fR] [\fB\-T\fR] [\fB\-P\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\-rrchecker\fR
-read a individual DNS resource record from standard input and checks if it is syntactically correct\&.
+read a individual DNS resource record from standard input and checks if it is syntactically correct.
.PP
The
\fB\-h\fR
-prints out the help menu\&.
+prints out the help menu.
.PP
The
\fB\-o \fR\fB\fIorigin\fR\fR
-option specifies a origin to be used when interpreting the record\&.
+option specifies a origin to be used when interpreting the record.
.PP
The
\fB\-p\fR
-prints out the resulting record in cannonical form\&. If there is no cannonical form defined then the record will be printed in unknown record format\&.
+prints out the resulting record in cannonical form. If there is no cannonical form defined then the record will be printed in unknown record format.
.PP
The
\fB\-u\fR
-prints out the resulting record in unknown record form\&.
+prints out the resulting record in unknown record form.
.PP
The
\fB\-C\fR,
\fB\-T\fR
and
\fB\-P\fR
-print out the known class, standard type and private type nmeomics respectively\&.
+print out the known class, standard type and private type nmeomics respectively.
.SH "SEE ALSO"
.PP
RFC 1034,
RFC 1035,
\fBnamed\fR(8)
.SH "COPYRIGHT"
-.br
Copyright \(co 2013 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/named-rrchecker.html b/bin/tools/named-rrchecker.html
index def50cc089..3c90391d3d 100644
--- a/bin/tools/named-rrchecker.html
+++ b/bin/tools/named-rrchecker.html
@@ -18,9 +18,9 @@
named-rrchecker
-
+
-
+
Name
@@ -30,9 +30,9 @@
Synopsis
named-rrchecker [-h] [-o origin] [-p] [-u] [-C] [-T] [-P]
-
-
DESCRIPTION
-
named-rrchecker
+
+
DESCRIPTION
+
named-rrchecker
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -58,8 +58,8 @@
respectively.
-
-
SEE ALSO
+
+
SEE ALSO
RFC 1034,
RFC 1035,
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 8215929203..f52f621626 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
-
DESCRIPTION
+
DESCRIPTION
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 7f26cbb2c3..db2f277e42 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -50,7 +50,7 @@
ddns-confgen [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name | -z zone ] [-q] [name]
-
DESCRIPTION
+
DESCRIPTION
ddns-confgen
generates a key for use by nsupdate
and named. It simplifies configuration
@@ -77,7 +77,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
@@ -144,7 +144,7 @@
-
SEE ALSO
+
SEE ALSO
nsupdate(1),
named.conf(5),
named(8),
@@ -152,7 +152,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 77ea5623ac..866b9eb611 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
dig [global-queryopt...] [query...]
-
DESCRIPTION
+
DESCRIPTION
dig
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -99,7 +99,7 @@
-
SIMPLE USAGE
+
SIMPLE USAGE
A typical invocation of dig looks like:
@@ -152,7 +152,7 @@
-
OPTIONS
+
OPTIONS
The -b option sets the source IP address of the query
to address. This must be a valid
@@ -256,7 +256,7 @@
-
QUERY OPTIONS
+
QUERY OPTIONS
dig
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -611,13 +611,19 @@
Include an EDNS name server ID request when sending a query.
+
+[no]keepopen
+
+ Keep the TCP socket open between queries and reuse it rather
+ than creating a new TCP socket for each lookup. The default
+ is +nokeepopen.
+
-
MULTIPLE QUERIES
+
MULTIPLE QUERIES
The BIND 9 implementation of dig
supports
@@ -663,7 +669,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
IDN SUPPORT
+
IDN SUPPORT
If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -677,14 +683,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
FILES
+
FILES
/etc/resolv.conf
${HOME}/.digrc
-
SEE ALSO
+
SEE ALSO
host(1),
named(8),
dnssec-keygen(8),
@@ -692,7 +698,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
BUGS
+
BUGS
There are probably too many query options.
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 59f1d16fd5..806544f6d0 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}
-
DESCRIPTION
+
DESCRIPTION
dnssec-checkds
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
-
OPTIONS
+
OPTIONS
- -f
file
@@ -88,14 +88,14 @@
-
SEE ALSO
+
SEE ALSO
dnssec-dsfromkey(8),
dnssec-keygen(8),
dnssec-signzone(8),
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 6fb425b213..1a8aaa4490 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -50,7 +50,7 @@
dnssec-coverage [-K directory] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [zone]
-
DESCRIPTION
+
DESCRIPTION
dnssec-coverage
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
-
OPTIONS
+
OPTIONS
- -f
file
@@ -168,7 +168,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-checkds(8),
dnssec-dsfromkey(8),
@@ -177,7 +177,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 3c8c5804b2..fb56b5fbe4 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -51,14 +51,14 @@
dnssec-dsfromkey {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-T TTL] [-f file] [-A] [-v level] {dnsname}
-
DESCRIPTION
+
DESCRIPTION
dnssec-dsfromkey
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
-
EXAMPLE
+
EXAMPLE
To build the SHA-256 DS RR from the
Kexample.com.+003+26160
@@ -150,7 +150,7 @@
-
FILES
+
FILES
The keyfile can be designed by the key identification
Knnnn.+aaa+iiiii or the full file name
@@ -164,13 +164,13 @@
-
CAVEAT
+
CAVEAT
A keyfile error can give a "file not found" even if the file exists.
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -180,7 +180,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 455dbcb4eb..58bb2e6726 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -50,7 +50,7 @@
dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] [-y] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keyfromlabel
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -63,7 +63,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -192,7 +192,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -239,7 +239,7 @@
-
GENERATED KEY FILES
+
GENERATED KEY FILES
When dnssec-keyfromlabel completes
successfully,
@@ -278,7 +278,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -286,7 +286,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 66e47fdd17..d5f5b46980 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-z] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -274,7 +274,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -345,7 +345,7 @@
-
GENERATED KEYS
+
GENERATED KEYS
When dnssec-keygen completes
successfully,
@@ -391,7 +391,7 @@
-
EXAMPLE
+
EXAMPLE
To generate a 768-bit DSA key for the domain
example.com, the following command would be
@@ -412,7 +412,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
@@ -421,7 +421,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 0041b875fc..0ec065f94a 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -50,7 +50,7 @@
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the -P, -A,
@@ -76,7 +76,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -197,7 +197,7 @@
-
PRINTING OPTIONS
+
PRINTING OPTIONS
dnssec-settime can also be used to print the
timing metadata associated with a key.
@@ -223,7 +223,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -231,7 +231,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index a52a68503a..89758a8975 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -50,7 +50,7 @@
dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
-
DESCRIPTION
+
DESCRIPTION
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
-
EXAMPLE
+
EXAMPLE
The following command signs the example.com
zone with the DSA key generated by dnssec-keygen
@@ -496,14 +496,14 @@ db.example.com.signed
%
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 4033.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index 428f72901a..dc4e8d93bf 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -50,7 +50,7 @@
dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-verify
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
-
OPTIONS
+
OPTIONS
- -c
class
@@ -120,7 +120,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -128,7 +128,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index d8eabe5fa2..73905dad77 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -50,7 +50,7 @@
genrandom [-n number] {size} {filename}
-
DESCRIPTION
+
DESCRIPTION
genrandom
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
-
ARGUMENTS
+
ARGUMENTS
- -n
number
@@ -77,14 +77,14 @@
-
SEE ALSO
+
SEE ALSO
rand(3),
arc4random(3)
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index e95edca340..a30cd23106 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -50,7 +50,7 @@
host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]
-
DESCRIPTION
+
DESCRIPTION
host
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
-
IDN SUPPORT
+
IDN SUPPORT
If host has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -216,12 +216,12 @@
-
FILES
+
FILES
/etc/resolv.conf
-
SEE ALSO
+
SEE ALSO
dig(1),
named(8).
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 6e99b42294..d17cec3bd3 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -50,7 +50,7 @@
isc-hmac-fixup {algorithm} {secret}
-
DESCRIPTION
+
DESCRIPTION
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
-
SECURITY CONSIDERATIONS
+
SECURITY CONSIDERATIONS
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 2104.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 156bed03bb..37f37b32aa 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -50,7 +50,7 @@
named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]
-
DESCRIPTION
+
DESCRIPTION
named-checkconf
checks the syntax, but not the semantics, of a
named configuration file. The file is parsed
@@ -70,7 +70,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkzone(8),
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index aa73be1970..d10354f3a2 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -51,7 +51,7 @@
named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}
-
DESCRIPTION
+
DESCRIPTION
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkconf(8),
RFC 1035,
@@ -312,7 +312,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-journalprint {journal}
-
DESCRIPTION
+
DESCRIPTION
named-journalprint
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
-
SEE ALSO
+
SEE ALSO
named(8),
nsupdate(8),
@@ -84,7 +84,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]
-
DESCRIPTION
+
DESCRIPTION
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
-
SIGNALS
+
SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -284,7 +284,7 @@
-
CONFIGURATION
+
CONFIGURATION
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -301,7 +301,7 @@
-
FILES
+
FILES
/etc/named.conf
@@ -314,7 +314,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 1033,
RFC 1034,
RFC 1035,
@@ -327,7 +327,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsec3hash {salt} {algorithm} {iterations} {domain}
-
DESCRIPTION
+
DESCRIPTION
nsec3hash generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 5155.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [filename]
-
DESCRIPTION
+
DESCRIPTION
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -226,7 +226,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -514,7 +514,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -568,7 +568,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -591,7 +591,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -606,7 +606,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index a1c52daf9a..8b52da8837 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-
DESCRIPTION
+
DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
-
EXAMPLES
+
EXAMPLES
To allow rndc to be used with
no manual configuration, run
@@ -197,7 +197,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
@@ -205,7 +205,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
-
EXAMPLE
+
EXAMPLE
options {
default-server localhost;
@@ -210,7 +210,7 @@
-
NAME SERVER CONFIGURATION
+
NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -220,7 +220,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc-confgen(8),
mmencode(1),
@@ -228,7 +228,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}
-
DESCRIPTION
+
DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -81,7 +81,7 @@
-
OPTIONS
+
OPTIONS
- -b
source-address
@@ -147,7 +147,7 @@
-
COMMANDS
+
COMMANDS
A list of commands supported by rndc can
be seen by running rndc without arguments.
@@ -513,7 +513,7 @@
-
LIMITATIONS
+
LIMITATIONS
There is currently no way to provide the shared secret for a
key_id without using the configuration file.
@@ -523,7 +523,7 @@
-
SEE ALSO
+
SEE ALSO
rndc.conf(5),
rndc-confgen(8),
named(8),
@@ -533,7 +533,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium