From 6478b87fd23bcd3ab74c25b261021fe19a239c4f Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Fri, 17 Oct 2014 01:04:36 +0000 Subject: [PATCH] regen master --- bin/dnssec/dnssec-dsfromkey.8 | 2 +- bin/dnssec/dnssec-dsfromkey.html | 2 +- bin/dnssec/dnssec-keygen.8 | 2 +- bin/dnssec/dnssec-keygen.html | 2 +- bin/rndc/rndc.8 | 9 +++++---- bin/rndc/rndc.html | 8 ++++---- doc/arm/Bv9ARM.ch04.html | 10 +++++----- doc/arm/Bv9ARM.ch06.html | 6 +++--- doc/arm/man.arpaname.html | 6 +++--- doc/arm/man.ddns-confgen.html | 8 ++++---- doc/arm/man.dnssec-dsfromkey.html | 2 +- doc/arm/man.dnssec-keygen.html | 2 +- doc/arm/man.genrandom.html | 8 ++++---- doc/arm/man.isc-hmac-fixup.html | 8 ++++---- doc/arm/man.nsec3hash.html | 8 ++++---- doc/arm/man.rndc-confgen.html | 10 +++++----- doc/arm/man.rndc.conf.html | 10 +++++----- doc/arm/man.rndc.html | 20 ++++++++++---------- 18 files changed, 62 insertions(+), 61 deletions(-) diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8 index 15654d074a..56c943e3e5 100644 --- a/bin/dnssec/dnssec-dsfromkey.8 +++ b/bin/dnssec/dnssec-dsfromkey.8 @@ -91,7 +91,7 @@ command as input, as in: .PP \-A .RS 4 -Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode. +Include ZSKs when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode. .RE .PP \-l \fIdomain\fR diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html index 3f27b49e5b..8be76eb0a8 100644 --- a/bin/dnssec/dnssec-dsfromkey.html +++ b/bin/dnssec/dnssec-dsfromkey.html @@ -88,7 +88,7 @@
-A

- Include ZSK's when generating DS records. Without this option, + Include ZSKs when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.

diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 10edd81936..107ca8522f 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -65,7 +65,7 @@ Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the .RS 4 Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need this parameter. .sp -The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with +The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSKs) and 2048 bits for key signing keys (KSKs, generated with \fB\-f KSK\fR). However, if an algorithm is explicitly specified with the \fB\-a\fR, then there is no default key size, and the \fB\-b\fR diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 7c18487d18..080a4e3ad9 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -91,7 +91,7 @@

The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing - keys (ZSK's) and 2048 bits for key signing keys (KSK's, + keys (ZSKs) and 2048 bits for key signing keys (KSKs, generated with -f KSK). However, if an algorithm is explicitly specified with the -a, then there is no default key size, and the -b diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 201d56b24e..8717d28eb1 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -337,13 +337,14 @@ to be effective. It defaults to enabled. Sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fR, with a lifetime of \fBlifetime\fR. The default lifetime is configured in -named.conf +\fInamed.conf\fR via the -\fBnta\-lifetime\fR, and defaults to one hour. The lifetime cannot exceed one week. +\fBnta\-lifetime\fR +option, and defaults to one hour. The lifetime cannot exceed one week. .sp -A negative trust anchor selectively disables DNSSEC validation for zones that known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other configured trust anchors), +A negative trust anchor selectively disables DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other configured trust anchors), \fBnamed\fR -will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is restarted (NTA's do not persist across restarts). +will abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is restarted (NTAs do not persist across restarts). .sp An existing NTA can be removed by using the \fB\-remove\fR diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index d76d39dc32..9757ed475a 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -395,13 +395,13 @@ Sets a DNSSEC negative trust anchor (NTA) for domain, with a lifetime of lifetime. The default lifetime is - configured in <file>named.conf</file> via the - nta-lifetime, and defaults to + configured in named.conf via the + nta-lifetime option, and defaults to one hour. The lifetime cannot exceed one week.

A negative trust anchor selectively disables - DNSSEC validation for zones that known to be + DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other @@ -409,7 +409,7 @@ abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is - restarted (NTA's do not persist across restarts). + restarted (NTAs do not persist across restarts).

An existing NTA can be removed by using the diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html index 5ebbe0f65b..7e8e834e2d 100644 --- a/doc/arm/Bv9ARM.ch04.html +++ b/doc/arm/Bv9ARM.ch04.html @@ -1360,7 +1360,7 @@ options {

To set up an authoritative zone for RFC 5011 trust anchor maintenance, generate two (or more) key signing keys (KSKs) for the zone. Sign the zone with one of them; this is the "active" - KSK. All KSK's which do not sign the zone are "stand-by" + KSK. All KSKs which do not sign the zone are "stand-by" keys.

Any validating resolver which is configured to use the active KSK as an RFC 5011-managed trust anchor will take note @@ -1402,8 +1402,8 @@ $ dnssec-signzone -S -K keys example.net< increasing by 128, and wrapping around at 65535. So, for example, the key "Kexample.com.+005+10000" becomes "Kexample.com.+005+10128".

-

If two keys have ID's exactly 128 apart, and one is - revoked, then the two key ID's will collide, causing several +

If two keys have IDs exactly 128 apart, and one is + revoked, then the two key IDs will collide, causing several problems. To prevent this, dnssec-keygen will not generate a new key if another key is present which may collide. This checking will @@ -1415,7 +1415,7 @@ $ dnssec-signzone -S -K keys example.net< multiple directories or on multiple machines.

It is expected that a future release of BIND 9 will address this problem in a different way, by storing revoked - keys with their original unrevoked key ID's.

+ keys with their original unrevoked key IDs.

@@ -1468,7 +1468,7 @@ $ dnssec-signzone -S -K keys example.net< need. The HSM's provider library must have a complete implementation of the PKCS#11 API, so that all these functions are accessible. As of this writing, only the Thales nShield HSM and the latest development - version of SoftHSM can be used in this fashion. For other HSM's, + version of SoftHSM can be used in this fashion. For other HSMs, including the AEP Keyper, Sun SCA 6000 and older versions of SoftHSM, use OpenSSL-based PKCS#11. (Note: As more HSMs become capable of supporting native PKCS#11, it is expected that OpenSSL-based diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index c3f0883095..39fd17e535 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -3037,7 +3037,7 @@ options {

A negative trust anchor selectively disables - DNSSEC validation for zones that known to be + DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other @@ -3045,7 +3045,7 @@ options { abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is - restarted (NTA's do not persist across restarts). + restarted (NTAs do not persist across restarts).

For convenience, TTL-style time unit suffixes can be @@ -3075,7 +3075,7 @@ options {

Validity checks can be disabled for an individual NTA by using rndc nta -f, or - for all NTA's by setting nta-recheck + for all NTAs by setting nta-recheck to zero.

diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 2ebfeb937b..ec25adabdf 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -50,20 +50,20 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 5814beaf48..fdea087ef0 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -51,7 +51,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]

-

DESCRIPTION

+

DESCRIPTION

tsig-keygen and ddns-confgen are invocation methods for a utility that generates keys for use @@ -87,7 +87,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -159,7 +159,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), @@ -167,7 +167,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index c286c72e90..31f4db7422 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -107,7 +107,7 @@
-A

- Include ZSK's when generating DS records. Without this option, + Include ZSKs when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 724e5f2442..822c1c23b9 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -109,7 +109,7 @@

The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing - keys (ZSK's) and 2048 bits for key signing keys (KSK's, + keys (ZSKs) and 2048 bits for key signing keys (KSKs, generated with -f KSK). However, if an algorithm is explicitly specified with the -a, then there is no default key size, and the -b diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 91906540c4..7bd64aa42b 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -50,7 +50,7 @@

genrandom [-n number] {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file or a set of files containing a specified quantity @@ -59,7 +59,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number

@@ -77,14 +77,14 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3)

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 620b101dc6..36e6681c7f 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -50,7 +50,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index 69f29369c8..f0e64f4bd6 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -48,7 +48,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -80,14 +80,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 7431e68f53..f57f8e0790 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -50,7 +50,7 @@

rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -180,7 +180,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -197,7 +197,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -205,7 +205,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 7471f075f2..a9a69036df 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -50,7 +50,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -136,7 +136,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -210,7 +210,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -220,7 +220,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -228,7 +228,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 8a37d2a326..d6f984b133 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -50,7 +50,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -81,7 +81,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -152,7 +152,7 @@

-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can be seen by running rndc without arguments. @@ -413,13 +413,13 @@ Sets a DNSSEC negative trust anchor (NTA) for domain, with a lifetime of lifetime. The default lifetime is - configured in <file>named.conf</file> via the - nta-lifetime, and defaults to + configured in named.conf via the + nta-lifetime option, and defaults to one hour. The lifetime cannot exceed one week.

A negative trust anchor selectively disables - DNSSEC validation for zones that known to be + DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active NTA (and above any other @@ -427,7 +427,7 @@ abort the DNSSEC validation process and treat the data as insecure rather than bogus. This continues until the NTA's lifetime is elapsed, or until the server is - restarted (NTA's do not persist across restarts). + restarted (NTAs do not persist across restarts).

An existing NTA can be removed by using the @@ -599,7 +599,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -609,7 +609,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), @@ -619,7 +619,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium