upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 07:12:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

regen master

Browse source
This commit is contained in:
Tinderbox User 2014-05-15 03:57:31 +00:00
parent 9c36846e41
commit 8e16b30787
29 changed files with 949 additions and 969 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

402
bin/dig/dig.1
View file

@ -247,23 +247,85 @@ no
to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
\fB+keyword=value\fR. The query options are:
.PP
\fB+[no]tcp\fR
\fB+[no]aaflag\fR
.RS 4
Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an
ixfr=N
query is requested, in which case the default is TCP. AXFR queries always use TCP.
A synonym for
\fI+[no]aaonly\fR.
.RE
.PP
\fB+[no]vc\fR
\fB+[no]aaonly\fR
.RS 4
Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
is provided for backwards compatibility. The "vc" stands for "virtual circuit".
Sets the "aa" flag in the query.
.RE
.PP
\fB+[no]ignore\fR
\fB+[no]additional\fR
.RS 4
Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
Display [do not display] the additional section of a reply. The default is to display it.
.RE
.PP
\fB+[no]adflag\fR
.RS 4
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
.RE
.PP
\fB+[no]all\fR
.RS 4
Set or clear all display flags.
.RE
.PP
\fB+[no]answer\fR
.RS 4
Display [do not display] the answer section of a reply. The default is to display it.
.RE
.PP
\fB+[no]authority\fR
.RS 4
Display [do not display] the authority section of a reply. The default is to display it.
.RE
.PP
\fB+[no]besteffort\fR
.RS 4
Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
.RE
.PP
\fB+bufsize=B\fR
.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
.RE
.PP
\fB+[no]cdflag\fR
.RS 4
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
.RE
.PP
\fB+[no]cl\fR
.RS 4
Display [do not display] the CLASS when printing the record.
.RE
.PP
\fB+[no]cmd\fR
.RS 4
Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
and the query options that have been applied. This comment is printed by default.
.RE
.PP
\fB+[no]comments\fR
.RS 4
Toggle the display of comment lines in the output. The default is to print comments.
.RE
.PP
\fB+[no]crypto\fR
.RS 4
Toggle the display of cryptographic fields in DNSSEC records. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures. The default is to display the fields. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e.g. "[ key id = value ]".
.RE
.PP
\fB+[no]defname\fR
.RS 4
Deprecated, treated as a synonym for
\fI+[no]search\fR
.RE
.PP
\fB+domain=somename\fR
@ -277,58 +339,104 @@ directive in
option were given.
.RE
.PP
\fB+[no]search\fR
\fB+[no]dnssec\fR
.RS 4
Use [do not use] the search list defined by the searchlist or domain directive in
\fIresolv.conf\fR
(if any). The search list is not used by default.
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
.RE
.PP
\fB+[no]showsearch\fR
\fB+[no]edns[=#]\fR
.RS 4
Perform [do not perform] a search showing intermediate results.
Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
\fB+noedns\fR
clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]defname\fR
\fB+[no]ednsopt[=code[:value]]\fR
.RS 4
Deprecated, treated as a synonym for
\fI+[no]search\fR
Specify EDNS option with code point
\fBcode\fR
and optionally payload of
\fBvalue\fR
as a hexadecimal string.
\fB+noednsopt\fR
clears the EDNS options to to be sent.
.RE
.PP
\fB+[no]aaonly\fR
\fB+[no]expire\fR
.RS 4
Sets the "aa" flag in the query.
Send an EDNS Expire option.
.RE
.PP
\fB+[no]aaflag\fR
\fB+[no]fail\fR
.RS 4
A synonym for
\fI+[no]aaonly\fR.
Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
.RE
.PP
\fB+[no]adflag\fR
\fB+[no]identify\fR
.RS 4
Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
.RE
.PP
\fB+[no]cdflag\fR
\fB+[no]ignore\fR
.RS 4
Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
.RE
.PP
\fB+[no]cl\fR
\fB+[no]keepopen\fR
.RS 4
Display [do not display] the CLASS when printing the record.
Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
\fB+nokeepopen\fR.
.RE
.PP
\fB+[no]ttlid\fR
\fB+[no]multiline\fR
.RS 4
Display [do not display] the TTL when printing the record.
Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
output.
.RE
.PP
\fB+[no]ttlunits\fR
\fB+ndots=D\fR
.RS 4
Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks. Implies +ttlid.
Set the number of dots that have to appear in
\fIname\fR
to
\fID\fR
for it to be considered absolute. The default value is that defined using the ndots statement in
\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
\fBsearch\fR
or
\fBdomain\fR
directive in
\fI/etc/resolv.conf\fR.
.RE
.PP
\fB+[no]nsid\fR
.RS 4
Include an EDNS name server ID request when sending a query.
.RE
.PP
\fB+[no]nssearch\fR
.RS 4
When this option is set,
\fBdig\fR
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
.RE
.PP
\fB+[no]onesoa\fR
.RS 4
Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
.RE
.PP
\fB+[no]qr\fR
.RS 4
Print [do not print] the query as it is sent. By default, the query is not printed.
.RE
.PP
\fB+[no]question\fR
.RS 4
Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
.RE
.PP
\fB+[no]recurse\fR
@ -342,45 +450,12 @@ or
query options are used.
.RE
.PP
\fB+[no]nssearch\fR
\fB+retry=T\fR
.RS 4
When this option is set,
\fBdig\fR
attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
.RE
.PP
\fB+[no]trace\fR
.RS 4
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.sp
\fB+dnssec\fR
is also set when +trace is set to better emulate the default queries from a nameserver.
.RE
.PP
\fB+[no]cmd\fR
.RS 4
Toggles the printing of the initial comment in the output identifying the version of
\fBdig\fR
and the query options that have been applied. This comment is printed by default.
.RE
.PP
\fB+[no]short\fR
.RS 4
Provide a terse answer. The default is to print the answer in a verbose form.
.RE
.PP
\fB+[no]identify\fR
.RS 4
Show [or do not show] the IP address and port number that supplied the answer when the
\fI+short\fR
option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
.RE
.PP
\fB+[no]comments\fR
.RS 4
Toggle the display of comment lines in the output. The default is to print comments.
Sets the number of times to retry UDP queries to server to
\fIT\fR
instead of the default, 2. Unlike
\fI+tries\fR, this does not include the initial query.
.RE
.PP
\fB+[no]rrcomments\fR
@ -388,9 +463,32 @@ Toggle the display of comment lines in the output. The default is to print comme
Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
.RE
.PP
\fB+[no]crypto\fR
\fB+[no]search\fR
.RS 4
Toggle the display of cryptographic fields in DNSSEC records. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures. The default is to display the fields. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e.g. "[ key id = value ]".
Use [do not use] the search list defined by the searchlist or domain directive in
\fIresolv.conf\fR
(if any). The search list is not used by default.
.RE
.PP
\fB+[no]short\fR
.RS 4
Provide a terse answer. The default is to print the answer in a verbose form.
.RE
.PP
\fB+[no]showsearch\fR
.RS 4
Perform [do not perform] a search showing intermediate results.
.RE
.PP
\fB+[no]sigchase\fR
.RS 4
Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+[no]sit\fR\fB[=####]\fR
.RS 4
Send a Source Identity Token EDNS option, with optional value. Replaying a SIT from a previous response will allow the server to identify a previous client. The default is
\fB+nosit\fR. Currently using experimental value 65001 for the option code.
.RE
.PP
\fB+split=W\fR
@ -411,34 +509,16 @@ causes fields not to be split at all. The default is 56 characters, or 44 charac
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
.RE
.PP
\fB+[no]qr\fR
\fB+[no]subnet=addr/prefix\fR
.RS 4
Print [do not print] the query as it is sent. By default, the query is not printed.
Send an EDNS Client Subnet option with the speciifed IP address or network prefix.
.RE
.PP
\fB+[no]question\fR
\fB+[no]tcp\fR
.RS 4
Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
.RE
.PP
\fB+[no]answer\fR
.RS 4
Display [do not display] the answer section of a reply. The default is to display it.
.RE
.PP
\fB+[no]authority\fR
.RS 4
Display [do not display] the authority section of a reply. The default is to display it.
.RE
.PP
\fB+[no]additional\fR
.RS 4
Display [do not display] the additional section of a reply. The default is to display it.
.RE
.PP
\fB+[no]all\fR
.RS 4
Set or clear all display flags.
Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an
ixfr=N
query is requested, in which case the default is TCP. AXFR queries always use TCP.
.RE
.PP
\fB+time=T\fR
@ -450,6 +530,21 @@ seconds. The default timeout is 5 seconds. An attempt to set
to less than 1 will result in a query timeout of 1 second being applied.
.RE
.PP
\fB+[no]topdown\fR
.RS 4
When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+[no]trace\fR
.RS 4
Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
\fBdig\fR
makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
.sp
\fB+dnssec\fR
is also set when +trace is set to better emulate the default queries from a nameserver.
.RE
.PP
\fB+tries=T\fR
.RS 4
Sets the number of times to try UDP queries to server to
@ -459,86 +554,6 @@ instead of the default, 3. If
is less than or equal to zero, the number of tries is silently rounded up to 1.
.RE
.PP
\fB+retry=T\fR
.RS 4
Sets the number of times to retry UDP queries to server to
\fIT\fR
instead of the default, 2. Unlike
\fI+tries\fR, this does not include the initial query.
.RE
.PP
\fB+ndots=D\fR
.RS 4
Set the number of dots that have to appear in
\fIname\fR
to
\fID\fR
for it to be considered absolute. The default value is that defined using the ndots statement in
\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
\fBsearch\fR
or
\fBdomain\fR
directive in
\fI/etc/resolv.conf\fR.
.RE
.PP
\fB+bufsize=B\fR
.RS 4
Set the UDP message buffer size advertised using EDNS0 to
\fIB\fR
bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
.RE
.PP
\fB+edns=#\fR
.RS 4
Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
\fB+noedns\fR
clears the remembered EDNS version. EDNS is set to 0 by default.
.RE
.PP
\fB+[no]ednsopt[=code[:value]]\fR
.RS 4
Specify EDNS option with code point
\fBcode\fR
and optionally payload of
\fBvalue\fR
as a hexadecimal string.
\fB+noednsopt\fR
clears the EDNS options to to be sent.
.RE
.PP
\fB+[no]multiline\fR
.RS 4
Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
\fBdig\fR
output.
.RE
.PP
\fB+[no]onesoa\fR
.RS 4
Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
.RE
.PP
\fB+[no]fail\fR
.RS 4
Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
.RE
.PP
\fB+[no]besteffort\fR
.RS 4
Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
.RE
.PP
\fB+[no]dnssec\fR
.RS 4
Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
.RE
.PP
\fB+[no]sigchase\fR
.RS 4
Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+trusted\-key=####\fR
.RS 4
Specifies a file containing trusted keys to be used with
@ -555,36 +570,21 @@ in the current directory.
Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.PP
\fB+[no]topdown\fR
\fB+[no]ttlid\fR
.RS 4
When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
Display [do not display] the TTL when printing the record.
.RE
.PP
\fB+[no]nsid\fR
\fB+[no]ttlunits\fR
.RS 4
Include an EDNS name server ID request when sending a query.
Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks. Implies +ttlid.
.RE
.PP
\fB+[no]keepopen\fR
\fB+[no]vc\fR
.RS 4
Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
\fB+nokeepopen\fR.
.RE
.PP
\fB+[no]sit\fR\fB[=####]\fR
.RS 4
Send a Source Identity Token EDNS option, with optional value. Replaying a SIT from a previous response will allow the server to identify a previous client. The default is
\fB+nosit\fR. Currently using experimental value 65001 for the option code.
.RE
.PP
\fB+[no]subnet=addr/prefix\fR
.RS 4
Send an EDNS Client Subnet option with the speciifed IP address or network prefix.
.RE
.PP
\fB+[no]expire\fR
.RS 4
Send an EDNS Expire option. Currently using experimental value 65002 for the option code.
Use [do not use] TCP when querying name servers. This alternate syntax to
\fI+[no]tcp\fR
is provided for backwards compatibility. The "vc" stands for "virtual circuit".
.RE
.SH "MULTIPLE QUERIES"
.PP

628
bin/dig/dig.html
View file

@ -262,63 +262,19 @@
</p>
<div class="variablelist"><dl>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The
default behavior is to use UDP unless
an <code class="literal">ixfr=N</code> query is requested, in
which case the default is TCP.
AXFR queries always use TCP.
</p></dd>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. This alternate
syntax to <em class="parameter"><code>+[no]tcp</code></em> is
provided for backwards
compatibility. The "vc" stands for "virtual circuit".
</p></dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
Ignore truncation in UDP responses instead of retrying with TCP.
By
default, TCP retries are performed.
</p></dd>
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
a
<span><strong class="command">domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list
processing as if the <em class="parameter"><code>+search</code></em>
option were given.
</p></dd>
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
Use [do not use] the search list defined by the searchlist or
domain
directive in <code class="filename">resolv.conf</code> (if
any).
The search list is not used by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
Perform [do not perform] a search showing intermediate
results.
</p></dd>
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
</p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
Sets the "aa" flag in the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
</p></dd>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
</p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
Sets the "aa" flag in the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
Display [do not display] the additional section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
<dd><p>
Set [do not set] the AD (authentic data) bit in the
@ -331,27 +287,185 @@
of the answer was insecure or not validated. This
bit is set by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
<dd><p>
Set or clear all display flags.
</p></dd>
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
<dd><p>
Display [do not display] the answer section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
<dd><p>
Display [do not display] the authority section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
Attempt to display the contents of messages which are
malformed. The default is to not display malformed
answers.
</p></dd>
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
<dd><p>
Set the UDP message buffer size advertised using EDNS0
to <em class="parameter"><code>B</code></em> bytes. The maximum and
minimum sizes of this buffer are 65535 and 0 respectively.
Values outside this range are rounded up or down
appropriately. Values other than zero will cause a
EDNS query to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
Set [do not set] the CD (checking disabled) bit in the query.
This
requests the server to not perform DNSSEC validation of
responses.
</p></dd>
Set [do not set] the CD (checking disabled) bit in
the query. This requests the server to not perform
DNSSEC validation of responses.
</p></dd>
<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
<dd><p>
Display [do not display] the CLASS when printing the record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
Display [do not display] the CLASS when printing the
record.
</p></dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Display [do not display] the TTL when printing the record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
Toggles the printing of the initial comment in the
output identifying the version of <span><strong class="command">dig</strong></span>
and the query options that have been applied. This
comment is printed by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Display [do not display] the TTL in friendly human-readable
time units of "s", "m", "h", "d", and "w", representing
seconds, minutes, hours, days and weeks. Implies +ttlid.
</p></dd>
Toggle the display of comment lines in the output.
The default is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
<dd><p>
Toggle the display of cryptographic fields in DNSSEC
records. The contents of these field are unnecessary
to debug most DNSSEC validation failures and removing
them makes it easier to see the common failures. The
default is to display the fields. When omitted they
are replaced by the string "[omitted]" or in the
DNSKEY case the key id is displayed as the replacement,
e.g. "[ key id = value ]".
</p></dd>
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
Deprecated, treated as a synonym for
<em class="parameter"><code>+[no]search</code></em>
</p></dd>
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
a <span><strong class="command">domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list processing as if the
<em class="parameter"><code>+search</code></em> option were given.
</p></dd>
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
Requests DNSSEC records be sent by setting the DNSSEC
OK bit (DO) in the OPT record in the additional section
of the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
<dd><p>
Specify EDNS option with code point <code class="option">code</code>
and optionally payload of <code class="option">value</code> as a
hexadecimal string. <code class="option">+noednsopt</code>
clears the EDNS options to to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
<dd><p>
Send an EDNS Expire option.
</p></dd>
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
<dd><p>
Do not try the next server if you receive a SERVFAIL.
The default is to not try the next server which is
the reverse of normal stub resolver behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
Show [or do not show] the IP address and port number
that supplied the answer when the
<em class="parameter"><code>+short</code></em> option is enabled. If
short form answers are requested, the default is not
to show the source address and port number of the
server that provided the answer.
</p></dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
Ignore truncation in UDP responses instead of retrying
with TCP. By default, TCP retries are performed.
</p></dd>
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dd><p>
Keep the TCP socket open between queries and reuse
it rather than creating a new TCP socket for each
lookup. The default is <code class="option">+nokeepopen</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
Print records like the SOA records in a verbose
multi-line format with human-readable comments. The
default is to print each record on a single line, to
facilitate machine parsing of the <span><strong class="command">dig</strong></span>
output.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
Set the number of dots that have to appear in
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
for it to be considered absolute. The default value
is that defined using the ndots statement in
<code class="filename">/etc/resolv.conf</code>, or 1 if no
ndots statement is present. Names with fewer dots
are interpreted as relative names and will be searched
for in the domains listed in the <code class="option">search</code>
or <code class="option">domain</code> directive in
<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
<dd><p>
Include an EDNS name server ID request when sending
a query.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
the zone.
</p></dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
Print only one (starting) SOA record when performing
an AXFR. The default is to print both the starting
and ending SOA records.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
Print [do not print] the query as it is sent. By
default, the query is not printed.
</p></dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
Print [do not print] the question section of a query
when an answer is returned. The default is to print
the question section as a comment.
</p></dd>
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
Toggle the setting of the RD (recursion desired) bit
@ -361,16 +475,96 @@
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
attempts to find the
authoritative name servers for the zone containing the name
being
looked up and display the SOA record that each name server has
for the
zone.
Sets the number of times to retry UDP queries to
server to <em class="parameter"><code>T</code></em> instead of the
default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
this does not include the initial query.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the
output (for example, human-readable key information
about DNSKEY records). The default is not to print
record comments unless multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
Use [do not use] the search list defined by the
searchlist or domain directive in
<code class="filename">resolv.conf</code> (if any). The search
list is not used by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
Provide a terse answer. The default is to print the
answer in a verbose form.
</p></dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
Perform [do not perform] a search showing intermediate
results.
</p></dd>
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
Chase DNSSEC signature chains. Requires dig be
compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
<dd><p>
Send a Source Identity Token EDNS option, with optional
value. Replaying a SIT from a previous response will
allow the server to identify a previous client. The
default is <code class="option">+nosit</code>. Currently using
experimental value 65001 for the option code.
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em>
characters (where <em class="parameter"><code>W</code></em> is rounded
up to the nearest multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to
be split at all. The default is 56 characters, or
44 characters when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics:
when the query was made, the size of the reply and
so on. The default behavior is to print the query
statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
<dd><p>
Send an EDNS Client Subnet option with the speciifed
IP address or network prefix.
</p></dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The
default behavior is to use UDP unless an
<code class="literal">ixfr=N</code> query is requested, in which
case the default is TCP. AXFR queries always use
TCP.
</p></dd>
<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
Sets the timeout for a query to
<em class="parameter"><code>T</code></em> seconds. The default
timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less
than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
When chasing DNSSEC signature chains perform a top-down
validation. Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
<p>
@ -383,265 +577,61 @@
from each server that was used to resolve the lookup.
</p>
<p>
<span><strong class="command">+dnssec</strong></span> is also set when +trace is
set to better emulate the default queries from a nameserver.
<span><strong class="command">+dnssec</strong></span> is also set when +trace
is set to better emulate the default queries from a
nameserver.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the output
identifying
the version of <span><strong class="command">dig</strong></span> and the query
options that have
been applied. This comment is printed by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
Provide a terse answer. The default is to print the answer in a
verbose form.
</p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
Show [or do not show] the IP address and port number that
supplied the
answer when the <em class="parameter"><code>+short</code></em> option
is enabled. If
short form answers are requested, the default is not to show the
source address and port number of the server that provided the
answer.
</p></dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Toggle the display of comment lines in the output. The default
is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
<dd><p>
Toggle the display of cryptographic fields in DNSSEC records.
The contents of these field are unnecessary to debug most DNSSEC
validation failures and removing them makes it easier to see
the common failures. The default is to display the fields.
When omitted they are replaced by the string "[omitted]" or
in the DNSKEY case the key id is displayed as the replacement,
e.g. "[ key id = value ]".
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em> characters
(where <em class="parameter"><code>W</code></em> is rounded up to the nearest
multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics: when the
query
was made, the size of the reply and so on. The default
behavior is
to print the query statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
Print [do not print] the query as it is sent.
By default, the query is not printed.
</p></dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
Print [do not print] the question section of a query when an
answer is
returned. The default is to print the question section as a
comment.
</p></dd>
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
<dd><p>
Display [do not display] the answer section of a reply. The
default
is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
<dd><p>
Display [do not display] the authority section of a reply. The
default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
Display [do not display] the additional section of a reply.
The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
<dd><p>
Set or clear all display flags.
</p></dd>
<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
Sets the timeout for a query to
<em class="parameter"><code>T</code></em> seconds. The default
timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less
than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
<dt><span class="term"><code class="option">+tries=T</code></span></dt>
<dd><p>
Sets the number of times to try UDP queries to server to
<em class="parameter"><code>T</code></em> instead of the default, 3.
If
<em class="parameter"><code>T</code></em> is less than or equal to
zero, the number of
tries is silently rounded up to 1.
</p></dd>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
Sets the number of times to retry UDP queries to server to
<em class="parameter"><code>T</code></em> instead of the default, 2.
Unlike
<em class="parameter"><code>+tries</code></em>, this does not include
the initial
query.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
Set the number of dots that have to appear in
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
considered absolute. The default value is that defined using
the
ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
ndots statement is present. Names with fewer dots are
interpreted as
relative names and will be searched for in the domains listed in
the
<code class="option">search</code> or <code class="option">domain</code> directive in
<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
<dd><p>
Set the UDP message buffer size advertised using EDNS0 to
<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
of this buffer are 65535 and 0 respectively. Values outside
this range are rounded up or down appropriately.
Values other than zero will cause a EDNS query to be sent.
</p></dd>
<dt><span class="term"><code class="option">+edns=#</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
Sets the number of times to try UDP queries to server
to <em class="parameter"><code>T</code></em> instead of the default,
3. If <em class="parameter"><code>T</code></em> is less than or equal
to zero, the number of tries is silently rounded up
to 1.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
<dd><p>
Specify EDNS option with code point <code class="option">code</code>
and optionally payload of <code class="option">value</code> as a
hexadecimal string. <code class="option">+noednsopt</code>
clears the EDNS options to to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, to facilitate machine parsing
of the <span><strong class="command">dig</strong></span> output.
</p></dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
Print only one (starting) SOA record when performing
an AXFR. The default is to print both the starting and
ending SOA records.
</p></dd>
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
<dd><p>
Do not try the next server if you receive a SERVFAIL. The
default is
to not try the next server which is the reverse of normal stub
resolver
behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
Attempt to display the contents of messages which are malformed.
The default is to not display malformed answers.
</p></dd>
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
Requests DNSSEC records be sent by setting the DNSSEC OK bit
(DO)
in the OPT record in the additional section of the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
Chase DNSSEC signature chains. Requires dig be compiled with
-DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
<dd>
<p>
Specifies a file containing trusted keys to be used with
<code class="option">+sigchase</code>. Each DNSKEY record must be
on its own line.
</p>
<p>
If not specified, <span><strong class="command">dig</strong></span> will look for
<code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current directory.
Specifies a file containing trusted keys to be used
with <code class="option">+sigchase</code>. Each DNSKEY record
must be on its own line.
</p>
<p>
Requires dig be compiled with -DDIG_SIGCHASE.
If not specified, <span><strong class="command">dig</strong></span> will look
for <code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current
directory.
</p>
<p>
Requires dig be compiled with -DDIG_SIGCHASE.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<dd><p>
When chasing DNSSEC signature chains perform a top-down
validation.
Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Display [do not display] the TTL when printing the
record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
<dd><p>
Include an EDNS name server ID request when sending a query.
Display [do not display] the TTL in friendly human-readable
time units of "s", "m", "h", "d", and "w", representing
seconds, minutes, hours, days and weeks. Implies +ttlid.
</p></dd>
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
Keep the TCP socket open between queries and reuse it rather
than creating a new TCP socket for each lookup. The default
is <code class="option">+nokeepopen</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
<dd><p>
Send a Source Identity Token EDNS option, with optional value.
Replaying a SIT from a previous response will allow the
server to identify a previous client. The default is
<code class="option">+nosit</code>. Currently using experimental value
65001 for the option code.
</p></dd>
<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
<dd><p>
Send an EDNS Client Subnet option with the speciifed
IP address or network prefix.
</p></dd>
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
<dd><p>
Send an EDNS Expire option. Currently using experimental
value 65002 for the option code.
</p></dd>
Use [do not use] TCP when querying name servers. This
alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
is provided for backwards compatibility. The "vc"
stands for "virtual circuit".
</p></dd>
</dl></div>
<p>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545531"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2545467"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -687,7 +677,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545593"></a><h2>IDN SUPPORT</h2>
<a name="id2545529"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -701,14 +691,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545616"></a><h2>FILES</h2>
<a name="id2545552"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545633"></a><h2>SEE ALSO</h2>
<a name="id2545569"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -716,7 +706,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545670"></a><h2>BUGS</h2>
<a name="id2545606"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

6
doc/arm/man.arpaname.html
View file

@ -50,20 +50,20 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623299"></a><h2>DESCRIPTION</h2>
<a name="id2622757"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623314"></a><h2>SEE ALSO</h2>
<a name="id2622772"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623328"></a><h2>AUTHOR</h2>
<a name="id2622786"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.ddns-confgen.html
View file

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2663847"></a><h2>DESCRIPTION</h2>
<a name="id2663646"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
are invokation methods for a utility that generates keys for use
@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663950"></a><h2>OPTIONS</h2>
<a name="id2663750"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@ -159,7 +159,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665259"></a><h2>SEE ALSO</h2>
<a name="id2664035"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -167,7 +167,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665298"></a><h2>AUTHOR</h2>
<a name="id2664073"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.delv.html
View file

@ -53,7 +53,7 @@
<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615098"></a><h2>DESCRIPTION</h2>
<a name="id2615102"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">delv</strong></span>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the the same internal
@ -96,7 +96,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615239"></a><h2>SIMPLE USAGE</h2>
<a name="id2615175"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">delv</strong></span> looks like:
</p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615848"></a><h2>OPTIONS</h2>
<a name="id2616057"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
<dd>
@ -285,7 +285,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2671147"></a><h2>QUERY OPTIONS</h2>
<a name="id2671152"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">delv</strong></span>
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
@ -465,12 +465,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2671664"></a><h2>FILES</h2>
<a name="id2671600"></a><h2>FILES</h2>
<p><code class="filename">/etc/bind.keys</code></p>
<p><code class="filename">/etc/resolv.conf</code></p>
</div>
<div class="refsect1" lang="en">
<a name="id2671683"></a><h2>SEE ALSO</h2>
<a name="id2671619"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC4034</em>,

636
doc/arm/man.dig.html
View file

@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613323"></a><h2>DESCRIPTION</h2>
<a name="id2613328"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -99,7 +99,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613426"></a><h2>SIMPLE USAGE</h2>
<a name="id2613430"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2613620"></a><h2>OPTIONS</h2>
<a name="id2613624"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -260,7 +260,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666336"></a><h2>QUERY OPTIONS</h2>
<a name="id2666272"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -280,63 +280,19 @@
</p>
<div class="variablelist"><dl>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The
default behavior is to use UDP unless
an <code class="literal">ixfr=N</code> query is requested, in
which case the default is TCP.
AXFR queries always use TCP.
</p></dd>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. This alternate
syntax to <em class="parameter"><code>+[no]tcp</code></em> is
provided for backwards
compatibility. The "vc" stands for "virtual circuit".
</p></dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
Ignore truncation in UDP responses instead of retrying with TCP.
By
default, TCP retries are performed.
</p></dd>
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
a
<span><strong class="command">domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list
processing as if the <em class="parameter"><code>+search</code></em>
option were given.
</p></dd>
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
Use [do not use] the search list defined by the searchlist or
domain
directive in <code class="filename">resolv.conf</code> (if
any).
The search list is not used by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
Perform [do not perform] a search showing intermediate
results.
</p></dd>
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
</p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
Sets the "aa" flag in the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
<dd><p>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
</p></dd>
A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
</p></dd>
<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
<dd><p>
Sets the "aa" flag in the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
Display [do not display] the additional section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
<dd><p>
Set [do not set] the AD (authentic data) bit in the
@ -349,27 +305,185 @@
of the answer was insecure or not validated. This
bit is set by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
<dd><p>
Set or clear all display flags.
</p></dd>
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
<dd><p>
Display [do not display] the answer section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
<dd><p>
Display [do not display] the authority section of a
reply. The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
Attempt to display the contents of messages which are
malformed. The default is to not display malformed
answers.
</p></dd>
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
<dd><p>
Set the UDP message buffer size advertised using EDNS0
to <em class="parameter"><code>B</code></em> bytes. The maximum and
minimum sizes of this buffer are 65535 and 0 respectively.
Values outside this range are rounded up or down
appropriately. Values other than zero will cause a
EDNS query to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
<dd><p>
Set [do not set] the CD (checking disabled) bit in the query.
This
requests the server to not perform DNSSEC validation of
responses.
</p></dd>
Set [do not set] the CD (checking disabled) bit in
the query. This requests the server to not perform
DNSSEC validation of responses.
</p></dd>
<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
<dd><p>
Display [do not display] the CLASS when printing the record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
Display [do not display] the CLASS when printing the
record.
</p></dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Display [do not display] the TTL when printing the record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
Toggles the printing of the initial comment in the
output identifying the version of <span><strong class="command">dig</strong></span>
and the query options that have been applied. This
comment is printed by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Display [do not display] the TTL in friendly human-readable
time units of "s", "m", "h", "d", and "w", representing
seconds, minutes, hours, days and weeks. Implies +ttlid.
</p></dd>
Toggle the display of comment lines in the output.
The default is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
<dd><p>
Toggle the display of cryptographic fields in DNSSEC
records. The contents of these field are unnecessary
to debug most DNSSEC validation failures and removing
them makes it easier to see the common failures. The
default is to display the fields. When omitted they
are replaced by the string "[omitted]" or in the
DNSKEY case the key id is displayed as the replacement,
e.g. "[ key id = value ]".
</p></dd>
<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
<dd><p>
Deprecated, treated as a synonym for
<em class="parameter"><code>+[no]search</code></em>
</p></dd>
<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
<dd><p>
Set the search list to contain the single domain
<em class="parameter"><code>somename</code></em>, as if specified in
a <span><strong class="command">domain</strong></span> directive in
<code class="filename">/etc/resolv.conf</code>, and enable
search list processing as if the
<em class="parameter"><code>+search</code></em> option were given.
</p></dd>
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
Requests DNSSEC records be sent by setting the DNSSEC
OK bit (DO) in the OPT record in the additional section
of the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
<dd><p>
Specify EDNS option with code point <code class="option">code</code>
and optionally payload of <code class="option">value</code> as a
hexadecimal string. <code class="option">+noednsopt</code>
clears the EDNS options to to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
<dd><p>
Send an EDNS Expire option.
</p></dd>
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
<dd><p>
Do not try the next server if you receive a SERVFAIL.
The default is to not try the next server which is
the reverse of normal stub resolver behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
Show [or do not show] the IP address and port number
that supplied the answer when the
<em class="parameter"><code>+short</code></em> option is enabled. If
short form answers are requested, the default is not
to show the source address and port number of the
server that provided the answer.
</p></dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
<dd><p>
Ignore truncation in UDP responses instead of retrying
with TCP. By default, TCP retries are performed.
</p></dd>
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dd><p>
Keep the TCP socket open between queries and reuse
it rather than creating a new TCP socket for each
lookup. The default is <code class="option">+nokeepopen</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
Print records like the SOA records in a verbose
multi-line format with human-readable comments. The
default is to print each record on a single line, to
facilitate machine parsing of the <span><strong class="command">dig</strong></span>
output.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
Set the number of dots that have to appear in
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em>
for it to be considered absolute. The default value
is that defined using the ndots statement in
<code class="filename">/etc/resolv.conf</code>, or 1 if no
ndots statement is present. Names with fewer dots
are interpreted as relative names and will be searched
for in the domains listed in the <code class="option">search</code>
or <code class="option">domain</code> directive in
<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
<dd><p>
Include an EDNS name server ID request when sending
a query.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
the zone.
</p></dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
Print only one (starting) SOA record when performing
an AXFR. The default is to print both the starting
and ending SOA records.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
Print [do not print] the query as it is sent. By
default, the query is not printed.
</p></dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
Print [do not print] the question section of a query
when an answer is returned. The default is to print
the question section as a comment.
</p></dd>
<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
<dd><p>
Toggle the setting of the RD (recursion desired) bit
@ -379,16 +493,96 @@
the <em class="parameter"><code>+nssearch</code></em> or
<em class="parameter"><code>+trace</code></em> query options are used.
</p></dd>
<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
When this option is set, <span><strong class="command">dig</strong></span>
attempts to find the
authoritative name servers for the zone containing the name
being
looked up and display the SOA record that each name server has
for the
zone.
Sets the number of times to retry UDP queries to
server to <em class="parameter"><code>T</code></em> instead of the
default, 2. Unlike <em class="parameter"><code>+tries</code></em>,
this does not include the initial query.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the
output (for example, human-readable key information
about DNSKEY records). The default is not to print
record comments unless multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]search</code></span></dt>
<dd><p>
Use [do not use] the search list defined by the
searchlist or domain directive in
<code class="filename">resolv.conf</code> (if any). The search
list is not used by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
Provide a terse answer. The default is to print the
answer in a verbose form.
</p></dd>
<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
<dd><p>
Perform [do not perform] a search showing intermediate
results.
</p></dd>
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
Chase DNSSEC signature chains. Requires dig be
compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
<dd><p>
Send a Source Identity Token EDNS option, with optional
value. Replaying a SIT from a previous response will
allow the server to identify a previous client. The
default is <code class="option">+nosit</code>. Currently using
experimental value 65001 for the option code.
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em>
characters (where <em class="parameter"><code>W</code></em> is rounded
up to the nearest multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to
be split at all. The default is 56 characters, or
44 characters when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics:
when the query was made, the size of the reply and
so on. The default behavior is to print the query
statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
<dd><p>
Send an EDNS Client Subnet option with the speciifed
IP address or network prefix.
</p></dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The
default behavior is to use UDP unless an
<code class="literal">ixfr=N</code> query is requested, in which
case the default is TCP. AXFR queries always use
TCP.
</p></dd>
<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
Sets the timeout for a query to
<em class="parameter"><code>T</code></em> seconds. The default
timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less
than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
When chasing DNSSEC signature chains perform a top-down
validation. Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
<dd>
<p>
@ -401,265 +595,61 @@
from each server that was used to resolve the lookup.
</p>
<p>
<span><strong class="command">+dnssec</strong></span> is also set when +trace is
set to better emulate the default queries from a nameserver.
<span><strong class="command">+dnssec</strong></span> is also set when +trace
is set to better emulate the default queries from a
nameserver.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
<dd><p>
Toggles the printing of the initial comment in the output
identifying
the version of <span><strong class="command">dig</strong></span> and the query
options that have
been applied. This comment is printed by default.
</p></dd>
<dt><span class="term"><code class="option">+[no]short</code></span></dt>
<dd><p>
Provide a terse answer. The default is to print the answer in a
verbose form.
</p></dd>
<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
<dd><p>
Show [or do not show] the IP address and port number that
supplied the
answer when the <em class="parameter"><code>+short</code></em> option
is enabled. If
short form answers are requested, the default is not to show the
source address and port number of the server that provided the
answer.
</p></dd>
<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
<dd><p>
Toggle the display of comment lines in the output. The default
is to print comments.
</p></dd>
<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
<dd><p>
Toggle the display of per-record comments in the output (for
example, human-readable key information about DNSKEY records).
The default is not to print record comments unless multiline
mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
<dd><p>
Toggle the display of cryptographic fields in DNSSEC records.
The contents of these field are unnecessary to debug most DNSSEC
validation failures and removing them makes it easier to see
the common failures. The default is to display the fields.
When omitted they are replaced by the string "[omitted]" or
in the DNSKEY case the key id is displayed as the replacement,
e.g. "[ key id = value ]".
</p></dd>
<dt><span class="term"><code class="option">+split=W</code></span></dt>
<dd><p>
Split long hex- or base64-formatted fields in resource
records into chunks of <em class="parameter"><code>W</code></em> characters
(where <em class="parameter"><code>W</code></em> is rounded up to the nearest
multiple of 4).
<em class="parameter"><code>+nosplit</code></em> or
<em class="parameter"><code>+split=0</code></em> causes fields not to be
split at all. The default is 56 characters, or 44 characters
when multiline mode is active.
</p></dd>
<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
<dd><p>
This query option toggles the printing of statistics: when the
query
was made, the size of the reply and so on. The default
behavior is
to print the query statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
<dd><p>
Print [do not print] the query as it is sent.
By default, the query is not printed.
</p></dd>
<dt><span class="term"><code class="option">+[no]question</code></span></dt>
<dd><p>
Print [do not print] the question section of a query when an
answer is
returned. The default is to print the question section as a
comment.
</p></dd>
<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
<dd><p>
Display [do not display] the answer section of a reply. The
default
is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
<dd><p>
Display [do not display] the authority section of a reply. The
default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
<dd><p>
Display [do not display] the additional section of a reply.
The default is to display it.
</p></dd>
<dt><span class="term"><code class="option">+[no]all</code></span></dt>
<dd><p>
Set or clear all display flags.
</p></dd>
<dt><span class="term"><code class="option">+time=T</code></span></dt>
<dd><p>
Sets the timeout for a query to
<em class="parameter"><code>T</code></em> seconds. The default
timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less
than 1 will result
in a query timeout of 1 second being applied.
</p></dd>
<dt><span class="term"><code class="option">+tries=T</code></span></dt>
<dd><p>
Sets the number of times to try UDP queries to server to
<em class="parameter"><code>T</code></em> instead of the default, 3.
If
<em class="parameter"><code>T</code></em> is less than or equal to
zero, the number of
tries is silently rounded up to 1.
</p></dd>
<dt><span class="term"><code class="option">+retry=T</code></span></dt>
<dd><p>
Sets the number of times to retry UDP queries to server to
<em class="parameter"><code>T</code></em> instead of the default, 2.
Unlike
<em class="parameter"><code>+tries</code></em>, this does not include
the initial
query.
</p></dd>
<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
<dd><p>
Set the number of dots that have to appear in
<em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
considered absolute. The default value is that defined using
the
ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
ndots statement is present. Names with fewer dots are
interpreted as
relative names and will be searched for in the domains listed in
the
<code class="option">search</code> or <code class="option">domain</code> directive in
<code class="filename">/etc/resolv.conf</code>.
</p></dd>
<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
<dd><p>
Set the UDP message buffer size advertised using EDNS0 to
<em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes
of this buffer are 65535 and 0 respectively. Values outside
this range are rounded up or down appropriately.
Values other than zero will cause a EDNS query to be sent.
</p></dd>
<dt><span class="term"><code class="option">+edns=#</code></span></dt>
<dd><p>
Specify the EDNS version to query with. Valid values
are 0 to 255. Setting the EDNS version will cause
a EDNS query to be sent. <code class="option">+noedns</code>
clears the remembered EDNS version. EDNS is set to
0 by default.
Sets the number of times to try UDP queries to server
to <em class="parameter"><code>T</code></em> instead of the default,
3. If <em class="parameter"><code>T</code></em> is less than or equal
to zero, the number of tries is silently rounded up
to 1.
</p></dd>
<dt><span class="term"><code class="option">+[no]ednsopt[=code[:value]]</code></span></dt>
<dd><p>
Specify EDNS option with code point <code class="option">code</code>
and optionally payload of <code class="option">value</code> as a
hexadecimal string. <code class="option">+noednsopt</code>
clears the EDNS options to to be sent.
</p></dd>
<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
<dd><p>
Print records like the SOA records in a verbose multi-line
format with human-readable comments. The default is to print
each record on a single line, to facilitate machine parsing
of the <span><strong class="command">dig</strong></span> output.
</p></dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
<dd><p>
Print only one (starting) SOA record when performing
an AXFR. The default is to print both the starting and
ending SOA records.
</p></dd>
<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
<dd><p>
Do not try the next server if you receive a SERVFAIL. The
default is
to not try the next server which is the reverse of normal stub
resolver
behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
Attempt to display the contents of messages which are malformed.
The default is to not display malformed answers.
</p></dd>
<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
<dd><p>
Requests DNSSEC records be sent by setting the DNSSEC OK bit
(DO)
in the OPT record in the additional section of the query.
</p></dd>
<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
<dd><p>
Chase DNSSEC signature chains. Requires dig be compiled with
-DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
<dd>
<p>
Specifies a file containing trusted keys to be used with
<code class="option">+sigchase</code>. Each DNSKEY record must be
on its own line.
</p>
<p>
If not specified, <span><strong class="command">dig</strong></span> will look for
<code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current directory.
Specifies a file containing trusted keys to be used
with <code class="option">+sigchase</code>. Each DNSKEY record
must be on its own line.
</p>
<p>
Requires dig be compiled with -DDIG_SIGCHASE.
If not specified, <span><strong class="command">dig</strong></span> will look
for <code class="filename">/etc/trusted-key.key</code> then
<code class="filename">trusted-key.key</code> in the current
directory.
</p>
<p>
Requires dig be compiled with -DDIG_SIGCHASE.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
<dd><p>
When chasing DNSSEC signature chains perform a top-down
validation.
Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
Display [do not display] the TTL when printing the
record.
</p></dd>
<dt><span class="term"><code class="option">+[no]ttlunits</code></span></dt>
<dd><p>
Include an EDNS name server ID request when sending a query.
Display [do not display] the TTL in friendly human-readable
time units of "s", "m", "h", "d", and "w", representing
seconds, minutes, hours, days and weeks. Implies +ttlid.
</p></dd>
<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
<dd><p>
Keep the TCP socket open between queries and reuse it rather
than creating a new TCP socket for each lookup. The default
is <code class="option">+nokeepopen</code>.
</p></dd>
<dt><span class="term"><code class="option">+[no]sit[<span class="optional">=####</span>]</code></span></dt>
<dd><p>
Send a Source Identity Token EDNS option, with optional value.
Replaying a SIT from a previous response will allow the
server to identify a previous client. The default is
<code class="option">+nosit</code>. Currently using experimental value
65001 for the option code.
</p></dd>
<dt><span class="term"><code class="option">+[no]subnet=addr/prefix</code></span></dt>
<dd><p>
Send an EDNS Client Subnet option with the speciifed
IP address or network prefix.
</p></dd>
<dt><span class="term"><code class="option">+[no]expire</code></span></dt>
<dd><p>
Send an EDNS Expire option. Currently using experimental
value 65002 for the option code.
</p></dd>
Use [do not use] TCP when querying name servers. This
alternate syntax to <em class="parameter"><code>+[no]tcp</code></em>
is provided for backwards compatibility. The "vc"
stands for "virtual circuit".
</p></dd>
</dl></div>
<p>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667600"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2667540"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -705,7 +695,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667753"></a><h2>IDN SUPPORT</h2>
<a name="id2667625"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -719,14 +709,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667782"></a><h2>FILES</h2>
<a name="id2667654"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667872"></a><h2>SEE ALSO</h2>
<a name="id2667744"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -734,7 +724,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667909"></a><h2>BUGS</h2>
<a name="id2667781"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

8
doc/arm/man.dnssec-checkds.html
View file

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616123"></a><h2>DESCRIPTION</h2>
<a name="id2616878"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616137"></a><h2>OPTIONS</h2>
<a name="id2616892"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
@ -88,14 +88,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616240"></a><h2>SEE ALSO</h2>
<a name="id2616995"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616274"></a><h2>AUTHOR</h2>
<a name="id2617029"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-coverage.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616894"></a><h2>DESCRIPTION</h2>
<a name="id2617172"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616921"></a><h2>OPTIONS</h2>
<a name="id2617198"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -192,7 +192,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617299"></a><h2>SEE ALSO</h2>
<a name="id2617576"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617342"></a><h2>AUTHOR</h2>
<a name="id2617620"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-dsfromkey.html
View file

@ -51,14 +51,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617787"></a><h2>DESCRIPTION</h2>
<a name="id2617996"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617801"></a><h2>OPTIONS</h2>
<a name="id2618010"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -135,7 +135,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618172"></a><h2>EXAMPLE</h2>
<a name="id2618859"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -150,7 +150,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618209"></a><h2>FILES</h2>
<a name="id2618896"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -164,13 +164,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618250"></a><h2>CAVEAT</h2>
<a name="id2618937"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618260"></a><h2>SEE ALSO</h2>
<a name="id2618947"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -180,7 +180,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618299"></a><h2>AUTHOR</h2>
<a name="id2618986"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-importkey.html
View file

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">dnsname</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618539"></a><h2>DESCRIPTION</h2>
<a name="id2618680"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-importkey</strong></span>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618567"></a><h2>OPTIONS</h2>
<a name="id2618708"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
@ -110,7 +110,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618896"></a><h2>TIMING OPTIONS</h2>
<a name="id2619241"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -138,7 +138,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618942"></a><h2>FILES</h2>
<a name="id2619288"></a><h2>FILES</h2>
<p>
A keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -147,7 +147,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618968"></a><h2>SEE ALSO</h2>
<a name="id2619314"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -155,7 +155,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619001"></a><h2>AUTHOR</h2>
<a name="id2619347"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-keyfromlabel.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619333"></a><h2>DESCRIPTION</h2>
<a name="id2619747"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619358"></a><h2>OPTIONS</h2>
<a name="id2619772"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -239,7 +239,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2671764"></a><h2>TIMING OPTIONS</h2>
<a name="id2671700"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -311,7 +311,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2671954"></a><h2>GENERATED KEY FILES</h2>
<a name="id2671890"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -350,7 +350,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672116"></a><h2>SEE ALSO</h2>
<a name="id2671984"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -359,7 +359,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672153"></a><h2>AUTHOR</h2>
<a name="id2672021"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-keygen.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620285"></a><h2>DESCRIPTION</h2>
<a name="id2620836"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620306"></a><h2>OPTIONS</h2>
<a name="id2620856"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -281,7 +281,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2672585"></a><h2>TIMING OPTIONS</h2>
<a name="id2672385"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -355,7 +355,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2672843"></a><h2>GENERATED KEYS</h2>
<a name="id2672711"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -401,7 +401,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672951"></a><h2>EXAMPLE</h2>
<a name="id2672819"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -422,7 +422,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673008"></a><h2>SEE ALSO</h2>
<a name="id2672875"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -431,7 +431,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673038"></a><h2>AUTHOR</h2>
<a name="id2672906"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-revoke.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620720"></a><h2>DESCRIPTION</h2>
<a name="id2621611"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620733"></a><h2>OPTIONS</h2>
<a name="id2621625"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -105,14 +105,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620857"></a><h2>SEE ALSO</h2>
<a name="id2621749"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620882"></a><h2>AUTHOR</h2>
<a name="id2621773"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-settime.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621189"></a><h2>DESCRIPTION</h2>
<a name="id2622149"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621316"></a><h2>OPTIONS</h2>
<a name="id2623436"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -127,7 +127,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621441"></a><h2>TIMING OPTIONS</h2>
<a name="id2623561"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -206,7 +206,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621784"></a><h2>PRINTING OPTIONS</h2>
<a name="id2624109"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -232,7 +232,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621864"></a><h2>SEE ALSO</h2>
<a name="id2624189"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -240,7 +240,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621897"></a><h2>AUTHOR</h2>
<a name="id2624222"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.dnssec-signzone.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642763"></a><h2>DESCRIPTION</h2>
<a name="id2643041"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642782"></a><h2>OPTIONS</h2>
<a name="id2643060"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -508,7 +508,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2677764"></a><h2>EXAMPLE</h2>
<a name="id2677632"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -538,14 +538,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2677911"></a><h2>SEE ALSO</h2>
<a name="id2677847"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677939"></a><h2>AUTHOR</h2>
<a name="id2677875"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-verify.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2633830"></a><h2>DESCRIPTION</h2>
<a name="id2636087"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2633844"></a><h2>OPTIONS</h2>
<a name="id2636101"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
@ -134,7 +134,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2635652"></a><h2>SEE ALSO</h2>
<a name="id2636270"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -142,7 +142,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2635677"></a><h2>AUTHOR</h2>
<a name="id2636296"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.genrandom.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665340"></a><h2>DESCRIPTION</h2>
<a name="id2664116"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665355"></a><h2>ARGUMENTS</h2>
<a name="id2664131"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@ -77,14 +77,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665416"></a><h2>SEE ALSO</h2>
<a name="id2664192"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665443"></a><h2>AUTHOR</h2>
<a name="id2664218"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.host.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2613868"></a><h2>DESCRIPTION</h2>
<a name="id2613873"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -214,7 +214,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616480"></a><h2>IDN SUPPORT</h2>
<a name="id2614641"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -228,12 +228,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616508"></a><h2>FILES</h2>
<a name="id2614669"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616522"></a><h2>SEE ALSO</h2>
<a name="id2616526"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

8
doc/arm/man.isc-hmac-fixup.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623925"></a><h2>DESCRIPTION</h2>
<a name="id2623042"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623953"></a><h2>SECURITY CONSIDERATIONS</h2>
<a name="id2623069"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@ -87,14 +87,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667932"></a><h2>SEE ALSO</h2>
<a name="id2665274"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667949"></a><h2>AUTHOR</h2>
<a name="id2665291"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkconf.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2636413"></a><h2>DESCRIPTION</h2>
<a name="id2640787"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2636484"></a><h2>OPTIONS</h2>
<a name="id2640857"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -119,21 +119,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2642374"></a><h2>RETURN VALUES</h2>
<a name="id2641969"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642388"></a><h2>SEE ALSO</h2>
<a name="id2641982"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2642418"></a><h2>AUTHOR</h2>
<a name="id2642012"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkzone.html
View file

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2678924"></a><h2>DESCRIPTION</h2>
<a name="id2683844"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678974"></a><h2>OPTIONS</h2>
<a name="id2683894"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -305,14 +305,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2679944"></a><h2>RETURN VALUES</h2>
<a name="id2684932"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2679958"></a><h2>SEE ALSO</h2>
<a name="id2684946"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -320,7 +320,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2679991"></a><h2>AUTHOR</h2>
<a name="id2684979"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

6
doc/arm/man.named-journalprint.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2622345"></a><h2>DESCRIPTION</h2>
<a name="id2620984"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622391"></a><h2>SEE ALSO</h2>
<a name="id2645947"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646452"></a><h2>AUTHOR</h2>
<a name="id2645978"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
doc/arm/man.named-rrchecker.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-rrchecker</code> [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2646515"></a><h2>DESCRIPTION</h2>
<a name="id2647270"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-rrchecker</strong></span>
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646571"></a><h2>SEE ALSO</h2>
<a name="id2647326"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,

14
doc/arm/man.named.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644743"></a><h2>DESCRIPTION</h2>
<a name="id2644611"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644774"></a><h2>OPTIONS</h2>
<a name="id2644642"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -281,7 +281,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2685415"></a><h2>SIGNALS</h2>
<a name="id2685488"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -302,7 +302,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2685465"></a><h2>CONFIGURATION</h2>
<a name="id2685538"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -319,7 +319,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2685582"></a><h2>FILES</h2>
<a name="id2685587"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -332,7 +332,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2685626"></a><h2>SEE ALSO</h2>
<a name="id2685630"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -345,7 +345,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2685697"></a><h2>AUTHOR</h2>
<a name="id2685701"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.nsec3hash.html
View file

@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2668062"></a><h2>DESCRIPTION</h2>
<a name="id2665336"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668077"></a><h2>ARGUMENTS</h2>
<a name="id2665351"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@ -80,14 +80,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2668139"></a><h2>SEE ALSO</h2>
<a name="id2665413"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668156"></a><h2>AUTHOR</h2>
<a name="id2665430"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.nsupdate.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2647068"></a><h2>DESCRIPTION</h2>
<a name="id2650554"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@ -236,7 +236,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2688046"></a><h2>INPUT FORMAT</h2>
<a name="id2688051"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -538,7 +538,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2689236"></a><h2>EXAMPLES</h2>
<a name="id2689172"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -592,7 +592,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2689286"></a><h2>FILES</h2>
<a name="id2689222"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -615,7 +615,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2689369"></a><h2>SEE ALSO</h2>
<a name="id2689305"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@ -630,7 +630,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2689427"></a><h2>BUGS</h2>
<a name="id2689363"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

10
doc/arm/man.rndc-confgen.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661369"></a><h2>DESCRIPTION</h2>
<a name="id2662261"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2661981"></a><h2>OPTIONS</h2>
<a name="id2662941"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -180,7 +180,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665661"></a><h2>EXAMPLES</h2>
<a name="id2665120"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -197,7 +197,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665718"></a><h2>SEE ALSO</h2>
<a name="id2665176"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -205,7 +205,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665756"></a><h2>AUTHOR</h2>
<a name="id2665214"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.rndc.conf.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2658034"></a><h2>DESCRIPTION</h2>
<a name="id2659472"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -136,7 +136,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658205"></a><h2>EXAMPLE</h2>
<a name="id2659643"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658532"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2659901"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -220,7 +220,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658557"></a><h2>SEE ALSO</h2>
<a name="id2659927"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -228,7 +228,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658596"></a><h2>AUTHOR</h2>
<a name="id2659965"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.html
View file

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2654457"></a><h2>DESCRIPTION</h2>
<a name="id2654666"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2654917"></a><h2>OPTIONS</h2>
<a name="id2658471"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -152,7 +152,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661624"></a><h2>COMMANDS</h2>
<a name="id2662652"></a><h2>COMMANDS</h2>
<p>
A list of commands supported by <span><strong class="command">rndc</strong></span> can
be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@ -537,7 +537,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2691486"></a><h2>LIMITATIONS</h2>
<a name="id2691491"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@ -547,7 +547,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2691505"></a><h2>SEE ALSO</h2>
<a name="id2691509"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -557,7 +557,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2691560"></a><h2>AUTHOR</h2>
<a name="id2691564"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>