From 8e16b3078757ba3010c24aef805e9e29ed19518b Mon Sep 17 00:00:00 2001 From: Tinderbox User Date: Thu, 15 May 2014 03:57:31 +0000 Subject: [PATCH] regen master --- bin/dig/dig.1 | 402 ++++++++--------- bin/dig/dig.html | 628 +++++++++++++------------- doc/arm/man.arpaname.html | 6 +- doc/arm/man.ddns-confgen.html | 8 +- doc/arm/man.delv.html | 12 +- doc/arm/man.dig.html | 636 +++++++++++++-------------- doc/arm/man.dnssec-checkds.html | 8 +- doc/arm/man.dnssec-coverage.html | 8 +- doc/arm/man.dnssec-dsfromkey.html | 14 +- doc/arm/man.dnssec-importkey.html | 12 +- doc/arm/man.dnssec-keyfromlabel.html | 12 +- doc/arm/man.dnssec-keygen.html | 14 +- doc/arm/man.dnssec-revoke.html | 8 +- doc/arm/man.dnssec-settime.html | 12 +- doc/arm/man.dnssec-signzone.html | 10 +- doc/arm/man.dnssec-verify.html | 8 +- doc/arm/man.genrandom.html | 8 +- doc/arm/man.host.html | 8 +- doc/arm/man.isc-hmac-fixup.html | 8 +- doc/arm/man.named-checkconf.html | 10 +- doc/arm/man.named-checkzone.html | 10 +- doc/arm/man.named-journalprint.html | 6 +- doc/arm/man.named-rrchecker.html | 4 +- doc/arm/man.named.html | 14 +- doc/arm/man.nsec3hash.html | 8 +- doc/arm/man.nsupdate.html | 12 +- doc/arm/man.rndc-confgen.html | 10 +- doc/arm/man.rndc.conf.html | 10 +- doc/arm/man.rndc.html | 12 +- 29 files changed, 949 insertions(+), 969 deletions(-) diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 28888b6eaa..3367969ba3 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -247,23 +247,85 @@ no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: .PP -\fB+[no]tcp\fR +\fB+[no]aaflag\fR .RS 4 -Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an -ixfr=N -query is requested, in which case the default is TCP. AXFR queries always use TCP. +A synonym for +\fI+[no]aaonly\fR. .RE .PP -\fB+[no]vc\fR +\fB+[no]aaonly\fR .RS 4 -Use [do not use] TCP when querying name servers. This alternate syntax to -\fI+[no]tcp\fR -is provided for backwards compatibility. The "vc" stands for "virtual circuit". +Sets the "aa" flag in the query. .RE .PP -\fB+[no]ignore\fR +\fB+[no]additional\fR .RS 4 -Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. +Display [do not display] the additional section of a reply. The default is to display it. +.RE +.PP +\fB+[no]adflag\fR +.RS 4 +Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default. +.RE +.PP +\fB+[no]all\fR +.RS 4 +Set or clear all display flags. +.RE +.PP +\fB+[no]answer\fR +.RS 4 +Display [do not display] the answer section of a reply. The default is to display it. +.RE +.PP +\fB+[no]authority\fR +.RS 4 +Display [do not display] the authority section of a reply. The default is to display it. +.RE +.PP +\fB+[no]besteffort\fR +.RS 4 +Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. +.RE +.PP +\fB+bufsize=B\fR +.RS 4 +Set the UDP message buffer size advertised using EDNS0 to +\fIB\fR +bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. +.RE +.PP +\fB+[no]cdflag\fR +.RS 4 +Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. +.RE +.PP +\fB+[no]cl\fR +.RS 4 +Display [do not display] the CLASS when printing the record. +.RE +.PP +\fB+[no]cmd\fR +.RS 4 +Toggles the printing of the initial comment in the output identifying the version of +\fBdig\fR +and the query options that have been applied. This comment is printed by default. +.RE +.PP +\fB+[no]comments\fR +.RS 4 +Toggle the display of comment lines in the output. The default is to print comments. +.RE +.PP +\fB+[no]crypto\fR +.RS 4 +Toggle the display of cryptographic fields in DNSSEC records. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures. The default is to display the fields. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e.g. "[ key id = value ]". +.RE +.PP +\fB+[no]defname\fR +.RS 4 +Deprecated, treated as a synonym for +\fI+[no]search\fR .RE .PP \fB+domain=somename\fR @@ -277,58 +339,104 @@ directive in option were given. .RE .PP -\fB+[no]search\fR +\fB+[no]dnssec\fR .RS 4 -Use [do not use] the search list defined by the searchlist or domain directive in -\fIresolv.conf\fR -(if any). The search list is not used by default. +Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. .RE .PP -\fB+[no]showsearch\fR +\fB+[no]edns[=#]\fR .RS 4 -Perform [do not perform] a search showing intermediate results. +Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. +\fB+noedns\fR +clears the remembered EDNS version. EDNS is set to 0 by default. .RE .PP -\fB+[no]defname\fR +\fB+[no]ednsopt[=code[:value]]\fR .RS 4 -Deprecated, treated as a synonym for -\fI+[no]search\fR +Specify EDNS option with code point +\fBcode\fR +and optionally payload of +\fBvalue\fR +as a hexadecimal string. +\fB+noednsopt\fR +clears the EDNS options to to be sent. .RE .PP -\fB+[no]aaonly\fR +\fB+[no]expire\fR .RS 4 -Sets the "aa" flag in the query. +Send an EDNS Expire option. .RE .PP -\fB+[no]aaflag\fR +\fB+[no]fail\fR .RS 4 -A synonym for -\fI+[no]aaonly\fR. +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. .RE .PP -\fB+[no]adflag\fR +\fB+[no]identify\fR .RS 4 -Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default. +Show [or do not show] the IP address and port number that supplied the answer when the +\fI+short\fR +option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. .RE .PP -\fB+[no]cdflag\fR +\fB+[no]ignore\fR .RS 4 -Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. +Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. .RE .PP -\fB+[no]cl\fR +\fB+[no]keepopen\fR .RS 4 -Display [do not display] the CLASS when printing the record. +Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is +\fB+nokeepopen\fR. .RE .PP -\fB+[no]ttlid\fR +\fB+[no]multiline\fR .RS 4 -Display [do not display] the TTL when printing the record. +Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the +\fBdig\fR +output. .RE .PP -\fB+[no]ttlunits\fR +\fB+ndots=D\fR .RS 4 -Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks. Implies +ttlid. +Set the number of dots that have to appear in +\fIname\fR +to +\fID\fR +for it to be considered absolute. The default value is that defined using the ndots statement in +\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the +\fBsearch\fR +or +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR. +.RE +.PP +\fB+[no]nsid\fR +.RS 4 +Include an EDNS name server ID request when sending a query. +.RE +.PP +\fB+[no]nssearch\fR +.RS 4 +When this option is set, +\fBdig\fR +attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. +.RE +.PP +\fB+[no]onesoa\fR +.RS 4 +Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records. +.RE +.PP +\fB+[no]qr\fR +.RS 4 +Print [do not print] the query as it is sent. By default, the query is not printed. +.RE +.PP +\fB+[no]question\fR +.RS 4 +Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. .RE .PP \fB+[no]recurse\fR @@ -342,45 +450,12 @@ or query options are used. .RE .PP -\fB+[no]nssearch\fR +\fB+retry=T\fR .RS 4 -When this option is set, -\fBdig\fR -attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.RE -.PP -\fB+[no]trace\fR -.RS 4 -Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, -\fBdig\fR -makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.sp -\fB+dnssec\fR -is also set when +trace is set to better emulate the default queries from a nameserver. -.RE -.PP -\fB+[no]cmd\fR -.RS 4 -Toggles the printing of the initial comment in the output identifying the version of -\fBdig\fR -and the query options that have been applied. This comment is printed by default. -.RE -.PP -\fB+[no]short\fR -.RS 4 -Provide a terse answer. The default is to print the answer in a verbose form. -.RE -.PP -\fB+[no]identify\fR -.RS 4 -Show [or do not show] the IP address and port number that supplied the answer when the -\fI+short\fR -option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.RE -.PP -\fB+[no]comments\fR -.RS 4 -Toggle the display of comment lines in the output. The default is to print comments. +Sets the number of times to retry UDP queries to server to +\fIT\fR +instead of the default, 2. Unlike +\fI+tries\fR, this does not include the initial query. .RE .PP \fB+[no]rrcomments\fR @@ -388,9 +463,32 @@ Toggle the display of comment lines in the output. The default is to print comme Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active. .RE .PP -\fB+[no]crypto\fR +\fB+[no]search\fR .RS 4 -Toggle the display of cryptographic fields in DNSSEC records. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures. The default is to display the fields. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e.g. "[ key id = value ]". +Use [do not use] the search list defined by the searchlist or domain directive in +\fIresolv.conf\fR +(if any). The search list is not used by default. +.RE +.PP +\fB+[no]short\fR +.RS 4 +Provide a terse answer. The default is to print the answer in a verbose form. +.RE +.PP +\fB+[no]showsearch\fR +.RS 4 +Perform [do not perform] a search showing intermediate results. +.RE +.PP +\fB+[no]sigchase\fR +.RS 4 +Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. +.RE +.PP +\fB+[no]sit\fR\fB[=####]\fR +.RS 4 +Send a Source Identity Token EDNS option, with optional value. Replaying a SIT from a previous response will allow the server to identify a previous client. The default is +\fB+nosit\fR. Currently using experimental value 65001 for the option code. .RE .PP \fB+split=W\fR @@ -411,34 +509,16 @@ causes fields not to be split at all. The default is 56 characters, or 44 charac This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. .RE .PP -\fB+[no]qr\fR +\fB+[no]subnet=addr/prefix\fR .RS 4 -Print [do not print] the query as it is sent. By default, the query is not printed. +Send an EDNS Client Subnet option with the speciifed IP address or network prefix. .RE .PP -\fB+[no]question\fR +\fB+[no]tcp\fR .RS 4 -Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.RE -.PP -\fB+[no]answer\fR -.RS 4 -Display [do not display] the answer section of a reply. The default is to display it. -.RE -.PP -\fB+[no]authority\fR -.RS 4 -Display [do not display] the authority section of a reply. The default is to display it. -.RE -.PP -\fB+[no]additional\fR -.RS 4 -Display [do not display] the additional section of a reply. The default is to display it. -.RE -.PP -\fB+[no]all\fR -.RS 4 -Set or clear all display flags. +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an +ixfr=N +query is requested, in which case the default is TCP. AXFR queries always use TCP. .RE .PP \fB+time=T\fR @@ -450,6 +530,21 @@ seconds. The default timeout is 5 seconds. An attempt to set to less than 1 will result in a query timeout of 1 second being applied. .RE .PP +\fB+[no]topdown\fR +.RS 4 +When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RE +.PP +\fB+[no]trace\fR +.RS 4 +Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, +\fBdig\fR +makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. +.sp +\fB+dnssec\fR +is also set when +trace is set to better emulate the default queries from a nameserver. +.RE +.PP \fB+tries=T\fR .RS 4 Sets the number of times to try UDP queries to server to @@ -459,86 +554,6 @@ instead of the default, 3. If is less than or equal to zero, the number of tries is silently rounded up to 1. .RE .PP -\fB+retry=T\fR -.RS 4 -Sets the number of times to retry UDP queries to server to -\fIT\fR -instead of the default, 2. Unlike -\fI+tries\fR, this does not include the initial query. -.RE -.PP -\fB+ndots=D\fR -.RS 4 -Set the number of dots that have to appear in -\fIname\fR -to -\fID\fR -for it to be considered absolute. The default value is that defined using the ndots statement in -\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the -\fBsearch\fR -or -\fBdomain\fR -directive in -\fI/etc/resolv.conf\fR. -.RE -.PP -\fB+bufsize=B\fR -.RS 4 -Set the UDP message buffer size advertised using EDNS0 to -\fIB\fR -bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. -.RE -.PP -\fB+edns=#\fR -.RS 4 -Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. -\fB+noedns\fR -clears the remembered EDNS version. EDNS is set to 0 by default. -.RE -.PP -\fB+[no]ednsopt[=code[:value]]\fR -.RS 4 -Specify EDNS option with code point -\fBcode\fR -and optionally payload of -\fBvalue\fR -as a hexadecimal string. -\fB+noednsopt\fR -clears the EDNS options to to be sent. -.RE -.PP -\fB+[no]multiline\fR -.RS 4 -Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the -\fBdig\fR -output. -.RE -.PP -\fB+[no]onesoa\fR -.RS 4 -Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records. -.RE -.PP -\fB+[no]fail\fR -.RS 4 -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. -.RE -.PP -\fB+[no]besteffort\fR -.RS 4 -Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.RE -.PP -\fB+[no]dnssec\fR -.RS 4 -Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.RE -.PP -\fB+[no]sigchase\fR -.RS 4 -Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.RE -.PP \fB+trusted\-key=####\fR .RS 4 Specifies a file containing trusted keys to be used with @@ -555,36 +570,21 @@ in the current directory. Requires dig be compiled with \-DDIG_SIGCHASE. .RE .PP -\fB+[no]topdown\fR +\fB+[no]ttlid\fR .RS 4 -When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +Display [do not display] the TTL when printing the record. .RE .PP -\fB+[no]nsid\fR +\fB+[no]ttlunits\fR .RS 4 -Include an EDNS name server ID request when sending a query. +Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks. Implies +ttlid. .RE .PP -\fB+[no]keepopen\fR +\fB+[no]vc\fR .RS 4 -Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is -\fB+nokeepopen\fR. -.RE -.PP -\fB+[no]sit\fR\fB[=####]\fR -.RS 4 -Send a Source Identity Token EDNS option, with optional value. Replaying a SIT from a previous response will allow the server to identify a previous client. The default is -\fB+nosit\fR. Currently using experimental value 65001 for the option code. -.RE -.PP -\fB+[no]subnet=addr/prefix\fR -.RS 4 -Send an EDNS Client Subnet option with the speciifed IP address or network prefix. -.RE -.PP -\fB+[no]expire\fR -.RS 4 -Send an EDNS Expire option. Currently using experimental value 65002 for the option code. +Use [do not use] TCP when querying name servers. This alternate syntax to +\fI+[no]tcp\fR +is provided for backwards compatibility. The "vc" stands for "virtual circuit". .RE .SH "MULTIPLE QUERIES" .PP diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 3b888a68ef..6c61ff448c 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -262,63 +262,19 @@

-
+[no]tcp
-

- Use [do not use] TCP when querying name servers. The - default behavior is to use UDP unless - an ixfr=N query is requested, in - which case the default is TCP. - AXFR queries always use TCP. -

-
+[no]vc
-

- Use [do not use] TCP when querying name servers. This alternate - syntax to +[no]tcp is - provided for backwards - compatibility. The "vc" stands for "virtual circuit". -

-
+[no]ignore
-

- Ignore truncation in UDP responses instead of retrying with TCP. - By - default, TCP retries are performed. -

-
+domain=somename
-

- Set the search list to contain the single domain - somename, as if specified in - a - domain directive in - /etc/resolv.conf, and enable - search list - processing as if the +search - option were given. -

-
+[no]search
-

- Use [do not use] the search list defined by the searchlist or - domain - directive in resolv.conf (if - any). - The search list is not used by default. -

-
+[no]showsearch
-

- Perform [do not perform] a search showing intermediate - results. -

-
+[no]defname
-

- Deprecated, treated as a synonym for +[no]search -

-
+[no]aaonly
-

- Sets the "aa" flag in the query. -

+[no]aaflag

- A synonym for +[no]aaonly. -

+ A synonym for +[no]aaonly. +

+
+[no]aaonly
+

+ Sets the "aa" flag in the query. +

+
+[no]additional
+

+ Display [do not display] the additional section of a + reply. The default is to display it. +

+[no]adflag

Set [do not set] the AD (authentic data) bit in the @@ -331,27 +287,185 @@ of the answer was insecure or not validated. This bit is set by default.

+
+[no]all
+

+ Set or clear all display flags. +

+
+[no]answer
+

+ Display [do not display] the answer section of a + reply. The default is to display it. +

+
+[no]authority
+

+ Display [do not display] the authority section of a + reply. The default is to display it. +

+
+[no]besteffort
+

+ Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. +

+
+bufsize=B
+

+ Set the UDP message buffer size advertised using EDNS0 + to B bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. +

+[no]cdflag

- Set [do not set] the CD (checking disabled) bit in the query. - This - requests the server to not perform DNSSEC validation of - responses. -

+ Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. +

+[no]cl

- Display [do not display] the CLASS when printing the record. -

-
+[no]ttlid
+ Display [do not display] the CLASS when printing the + record. +

+
+[no]cmd

- Display [do not display] the TTL when printing the record. -

-
+[no]ttlunits
+ Toggles the printing of the initial comment in the + output identifying the version of dig + and the query options that have been applied. This + comment is printed by default. +

+
+[no]comments

- Display [do not display] the TTL in friendly human-readable - time units of "s", "m", "h", "d", and "w", representing - seconds, minutes, hours, days and weeks. Implies +ttlid. -

+ Toggle the display of comment lines in the output. + The default is to print comments. +

+
+[no]crypto
+

+ Toggle the display of cryptographic fields in DNSSEC + records. The contents of these field are unnecessary + to debug most DNSSEC validation failures and removing + them makes it easier to see the common failures. The + default is to display the fields. When omitted they + are replaced by the string "[omitted]" or in the + DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". +

+
+[no]defname
+

+ Deprecated, treated as a synonym for + +[no]search +

+
+domain=somename
+

+ Set the search list to contain the single domain + somename, as if specified in + a domain directive in + /etc/resolv.conf, and enable + search list processing as if the + +search option were given. +

+
+[no]dnssec
+

+ Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. +

+
+[no]edns[=#]
+

+ Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. +noedns + clears the remembered EDNS version. EDNS is set to + 0 by default. +

+
+[no]ednsopt[=code[:value]]
+

+ Specify EDNS option with code point code + and optionally payload of value as a + hexadecimal string. +noednsopt + clears the EDNS options to to be sent. +

+
+[no]expire
+

+ Send an EDNS Expire option. +

+
+[no]fail
+

+ Do not try the next server if you receive a SERVFAIL. + The default is to not try the next server which is + the reverse of normal stub resolver behavior. +

+
+[no]identify
+

+ Show [or do not show] the IP address and port number + that supplied the answer when the + +short option is enabled. If + short form answers are requested, the default is not + to show the source address and port number of the + server that provided the answer. +

+
+[no]ignore
+

+ Ignore truncation in UDP responses instead of retrying + with TCP. By default, TCP retries are performed. +

+
+[no]keepopen
+

+ Keep the TCP socket open between queries and reuse + it rather than creating a new TCP socket for each + lookup. The default is +nokeepopen. +

+
+[no]multiline
+

+ Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the dig + output. +

+
+ndots=D
+

+ Set the number of dots that have to appear in + name to D + for it to be considered absolute. The default value + is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots + are interpreted as relative names and will be searched + for in the domains listed in the search + or domain directive in + /etc/resolv.conf. +

+
+[no]nsid
+

+ Include an EDNS name server ID request when sending + a query. +

+
+[no]nssearch
+

+ When this option is set, dig + attempts to find the authoritative name servers for + the zone containing the name being looked up and + display the SOA record that each name server has for + the zone. +

+
+[no]onesoa
+

+ Print only one (starting) SOA record when performing + an AXFR. The default is to print both the starting + and ending SOA records. +

+
+[no]qr
+

+ Print [do not print] the query as it is sent. By + default, the query is not printed. +

+
+[no]question
+

+ Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. +

+[no]recurse

Toggle the setting of the RD (recursion desired) bit @@ -361,16 +475,96 @@ the +nssearch or +trace query options are used.

-
+[no]nssearch
+
+retry=T

- When this option is set, dig - attempts to find the - authoritative name servers for the zone containing the name - being - looked up and display the SOA record that each name server has - for the - zone. + Sets the number of times to retry UDP queries to + server to T instead of the + default, 2. Unlike +tries, + this does not include the initial query. +

+
+[no]rrcomments
+

+ Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. +

+
+[no]search
+

+ Use [do not use] the search list defined by the + searchlist or domain directive in + resolv.conf (if any). The search + list is not used by default. +

+
+[no]short
+

+ Provide a terse answer. The default is to print the + answer in a verbose form. +

+
+[no]showsearch
+

+ Perform [do not perform] a search showing intermediate + results. +

+
+[no]sigchase
+

+ Chase DNSSEC signature chains. Requires dig be + compiled with -DDIG_SIGCHASE. +

+
+[no]sit[=####]
+

+ Send a Source Identity Token EDNS option, with optional + value. Replaying a SIT from a previous response will + allow the server to identify a previous client. The + default is +nosit. Currently using + experimental value 65001 for the option code. +

+
+split=W
+

+ Split long hex- or base64-formatted fields in resource + records into chunks of W + characters (where W is rounded + up to the nearest multiple of 4). + +nosplit or + +split=0 causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. +

+
+[no]stats
+

+ This query option toggles the printing of statistics: + when the query was made, the size of the reply and + so on. The default behavior is to print the query + statistics. +

+
+[no]subnet=addr/prefix
+

+ Send an EDNS Client Subnet option with the speciifed + IP address or network prefix. +

+
+[no]tcp
+

+ Use [do not use] TCP when querying name servers. The + default behavior is to use UDP unless an + ixfr=N query is requested, in which + case the default is TCP. AXFR queries always use + TCP. +

+
+time=T
+

+ + Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied.

+
+[no]topdown
+

+ When chasing DNSSEC signature chains perform a top-down + validation. Requires dig be compiled with -DDIG_SIGCHASE. +

+[no]trace

@@ -383,265 +577,61 @@ from each server that was used to resolve the lookup.

- +dnssec is also set when +trace is - set to better emulate the default queries from a nameserver. + +dnssec is also set when +trace + is set to better emulate the default queries from a + nameserver.

-
+[no]cmd
-

- Toggles the printing of the initial comment in the output - identifying - the version of dig and the query - options that have - been applied. This comment is printed by default. -

-
+[no]short
-

- Provide a terse answer. The default is to print the answer in a - verbose form. -

-
+[no]identify
-

- Show [or do not show] the IP address and port number that - supplied the - answer when the +short option - is enabled. If - short form answers are requested, the default is not to show the - source address and port number of the server that provided the - answer. -

-
+[no]comments
-

- Toggle the display of comment lines in the output. The default - is to print comments. -

-
+[no]rrcomments
-

- Toggle the display of per-record comments in the output (for - example, human-readable key information about DNSKEY records). - The default is not to print record comments unless multiline - mode is active. -

-
+[no]crypto
-

- Toggle the display of cryptographic fields in DNSSEC records. - The contents of these field are unnecessary to debug most DNSSEC - validation failures and removing them makes it easier to see - the common failures. The default is to display the fields. - When omitted they are replaced by the string "[omitted]" or - in the DNSKEY case the key id is displayed as the replacement, - e.g. "[ key id = value ]". -

-
+split=W
-

- Split long hex- or base64-formatted fields in resource - records into chunks of W characters - (where W is rounded up to the nearest - multiple of 4). - +nosplit or - +split=0 causes fields not to be - split at all. The default is 56 characters, or 44 characters - when multiline mode is active. -

-
+[no]stats
-

- This query option toggles the printing of statistics: when the - query - was made, the size of the reply and so on. The default - behavior is - to print the query statistics. -

-
+[no]qr
-

- Print [do not print] the query as it is sent. - By default, the query is not printed. -

-
+[no]question
-

- Print [do not print] the question section of a query when an - answer is - returned. The default is to print the question section as a - comment. -

-
+[no]answer
-

- Display [do not display] the answer section of a reply. The - default - is to display it. -

-
+[no]authority
-

- Display [do not display] the authority section of a reply. The - default is to display it. -

-
+[no]additional
-

- Display [do not display] the additional section of a reply. - The default is to display it. -

-
+[no]all
-

- Set or clear all display flags. -

-
+time=T
-

- - Sets the timeout for a query to - T seconds. The default - timeout is 5 seconds. - An attempt to set T to less - than 1 will result - in a query timeout of 1 second being applied. -

+tries=T

- Sets the number of times to try UDP queries to server to - T instead of the default, 3. - If - T is less than or equal to - zero, the number of - tries is silently rounded up to 1. -

-
+retry=T
-

- Sets the number of times to retry UDP queries to server to - T instead of the default, 2. - Unlike - +tries, this does not include - the initial - query. -

-
+ndots=D
-

- Set the number of dots that have to appear in - name to D for it to be - considered absolute. The default value is that defined using - the - ndots statement in /etc/resolv.conf, or 1 if no - ndots statement is present. Names with fewer dots are - interpreted as - relative names and will be searched for in the domains listed in - the - search or domain directive in - /etc/resolv.conf. -

-
+bufsize=B
-

- Set the UDP message buffer size advertised using EDNS0 to - B bytes. The maximum and minimum sizes - of this buffer are 65535 and 0 respectively. Values outside - this range are rounded up or down appropriately. - Values other than zero will cause a EDNS query to be sent. -

-
+edns=#
-

- Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause - a EDNS query to be sent. +noedns - clears the remembered EDNS version. EDNS is set to - 0 by default. + Sets the number of times to try UDP queries to server + to T instead of the default, + 3. If T is less than or equal + to zero, the number of tries is silently rounded up + to 1.

-
+[no]ednsopt[=code[:value]]
-

- Specify EDNS option with code point code - and optionally payload of value as a - hexadecimal string. +noednsopt - clears the EDNS options to to be sent. -

-
+[no]multiline
-

- Print records like the SOA records in a verbose multi-line - format with human-readable comments. The default is to print - each record on a single line, to facilitate machine parsing - of the dig output. -

-
+[no]onesoa
-

- Print only one (starting) SOA record when performing - an AXFR. The default is to print both the starting and - ending SOA records. -

-
+[no]fail
-

- Do not try the next server if you receive a SERVFAIL. The - default is - to not try the next server which is the reverse of normal stub - resolver - behavior. -

-
+[no]besteffort
-

- Attempt to display the contents of messages which are malformed. - The default is to not display malformed answers. -

-
+[no]dnssec
-

- Requests DNSSEC records be sent by setting the DNSSEC OK bit - (DO) - in the OPT record in the additional section of the query. -

-
+[no]sigchase
-

- Chase DNSSEC signature chains. Requires dig be compiled with - -DDIG_SIGCHASE. -

+trusted-key=####

- Specifies a file containing trusted keys to be used with - +sigchase. Each DNSKEY record must be - on its own line. -

-

- If not specified, dig will look for - /etc/trusted-key.key then - trusted-key.key in the current directory. + Specifies a file containing trusted keys to be used + with +sigchase. Each DNSKEY record + must be on its own line.

- Requires dig be compiled with -DDIG_SIGCHASE. + If not specified, dig will look + for /etc/trusted-key.key then + trusted-key.key in the current + directory. +

+

+ Requires dig be compiled with -DDIG_SIGCHASE.

-
+[no]topdown
+
+[no]ttlid

- When chasing DNSSEC signature chains perform a top-down - validation. - Requires dig be compiled with -DDIG_SIGCHASE. -

-
+[no]nsid
+ Display [do not display] the TTL when printing the + record. +

+
+[no]ttlunits

- Include an EDNS name server ID request when sending a query. + Display [do not display] the TTL in friendly human-readable + time units of "s", "m", "h", "d", and "w", representing + seconds, minutes, hours, days and weeks. Implies +ttlid.

-
+[no]keepopen
+
+[no]vc

- Keep the TCP socket open between queries and reuse it rather - than creating a new TCP socket for each lookup. The default - is +nokeepopen. -

-
+[no]sit[=####]
-

- Send a Source Identity Token EDNS option, with optional value. - Replaying a SIT from a previous response will allow the - server to identify a previous client. The default is - +nosit. Currently using experimental value - 65001 for the option code. -

-
+[no]subnet=addr/prefix
-

- Send an EDNS Client Subnet option with the speciifed - IP address or network prefix. -

-
+[no]expire
-

- Send an EDNS Expire option. Currently using experimental - value 65002 for the option code. -

+ Use [do not use] TCP when querying name servers. This + alternate syntax to +[no]tcp + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". +

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports @@ -687,7 +677,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

IDN SUPPORT

+

IDN SUPPORT

If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -701,14 +691,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

${HOME}/.digrc

-

SEE ALSO

+

SEE ALSO

host(1), named(8), dnssec-keygen(8), @@ -716,7 +706,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 722d86a9ea..a367cbe54f 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -50,20 +50,20 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index e12d7106ff..083418867a 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -51,7 +51,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]

-

DESCRIPTION

+

DESCRIPTION

tsig-keygen and ddns-confgen are invokation methods for a utility that generates keys for use @@ -87,7 +87,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -159,7 +159,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), @@ -167,7 +167,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index 1f4cfa0b68..6a4193711e 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -53,7 +53,7 @@

delv [queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

delv (Domain Entity Lookup & Validation) is a tool for sending DNS queries and validating the results, using the the same internal @@ -96,7 +96,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of delv looks like:

@@ -151,7 +151,7 @@

-

OPTIONS

+

OPTIONS

-a anchor-file
@@ -285,7 +285,7 @@
-

QUERY OPTIONS

+

QUERY OPTIONS

delv provides a number of query options which affect the way results are displayed, and in some cases the way lookups are performed. @@ -465,12 +465,12 @@

-

FILES

+

FILES

/etc/bind.keys

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8), RFC4034, diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index cab20d819d..1dc5b9788a 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -52,7 +52,7 @@

dig [global-queryopt...] [query...]

-

DESCRIPTION

+

DESCRIPTION

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -99,7 +99,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

A typical invocation of dig looks like:

@@ -152,7 +152,7 @@

-

OPTIONS

+

OPTIONS

The -b option sets the source IP address of the query to address. This must be a valid @@ -260,7 +260,7 @@

-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -280,63 +280,19 @@

-
+[no]tcp
-

- Use [do not use] TCP when querying name servers. The - default behavior is to use UDP unless - an ixfr=N query is requested, in - which case the default is TCP. - AXFR queries always use TCP. -

-
+[no]vc
-

- Use [do not use] TCP when querying name servers. This alternate - syntax to +[no]tcp is - provided for backwards - compatibility. The "vc" stands for "virtual circuit". -

-
+[no]ignore
-

- Ignore truncation in UDP responses instead of retrying with TCP. - By - default, TCP retries are performed. -

-
+domain=somename
-

- Set the search list to contain the single domain - somename, as if specified in - a - domain directive in - /etc/resolv.conf, and enable - search list - processing as if the +search - option were given. -

-
+[no]search
-

- Use [do not use] the search list defined by the searchlist or - domain - directive in resolv.conf (if - any). - The search list is not used by default. -

-
+[no]showsearch
-

- Perform [do not perform] a search showing intermediate - results. -

-
+[no]defname
-

- Deprecated, treated as a synonym for +[no]search -

-
+[no]aaonly
-

- Sets the "aa" flag in the query. -

+[no]aaflag

- A synonym for +[no]aaonly. -

+ A synonym for +[no]aaonly. +

+
+[no]aaonly
+

+ Sets the "aa" flag in the query. +

+
+[no]additional
+

+ Display [do not display] the additional section of a + reply. The default is to display it. +

+[no]adflag

Set [do not set] the AD (authentic data) bit in the @@ -349,27 +305,185 @@ of the answer was insecure or not validated. This bit is set by default.

+
+[no]all
+

+ Set or clear all display flags. +

+
+[no]answer
+

+ Display [do not display] the answer section of a + reply. The default is to display it. +

+
+[no]authority
+

+ Display [do not display] the authority section of a + reply. The default is to display it. +

+
+[no]besteffort
+

+ Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. +

+
+bufsize=B
+

+ Set the UDP message buffer size advertised using EDNS0 + to B bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. +

+[no]cdflag

- Set [do not set] the CD (checking disabled) bit in the query. - This - requests the server to not perform DNSSEC validation of - responses. -

+ Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. +

+[no]cl

- Display [do not display] the CLASS when printing the record. -

-
+[no]ttlid
+ Display [do not display] the CLASS when printing the + record. +

+
+[no]cmd

- Display [do not display] the TTL when printing the record. -

-
+[no]ttlunits
+ Toggles the printing of the initial comment in the + output identifying the version of dig + and the query options that have been applied. This + comment is printed by default. +

+
+[no]comments

- Display [do not display] the TTL in friendly human-readable - time units of "s", "m", "h", "d", and "w", representing - seconds, minutes, hours, days and weeks. Implies +ttlid. -

+ Toggle the display of comment lines in the output. + The default is to print comments. +

+
+[no]crypto
+

+ Toggle the display of cryptographic fields in DNSSEC + records. The contents of these field are unnecessary + to debug most DNSSEC validation failures and removing + them makes it easier to see the common failures. The + default is to display the fields. When omitted they + are replaced by the string "[omitted]" or in the + DNSKEY case the key id is displayed as the replacement, + e.g. "[ key id = value ]". +

+
+[no]defname
+

+ Deprecated, treated as a synonym for + +[no]search +

+
+domain=somename
+

+ Set the search list to contain the single domain + somename, as if specified in + a domain directive in + /etc/resolv.conf, and enable + search list processing as if the + +search option were given. +

+
+[no]dnssec
+

+ Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. +

+
+[no]edns[=#]
+

+ Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. +noedns + clears the remembered EDNS version. EDNS is set to + 0 by default. +

+
+[no]ednsopt[=code[:value]]
+

+ Specify EDNS option with code point code + and optionally payload of value as a + hexadecimal string. +noednsopt + clears the EDNS options to to be sent. +

+
+[no]expire
+

+ Send an EDNS Expire option. +

+
+[no]fail
+

+ Do not try the next server if you receive a SERVFAIL. + The default is to not try the next server which is + the reverse of normal stub resolver behavior. +

+
+[no]identify
+

+ Show [or do not show] the IP address and port number + that supplied the answer when the + +short option is enabled. If + short form answers are requested, the default is not + to show the source address and port number of the + server that provided the answer. +

+
+[no]ignore
+

+ Ignore truncation in UDP responses instead of retrying + with TCP. By default, TCP retries are performed. +

+
+[no]keepopen
+

+ Keep the TCP socket open between queries and reuse + it rather than creating a new TCP socket for each + lookup. The default is +nokeepopen. +

+
+[no]multiline
+

+ Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the dig + output. +

+
+ndots=D
+

+ Set the number of dots that have to appear in + name to D + for it to be considered absolute. The default value + is that defined using the ndots statement in + /etc/resolv.conf, or 1 if no + ndots statement is present. Names with fewer dots + are interpreted as relative names and will be searched + for in the domains listed in the search + or domain directive in + /etc/resolv.conf. +

+
+[no]nsid
+

+ Include an EDNS name server ID request when sending + a query. +

+
+[no]nssearch
+

+ When this option is set, dig + attempts to find the authoritative name servers for + the zone containing the name being looked up and + display the SOA record that each name server has for + the zone. +

+
+[no]onesoa
+

+ Print only one (starting) SOA record when performing + an AXFR. The default is to print both the starting + and ending SOA records. +

+
+[no]qr
+

+ Print [do not print] the query as it is sent. By + default, the query is not printed. +

+
+[no]question
+

+ Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. +

+[no]recurse

Toggle the setting of the RD (recursion desired) bit @@ -379,16 +493,96 @@ the +nssearch or +trace query options are used.

-
+[no]nssearch
+
+retry=T

- When this option is set, dig - attempts to find the - authoritative name servers for the zone containing the name - being - looked up and display the SOA record that each name server has - for the - zone. + Sets the number of times to retry UDP queries to + server to T instead of the + default, 2. Unlike +tries, + this does not include the initial query. +

+
+[no]rrcomments
+

+ Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. +

+
+[no]search
+

+ Use [do not use] the search list defined by the + searchlist or domain directive in + resolv.conf (if any). The search + list is not used by default. +

+
+[no]short
+

+ Provide a terse answer. The default is to print the + answer in a verbose form. +

+
+[no]showsearch
+

+ Perform [do not perform] a search showing intermediate + results. +

+
+[no]sigchase
+

+ Chase DNSSEC signature chains. Requires dig be + compiled with -DDIG_SIGCHASE. +

+
+[no]sit[=####]
+

+ Send a Source Identity Token EDNS option, with optional + value. Replaying a SIT from a previous response will + allow the server to identify a previous client. The + default is +nosit. Currently using + experimental value 65001 for the option code. +

+
+split=W
+

+ Split long hex- or base64-formatted fields in resource + records into chunks of W + characters (where W is rounded + up to the nearest multiple of 4). + +nosplit or + +split=0 causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. +

+
+[no]stats
+

+ This query option toggles the printing of statistics: + when the query was made, the size of the reply and + so on. The default behavior is to print the query + statistics. +

+
+[no]subnet=addr/prefix
+

+ Send an EDNS Client Subnet option with the speciifed + IP address or network prefix. +

+
+[no]tcp
+

+ Use [do not use] TCP when querying name servers. The + default behavior is to use UDP unless an + ixfr=N query is requested, in which + case the default is TCP. AXFR queries always use + TCP. +

+
+time=T
+

+ + Sets the timeout for a query to + T seconds. The default + timeout is 5 seconds. + An attempt to set T to less + than 1 will result + in a query timeout of 1 second being applied.

+
+[no]topdown
+

+ When chasing DNSSEC signature chains perform a top-down + validation. Requires dig be compiled with -DDIG_SIGCHASE. +

+[no]trace

@@ -401,265 +595,61 @@ from each server that was used to resolve the lookup.

- +dnssec is also set when +trace is - set to better emulate the default queries from a nameserver. + +dnssec is also set when +trace + is set to better emulate the default queries from a + nameserver.

-
+[no]cmd
-

- Toggles the printing of the initial comment in the output - identifying - the version of dig and the query - options that have - been applied. This comment is printed by default. -

-
+[no]short
-

- Provide a terse answer. The default is to print the answer in a - verbose form. -

-
+[no]identify
-

- Show [or do not show] the IP address and port number that - supplied the - answer when the +short option - is enabled. If - short form answers are requested, the default is not to show the - source address and port number of the server that provided the - answer. -

-
+[no]comments
-

- Toggle the display of comment lines in the output. The default - is to print comments. -

-
+[no]rrcomments
-

- Toggle the display of per-record comments in the output (for - example, human-readable key information about DNSKEY records). - The default is not to print record comments unless multiline - mode is active. -

-
+[no]crypto
-

- Toggle the display of cryptographic fields in DNSSEC records. - The contents of these field are unnecessary to debug most DNSSEC - validation failures and removing them makes it easier to see - the common failures. The default is to display the fields. - When omitted they are replaced by the string "[omitted]" or - in the DNSKEY case the key id is displayed as the replacement, - e.g. "[ key id = value ]". -

-
+split=W
-

- Split long hex- or base64-formatted fields in resource - records into chunks of W characters - (where W is rounded up to the nearest - multiple of 4). - +nosplit or - +split=0 causes fields not to be - split at all. The default is 56 characters, or 44 characters - when multiline mode is active. -

-
+[no]stats
-

- This query option toggles the printing of statistics: when the - query - was made, the size of the reply and so on. The default - behavior is - to print the query statistics. -

-
+[no]qr
-

- Print [do not print] the query as it is sent. - By default, the query is not printed. -

-
+[no]question
-

- Print [do not print] the question section of a query when an - answer is - returned. The default is to print the question section as a - comment. -

-
+[no]answer
-

- Display [do not display] the answer section of a reply. The - default - is to display it. -

-
+[no]authority
-

- Display [do not display] the authority section of a reply. The - default is to display it. -

-
+[no]additional
-

- Display [do not display] the additional section of a reply. - The default is to display it. -

-
+[no]all
-

- Set or clear all display flags. -

-
+time=T
-

- - Sets the timeout for a query to - T seconds. The default - timeout is 5 seconds. - An attempt to set T to less - than 1 will result - in a query timeout of 1 second being applied. -

+tries=T

- Sets the number of times to try UDP queries to server to - T instead of the default, 3. - If - T is less than or equal to - zero, the number of - tries is silently rounded up to 1. -

-
+retry=T
-

- Sets the number of times to retry UDP queries to server to - T instead of the default, 2. - Unlike - +tries, this does not include - the initial - query. -

-
+ndots=D
-

- Set the number of dots that have to appear in - name to D for it to be - considered absolute. The default value is that defined using - the - ndots statement in /etc/resolv.conf, or 1 if no - ndots statement is present. Names with fewer dots are - interpreted as - relative names and will be searched for in the domains listed in - the - search or domain directive in - /etc/resolv.conf. -

-
+bufsize=B
-

- Set the UDP message buffer size advertised using EDNS0 to - B bytes. The maximum and minimum sizes - of this buffer are 65535 and 0 respectively. Values outside - this range are rounded up or down appropriately. - Values other than zero will cause a EDNS query to be sent. -

-
+edns=#
-

- Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause - a EDNS query to be sent. +noedns - clears the remembered EDNS version. EDNS is set to - 0 by default. + Sets the number of times to try UDP queries to server + to T instead of the default, + 3. If T is less than or equal + to zero, the number of tries is silently rounded up + to 1.

-
+[no]ednsopt[=code[:value]]
-

- Specify EDNS option with code point code - and optionally payload of value as a - hexadecimal string. +noednsopt - clears the EDNS options to to be sent. -

-
+[no]multiline
-

- Print records like the SOA records in a verbose multi-line - format with human-readable comments. The default is to print - each record on a single line, to facilitate machine parsing - of the dig output. -

-
+[no]onesoa
-

- Print only one (starting) SOA record when performing - an AXFR. The default is to print both the starting and - ending SOA records. -

-
+[no]fail
-

- Do not try the next server if you receive a SERVFAIL. The - default is - to not try the next server which is the reverse of normal stub - resolver - behavior. -

-
+[no]besteffort
-

- Attempt to display the contents of messages which are malformed. - The default is to not display malformed answers. -

-
+[no]dnssec
-

- Requests DNSSEC records be sent by setting the DNSSEC OK bit - (DO) - in the OPT record in the additional section of the query. -

-
+[no]sigchase
-

- Chase DNSSEC signature chains. Requires dig be compiled with - -DDIG_SIGCHASE. -

+trusted-key=####

- Specifies a file containing trusted keys to be used with - +sigchase. Each DNSKEY record must be - on its own line. -

-

- If not specified, dig will look for - /etc/trusted-key.key then - trusted-key.key in the current directory. + Specifies a file containing trusted keys to be used + with +sigchase. Each DNSKEY record + must be on its own line.

- Requires dig be compiled with -DDIG_SIGCHASE. + If not specified, dig will look + for /etc/trusted-key.key then + trusted-key.key in the current + directory. +

+

+ Requires dig be compiled with -DDIG_SIGCHASE.

-
+[no]topdown
+
+[no]ttlid

- When chasing DNSSEC signature chains perform a top-down - validation. - Requires dig be compiled with -DDIG_SIGCHASE. -

-
+[no]nsid
+ Display [do not display] the TTL when printing the + record. +

+
+[no]ttlunits

- Include an EDNS name server ID request when sending a query. + Display [do not display] the TTL in friendly human-readable + time units of "s", "m", "h", "d", and "w", representing + seconds, minutes, hours, days and weeks. Implies +ttlid.

-
+[no]keepopen
+
+[no]vc

- Keep the TCP socket open between queries and reuse it rather - than creating a new TCP socket for each lookup. The default - is +nokeepopen. -

-
+[no]sit[=####]
-

- Send a Source Identity Token EDNS option, with optional value. - Replaying a SIT from a previous response will allow the - server to identify a previous client. The default is - +nosit. Currently using experimental value - 65001 for the option code. -

-
+[no]subnet=addr/prefix
-

- Send an EDNS Client Subnet option with the speciifed - IP address or network prefix. -

-
+[no]expire
-

- Send an EDNS Expire option. Currently using experimental - value 65002 for the option code. -

+ Use [do not use] TCP when querying name servers. This + alternate syntax to +[no]tcp + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". +

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports @@ -705,7 +695,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

IDN SUPPORT

+

IDN SUPPORT

If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -719,14 +709,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

${HOME}/.digrc

-

SEE ALSO

+

SEE ALSO

host(1), named(8), dnssec-keygen(8), @@ -734,7 +724,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index cc22985c05..40fce94918 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -51,7 +51,7 @@

dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

-

DESCRIPTION

+

DESCRIPTION

dnssec-checkds verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified @@ -59,7 +59,7 @@

-

OPTIONS

+

OPTIONS

-f file

@@ -88,14 +88,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-dsfromkey(8), dnssec-keygen(8), dnssec-signzone(8),

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html index b43a9641a9..8a3097a653 100644 --- a/doc/arm/man.dnssec-coverage.html +++ b/doc/arm/man.dnssec-coverage.html @@ -50,7 +50,7 @@

dnssec-coverage [-K directory] [-l length] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [-k] [-z] [zone]

-

DESCRIPTION

+

DESCRIPTION

dnssec-coverage verifies that the DNSSEC keys for a given zone or a set of zones have timing metadata set properly to ensure no future lapses in DNSSEC @@ -78,7 +78,7 @@

-

OPTIONS

+

OPTIONS

-K directory

@@ -192,7 +192,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-checkds(8), dnssec-dsfromkey(8), @@ -201,7 +201,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html index 5d43af45e3..80175ba1b2 100644 --- a/doc/arm/man.dnssec-dsfromkey.html +++ b/doc/arm/man.dnssec-dsfromkey.html @@ -51,14 +51,14 @@

dnssec-dsfromkey {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-T TTL] [-f file] [-A] [-v level] {dnsname}

-

DESCRIPTION

+

DESCRIPTION

dnssec-dsfromkey outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).

-

OPTIONS

+

OPTIONS

-1

@@ -135,7 +135,7 @@

-

EXAMPLE

+

EXAMPLE

To build the SHA-256 DS RR from the Kexample.com.+003+26160 @@ -150,7 +150,7 @@

-

FILES

+

FILES

The keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -164,13 +164,13 @@

-

CAVEAT

+

CAVEAT

A keyfile error can give a "file not found" even if the file exists.

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -180,7 +180,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html index fe44093a96..0a49626d26 100644 --- a/doc/arm/man.dnssec-importkey.html +++ b/doc/arm/man.dnssec-importkey.html @@ -51,7 +51,7 @@

dnssec-importkey {-f filename} [-K directory] [-L ttl] [-P date/offset] [-D date/offset] [-h] [-v level] [dnsname]

-

DESCRIPTION

+

DESCRIPTION

dnssec-importkey reads a public DNSKEY record and generates a pair of .key/.private files. The DNSKEY record may be read from an @@ -71,7 +71,7 @@

-

OPTIONS

+

OPTIONS

-f filename
@@ -110,7 +110,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -138,7 +138,7 @@

-

FILES

+

FILES

A keyfile can be designed by the key identification Knnnn.+aaa+iiiii or the full file name @@ -147,7 +147,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -155,7 +155,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 55e5b0899b..ef5105b852 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -50,7 +50,7 @@

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-y] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keyfromlabel generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -239,7 +239,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -311,7 +311,7 @@

-

GENERATED KEY FILES

+

GENERATED KEY FILES

When dnssec-keyfromlabel completes successfully, @@ -350,7 +350,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -359,7 +359,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index d209c29954..6881b127cf 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -50,7 +50,7 @@

dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-z] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -64,7 +64,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -281,7 +281,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -355,7 +355,7 @@

-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, @@ -401,7 +401,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -422,7 +422,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 2539, @@ -431,7 +431,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index 3a282cd907..1c197abb4a 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -50,7 +50,7 @@

dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -58,7 +58,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -105,14 +105,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index f66257b230..8476f17868 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -50,7 +50,7 @@

dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-settime reads a DNSSEC private key file and sets the key timing metadata as specified by the -P, -A, @@ -76,7 +76,7 @@

-

OPTIONS

+

OPTIONS

-f

@@ -127,7 +127,7 @@

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -206,7 +206,7 @@

-

PRINTING OPTIONS

+

PRINTING OPTIONS

dnssec-settime can also be used to print the timing metadata associated with a key. @@ -232,7 +232,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -240,7 +240,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index d82b1e6271..d7871d78e9 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -50,7 +50,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-M domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -508,7 +508,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated by dnssec-keygen @@ -538,14 +538,14 @@ db.example.com.signed %

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 4033, RFC 4641.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index e56c8c8641..98caa9b4d8 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -50,7 +50,7 @@

dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-verify verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -58,7 +58,7 @@

-

OPTIONS

+

OPTIONS

-c class

@@ -134,7 +134,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -142,7 +142,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index d341fec03a..b38d6b62a6 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -50,7 +50,7 @@

genrandom [-n number] {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file or a set of files containing a specified quantity @@ -59,7 +59,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number

@@ -77,14 +77,14 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3)

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index f968e91a0e..98ba23f271 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -50,7 +50,7 @@

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] [-v] [-V] {name} [server]

-

DESCRIPTION

+

DESCRIPTION

host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -214,7 +214,7 @@

-

IDN SUPPORT

+

IDN SUPPORT

If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -228,12 +228,12 @@

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1), named(8).

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index ba6af3c091..2f1c42f815 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -50,7 +50,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 55c936d0cd..0c7293869c 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -50,7 +50,7 @@

named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -70,7 +70,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -119,21 +119,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkzone(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 45df7c8a17..27f4ba7ff2 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -51,7 +51,7 @@

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-l ttl] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -71,7 +71,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -305,14 +305,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkconf(8), RFC 1035, @@ -320,7 +320,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 0d68d75140..d98d90b94f 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -50,7 +50,7 @@

named-journalprint {journal}

-

DESCRIPTION

+

DESCRIPTION

named-journalprint prints the contents of a zone journal file in a human-readable @@ -76,7 +76,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), nsupdate(8), @@ -84,7 +84,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index 1b40d226c5..53a2d0bf1a 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -50,7 +50,7 @@

named-rrchecker [-h] [-o origin] [-p] [-u] [-C] [-T] [-P]

-

DESCRIPTION

+

DESCRIPTION

named-rrchecker read a individual DNS resource record from standard input and checks if it is syntactically correct. @@ -78,7 +78,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1034, RFC 1035, diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index 06f5d0c028..6305b4cdb0 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -50,7 +50,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-L logfile] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -65,7 +65,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -281,7 +281,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -302,7 +302,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is provided @@ -319,7 +319,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -332,7 +332,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, @@ -345,7 +345,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index 4410677854..738cfdc36f 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -48,7 +48,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -80,14 +80,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 29ebf03160..54eba9e5da 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -50,7 +50,7 @@

nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -236,7 +236,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -538,7 +538,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -592,7 +592,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -615,7 +615,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -630,7 +630,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 80f74dbe6b..c65db20c29 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -50,7 +50,7 @@

rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -180,7 +180,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -197,7 +197,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -205,7 +205,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 65ae7028a0..942b97b831 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -50,7 +50,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -136,7 +136,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -210,7 +210,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -220,7 +220,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -228,7 +228,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 85a07f1e0e..a72c8df7ec 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -50,7 +50,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -81,7 +81,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -152,7 +152,7 @@

-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can be seen by running rndc without arguments. @@ -537,7 +537,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -547,7 +547,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), @@ -557,7 +557,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium