upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'prep-release'

Browse source
This commit is contained in:
Tinderbox User 2019-02-06 22:15:10 +00:00
commit afe73feae8
142 changed files with 1037 additions and 953 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
--- 9.13.6 released ---
5156. [doc] Extended and refined the section of the ARM describing
mirror zones. [GL #774]

2
README
View file

@ -123,6 +123,8 @@ of changes from BIND 9.12 and earlier releases. New features include:
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
* "named -V" now outputs the default paths for files used by named and
other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries

2
README.md
View file

@ -139,6 +139,8 @@ include:
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
* "named -V" now outputs the default paths for files used by named
and other tools.
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries

4
bin/check/named-checkconf.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -143,5 +143,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/check/named-checkconf.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/check/named-checkzone.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/check/named-checkzone.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/confgen/ddns-confgen.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -144,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/confgen/ddns-confgen.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/confgen/rndc-confgen.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -206,5 +206,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/confgen/rndc-confgen.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/delv/delv.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -437,5 +437,5 @@ RFC5155\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/delv/delv.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dig/dig.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -824,5 +824,5 @@ There are probably too many query options\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dig/dig.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dig/host.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -269,5 +269,5 @@ runs\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dig/host.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dig/nslookup.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -301,5 +301,5 @@ runs or when the standard output is not a tty\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dig/nslookup.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

6
bin/dnssec/dnssec-cds.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -102,7 +102,7 @@ Specify a digest algorithm to use when converting CDNSKEY records to DS records\
.sp
The
\fIalgorithm\fR
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), or SHA\-384 (SHA384)\&. These values are case insensitive\&. If no algorithm is specified, the default is SHA\-256\&.
must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
.RE
.PP
\-c \fIclass\fR
@ -293,5 +293,5 @@ RFC 7344\&.
.RE
.SH "COPYRIGHT"
.br
Copyright \(co 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2017-2019 Internet Systems Consortium, Inc. ("ISC")
.br

8
bin/dnssec/dnssec-cds.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -129,9 +129,9 @@
record. This option has no effect when using CDS records.
</p>
<p>
The <em class="replaceable"><code>algorithm</code></em> must be one of SHA-1
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
The <em class="replaceable"><code>algorithm</code></em> must be one of
SHA-1, SHA-256, or SHA-384. These values are case insensitive,
and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>

151
bin/dnssec/dnssec-dsfromkey.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -39,61 +39,103 @@
dnssec-dsfromkey \- DNSSEC DS RR generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {keyfile}
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-A\fR] {\fB\-f\ \fR\fB\fIfile\fR\fR} [dnsname]
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR [\fB\-h\fR] [\fB\-V\fR]
\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {\-s} {dnsname}
.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
\fBdnssec\-dsfromkey\fR [\fB\-h\fR | \fB\-V\fR]
.SH "DESCRIPTION"
.PP
The
\fBdnssec\-dsfromkey\fR
outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s)\&.
command outputs DS (Delegation Signer) resource records (RRs) and other similarly\-constructed RRs: with the
\fB\-l\fR
option it outputs DLV (DNSSEC Lookaside Validation) RRs; or with the
\fB\-C\fR
it outputs CDS (Child DS) RRs\&.
.PP
The input keys can be specified in a number of ways:
.PP
By default,
\fBdnssec\-dsfromkey\fR
reads a key file named like
Knnnn\&.+aaa+iiiii\&.key, as generated by
\fBdnssec\-keygen\fR\&.
.PP
With the
\fB\-f \fR\fB\fIfile\fR\fR
option,
\fBdnssec\-dsfromkey\fR
reads keys from a zone file or partial zone file (which can contain just the DNSKEY records)\&.
.PP
With the
\fB\-s\fR
option,
\fBdnssec\-dsfromkey\fR
reads a
keyset\-
file, as generated by
\fBdnssec\-keygen\fR\fB\-C\fR\&.
.SH "OPTIONS"
.PP
\-1
.RS 4
Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256)\&.
An abbreviation for
\fB\-a SHA1\fR
.RE
.PP
\-2
.RS 4
Use SHA\-256 as the digest algorithm\&.
An abbreviation for
\fB\-a SHA\-256\fR
.RE
.PP
\-a \fIalgorithm\fR
.RS 4
Select the digest algorithm\&. The value of
\fBalgorithm\fR
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or SHA\-384 (SHA384)\&. These values are case insensitive\&.
Specify a digest algorithm to use when converting DNSKEY records to DS records\&. This option can be repeated, so that multiple DS records are created for each DNSKEY record\&.
.sp
The
\fIalgorithm\fR
must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
.RE
.PP
\-A
.RS 4
Include ZSKs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in
\fB\-f\fR
zone file mode\&.
.RE
.PP
\-c \fIclass\fR
.RS 4
Specifies the DNS class (default is IN)\&. Useful only in
\fB\-s\fR
keyset or
\fB\-f\fR
zone file mode\&.
.RE
.PP
\-C
.RS 4
Generate CDS records rather than DS records\&. This is mutually exclusive with generating lookaside records\&.
.RE
.PP
\-T \fITTL\fR
.RS 4
Specifies the TTL of the DS records\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
Look for key files (or, in keyset mode,
keyset\-
files) in
\fBdirectory\fR\&.
Generate CDS records rather than DS records\&. This is mutually exclusive with the
\fB\-l\fR
option for generating DLV records\&.
.RE
.PP
\-f \fIfile\fR
.RS 4
Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
Zone file mode:
\fBdnssec\-dsfromkey\fR\*(Aqs final
\fIdnsname\fR
argument is the DNS domain name of a zone whose master file can be read from
\fBfile\fR\&. If the zone name is the same as
\fBfile\fR, then it may be omitted\&.
.sp
If
\fBfile\fR
is set to
\fIfile\fR
is
"\-", then the zone data is read from the standard input\&. This makes it possible to use the output of the
\fBdig\fR
command as input, as in:
@ -101,26 +143,41 @@ command as input, as in:
\fBdig dnskey example\&.com | dnssec\-dsfromkey \-f \- example\&.com\fR
.RE
.PP
\-A
\-h
.RS 4
Include ZSKs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in zone file mode\&.
Prints usage information\&.
.RE
.PP
\-K \fIdirectory\fR
.RS 4
Look for key files or
keyset\-
files in
\fBdirectory\fR\&.
.RE
.PP
\-l \fIdomain\fR
.RS 4
Generate a DLV set instead of a DS set\&. The specified
\fBdomain\fR
is appended to the name for each record in the set\&. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431\&. This is mutually exclusive with generating CDS records\&.
\fIdomain\fR
is appended to the name for each record in the set\&. This is mutually exclusive with the
\fB\-C\fR
option for generating CDS records\&.
.RE
.PP
\-s
.RS 4
Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file\&.
Keyset mode:
\fBdnssec\-dsfromkey\fR\*(Aqs final
\fIdnsname\fR
argument is the DNS domain name used to locate a
keyset\-
file\&.
.RE
.PP
\-c \fIclass\fR
\-T \fITTL\fR
.RS 4
Specifies the DNS class (default is IN)\&. Useful only in keyset or zone file mode\&.
Specifies the TTL of the DS records\&. By default the TTL is omitted\&.
.RE
.PP
\-v \fIlevel\fR
@ -128,11 +185,6 @@ Specifies the DNS class (default is IN)\&. Useful only in keyset or zone file mo
Sets the debugging level\&.
.RE
.PP
\-h
.RS 4
Prints usage information\&.
.RE
.PP
\-V
.RS 4
Prints version information\&.
@ -141,16 +193,16 @@ Prints version information\&.
.PP
To build the SHA\-256 DS RR from the
\fBKexample\&.com\&.+003+26160\fR
keyfile name, the following command would be issued:
keyfile name, you can issue the following command:
.PP
\fBdnssec\-dsfromkey \-2 Kexample\&.com\&.+003+26160\fR
.PP
The command would print something like:
.PP
\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94\fR
.SH "FILES"
.PP
The keyfile can be designed by the key identification
The keyfile can be designated by the key identification
Knnnn\&.+aaa+iiiii
or the full file name
Knnnn\&.+aaa+iiiii\&.key
@ -170,13 +222,20 @@ A keyfile error can give a "file not found" even if the file exists\&.
\fBdnssec-keygen\fR(8),
\fBdnssec-signzone\fR(8),
BIND 9 Administrator Reference Manual,
RFC 3658,
RFC 4431\&.
RFC 4509\&.
RFC 3658
(DS RRs),
RFC 4431
(DLV RRs),
RFC 4509
(SHA\-256 for DS RRs),
RFC 6605
(SHA\-384 for DS RRs),
RFC 7344
(CDS and CDNSKEY RRs)\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

225
bin/dnssec/dnssec-dsfromkey.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -33,105 +33,167 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-1</code>]
[<code class="option">-2</code>]
[<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
[<code class="option">-C</code>]
[<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{keyfile}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
{-s}
[<code class="option">-1</code>]
[<code class="option">-2</code>]
[<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
[<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
[<code class="option">-s</code>]
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
[<code class="option">-A</code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
{dnsname}
</p></div>
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-A</code>]
{<code class="option">-f <em class="replaceable"><code>file</code></em></code>}
[dnsname]
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[<code class="option">-h</code>]
[<code class="option">-V</code>]
</p></div>
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{-s}
{dnsname}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[
<code class="option">-h</code>
| <code class="option">-V</code>
]
</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
<p>
The <span class="command"><strong>dnssec-dsfromkey</strong></span> command outputs DS (Delegation
Signer) resource records (RRs) and other similarly-constructed RRs:
with the <code class="option">-l</code> option it outputs DLV (DNSSEC Lookaside
Validation) RRs; or with the <code class="option">-C</code> it outputs CDS (Child
DS) RRs.
</p>
<p>
The input keys can be specified in a number of ways:
</p>
<p>
By default, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads a key file
named like <code class="filename">Knnnn.+aaa+iiiii.key</code>, as generated
by <span class="command"><strong>dnssec-keygen</strong></span>.
</p>
<p>
With the <code class="option">-f <em class="replaceable"><code>file</code></em></code>
option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads keys from a zone file
or partial zone file (which can contain just the DNSKEY records).
</p>
<p>
With the <code class="option">-s</code>
option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads
a <code class="filename">keyset-</code> file, as generated
by <span class="command"><strong>dnssec-keygen</strong></span> <code class="option">-C</code>.
</p>
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd>
<p>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).
An abbreviation for <code class="option">-a SHA1</code>
</p>
</dd>
<dt><span class="term">-2</span></dt>
<dd>
<p>
Use SHA-256 as the digest algorithm.
An abbreviation for <code class="option">-a SHA-256</code>
</p>
</dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
Specify a digest algorithm to use when converting DNSKEY
records to DS records. This option can be repeated, so
that multiple DS records are created for each DNSKEY
record.
</p>
<p>
The <em class="replaceable"><code>algorithm</code></em> must be one of
SHA-1, SHA-256, or SHA-384. These values are case insensitive,
and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dd>
<p>
Include ZSKs when generating DS records. Without this option, only
keys which have the KSK flag set will be converted to DS records
and printed. Useful only in <code class="option">-f</code> zone file mode.
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd>
<p>
Specifies the DNS class (default is IN). Useful only
in <code class="option">-s</code> keyset or <code class="option">-f</code>
zone file mode.
</p>
</dd>
<dt><span class="term">-C</span></dt>
<dd>
<p>
Generate CDS records rather than DS records. This is mutually
exclusive with generating lookaside records.
</p>
</dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
Specifies the TTL of the DS records.
</p>
</dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
Look for key files (or, in keyset mode,
<code class="filename">keyset-</code> files) in
<code class="option">directory</code>.
Generate CDS records rather than DS records. This is mutually
exclusive with the <code class="option">-l</code> option for generating DLV
records.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
Zone file mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
final <em class="replaceable"><code>dnsname</code></em> argument is
the DNS domain name of a zone whose master file can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
If <em class="replaceable"><code>file</code></em> is <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
@ -140,37 +202,41 @@
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dt><span class="term">-h</span></dt>
<dd>
<p>
Include ZSKs when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
records and printed. Useful only in zone file mode.
</p>
</dd>
<p>
Prints usage information.
</p>
</dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
Look for key files or <code class="filename">keyset-</code> files in
<code class="option">directory</code>.
</p>
</dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd>
<p>
Generate a DLV set instead of a DS set. The specified
<code class="option">domain</code> is appended to the name for each
Generate a DLV set instead of a DS set. The specified
<em class="replaceable"><code>domain</code></em> is appended to the name for each
record in the set.
The DNSSEC Lookaside Validation (DLV) RR is described
in RFC 4431. This is mutually exclusive with generating
CDS records.
This is mutually exclusive with the <code class="option">-C</code> option
for generating CDS records.
</p>
</dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
Keyset mode: in place of the keyfile name, the argument is
the DNS domain name of a keyset file.
Keyset mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
final <em class="replaceable"><code>dnsname</code></em> argument is the DNS
domain name used to locate a <code class="filename">keyset-</code> file.
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
Specifies the DNS class (default is IN). Useful only
in keyset or zone file mode.
Specifies the TTL of the DS records. By default the TTL is omitted.
</p>
</dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
@ -179,12 +245,6 @@
Sets the debugging level.
</p>
</dd>
<dt><span class="term">-h</span></dt>
<dd>
<p>
Prints usage information.
</p>
</dd>
<dt><span class="term">-V</span></dt>
<dd>
<p>
@ -200,22 +260,23 @@
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
keyfile name, the following command would be issued:
keyfile name, you can issue the following command:
</p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
</p>
<p>
The command would print something like:
</p>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</code></strong>
</p>
</div>
<div class="refsection">
<a name="id-1.10"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
The keyfile can be designated by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
<code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
<span class="refentrytitle">dnssec-keygen</span>(8).
@ -245,9 +306,11 @@
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 3658</em>,
<em class="citetitle">RFC 4431</em>.
<em class="citetitle">RFC 4509</em>.
<em class="citetitle">RFC 3658</em> (DS RRs),
<em class="citetitle">RFC 4431</em> (DLV RRs),
<em class="citetitle">RFC 4509</em> (SHA-256 for DS RRs),
<em class="citetitle">RFC 6605</em> (SHA-384 for DS RRs),
<em class="citetitle">RFC 7344</em> (CDS and CDNSKEY RRs).
</p>
</div>

4
bin/dnssec/dnssec-importkey.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -134,5 +134,5 @@ RFC 5011\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dnssec/dnssec-importkey.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

6
bin/dnssec/dnssec-keyfromlabel.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -55,7 +55,7 @@ of the key is specified on the command line\&. This must match the name of the z
.RS 4
Selects the cryptographic algorithm\&. The value of
\fBalgorithm\fR
must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
@ -307,5 +307,5 @@ The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

4
bin/dnssec/dnssec-keyfromlabel.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -89,7 +89,7 @@
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
<code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</p>

6
bin/dnssec/dnssec-keygen.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -62,7 +62,7 @@ may be preferable to direct use of
.RS 4
Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
\fBalgorithm\fR
must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
must be one of RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
\fB\-T KEY\fR
option as well\&.
.sp
@ -354,5 +354,5 @@ RFC 4034\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

4
bin/dnssec/dnssec-keygen.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -99,7 +99,7 @@
<dd>
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
of <code class="option">algorithm</code> must be one of RSASHA1,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying

4
bin/dnssec/dnssec-revoke.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -99,5 +99,5 @@ RFC 5011\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dnssec/dnssec-revoke.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dnssec/dnssec-settime.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -200,5 +200,5 @@ RFC 5011\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dnssec/dnssec-settime.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dnssec/dnssec-signzone.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -468,5 +468,5 @@ RFC 4641\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dnssec/dnssec-signzone.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/dnssec/dnssec-verify.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -113,5 +113,5 @@ RFC 4033\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/dnssec/dnssec-verify.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/named/named.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -378,5 +378,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br

113
bin/named/named.conf.5
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2004-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-10-23
.\" Date: 2018-12-07
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "NAMED\&.CONF" "5" "2018\-10\-23" "ISC" "BIND9"
.TH "NAMED\&.CONF" "5" "2018\-12\-07" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@ -209,9 +209,9 @@ options {
bindkeys\-file \fIquoted_string\fR;
blackhole { \fIaddress_match_element\fR; \&.\&.\&. };
cache\-file \fIquoted_string\fR;
catalog\-zones { zone \fIquoted_string\fR [ default\-masters [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
[ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
\fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
@ -265,12 +265,15 @@ options {
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; \&.\&.\&. };
dnstap\-identity ( \fIquoted_string\fR | none | hostname );
dnstap\-output ( file | unix ) \fIquoted_string\fR [ size ( unlimited |
\fIsize\fR ) ] [ versions ( unlimited | \fIinteger\fR ) ] [ suffix (
increment | timestamp ) ];
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
\&.\&.\&. };
dnstap\-identity ( \fIquoted_string\fR | none |
hostname );
dnstap\-output ( file | unix ) \fIquoted_string\fR [
size ( unlimited | \fIsize\fR ) ] [ versions (
unlimited | \fIinteger\fR ) ] [ suffix ( increment
| timestamp ) ];
dnstap\-version ( \fIquoted_string\fR | none );
dscp \fIinteger\fR;
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
@ -286,9 +289,6 @@ options {
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
files ( default | unlimited | \fIsizeval\fR );
filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
flush\-zones\-on\-shutdown \fIboolean\fR;
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
@ -409,18 +409,17 @@ options {
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
response\-policy { zone \fIquoted_string\fR [ log \fIboolean\fR ] [
max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
policy ( cname | disabled | drop | given | no\-op | nodata |
nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ break\-dnssec \fIboolean\fR ] [
max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [
nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [
dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
} ];
response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl
\fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname |
disabled | drop | given | no\-op | nodata | nxdomain | passthru
| tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
[ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
@ -481,6 +480,18 @@ options {
.if n \{\
.RE
.\}
.SH "PLUGIN"
.sp
.if n \{\
.RS 4
.\}
.nf
plugin ( query ) \fIstring\fR [ { \fIunspecified\-text\fR
} ];
.fi
.if n \{\
.RE
.\}
.SH "SERVER"
.sp
.if n \{\
@ -580,9 +591,9 @@ view \fIstring\fR [ \fIclass\fR ] {
auth\-nxdomain \fIboolean\fR; // default changed
auto\-dnssec ( allow | maintain | off );
cache\-file \fIquoted_string\fR;
catalog\-zones { zone \fIquoted_string\fR [ default\-masters [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [
port \fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
catalog\-zones { zone \fIstring\fR [ default\-masters [ port \fIinteger\fR ]
[ dscp \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [ port
\fIinteger\fR ] | \fIipv6_address\fR [ port \fIinteger\fR ] ) [ key
\fIstring\fR ]; \&.\&.\&. } ] [ zone\-directory \fIquoted_string\fR ] [
in\-memory \fIboolean\fR ] [ min\-update\-interval \fIttlval\fR ]; \&.\&.\&. };
check\-dup\-records ( fail | warn | ignore );
@ -635,8 +646,9 @@ view \fIstring\fR [ \fIclass\fR ] {
dnssec\-secure\-to\-insecure \fIboolean\fR;
dnssec\-update\-mode ( maintain | no\-resign );
dnssec\-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; \&.\&.\&. };
dnstap { ( all | auth | client | forwarder |
resolver | update ) [ ( query | response ) ];
\&.\&.\&. };
dual\-stack\-servers [ port \fIinteger\fR ] { ( \fIquoted_string\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv4_address\fR [ port
\fIinteger\fR ] [ dscp \fIinteger\fR ] | \fIipv6_address\fR [ port
@ -650,9 +662,6 @@ view \fIstring\fR [ \fIclass\fR ] {
fetch\-quota\-params \fIinteger\fR \fIfixedpoint\fR \fIfixedpoint\fR \fIfixedpoint\fR;
fetches\-per\-server \fIinteger\fR [ ( drop | fail ) ];
fetches\-per\-zone \fIinteger\fR [ ( drop | fail ) ];
filter\-aaaa { \fIaddress_match_element\fR; \&.\&.\&. };
filter\-aaaa\-on\-v4 ( break\-dnssec | \fIboolean\fR );
filter\-aaaa\-on\-v6 ( break\-dnssec | \fIboolean\fR );
forward ( first | only );
forwarders [ port \fIinteger\fR ] [ dscp \fIinteger\fR ] { ( \fIipv4_address\fR
| \fIipv6_address\fR ) [ port \fIinteger\fR ] [ dscp \fIinteger\fR ]; \&.\&.\&. };
@ -693,6 +702,8 @@ view \fIstring\fR [ \fIclass\fR ] {
max\-udp\-size \fIinteger\fR;
max\-zone\-ttl ( unlimited | \fIttlval\fR );
message\-compression \fIboolean\fR;
min\-cache\-ttl \fIttlval\fR;
min\-ncache\-ttl \fIttlval\fR;
min\-refresh\-time \fIinteger\fR;
min\-retry\-time \fIinteger\fR;
minimal\-any \fIboolean\fR;
@ -711,6 +722,8 @@ view \fIstring\fR [ \fIclass\fR ] {
nta\-lifetime \fIttlval\fR;
nta\-recheck \fIttlval\fR;
nxdomain\-redirect \fIstring\fR;
plugin ( query ) \fIstring\fR [ {
\fIunspecified\-text\fR } ];
preferred\-glue \fIstring\fR;
prefetch \fIinteger\fR [ \fIinteger\fR ];
provide\-ixfr \fIboolean\fR;
@ -748,18 +761,17 @@ view \fIstring\fR [ \fIclass\fR ] {
resolver\-retry\-interval \fIinteger\fR;
response\-padding { \fIaddress_match_element\fR; \&.\&.\&. } block\-size
\fIinteger\fR;
response\-policy { zone \fIquoted_string\fR [ log \fIboolean\fR ] [
max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
policy ( cname | disabled | drop | given | no\-op | nodata |
nxdomain | passthru | tcp\-only \fIquoted_string\fR ) ] [
recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [ break\-dnssec \fIboolean\fR ] [
max\-policy\-ttl \fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [
min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ] [
nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ] [
dnsrps\-enable \fIboolean\fR ] [ dnsrps\-options { \fIunspecified\-text\fR
} ];
response\-policy { zone \fIstring\fR [ log \fIboolean\fR ] [ max\-policy\-ttl
\fIttlval\fR ] [ min\-update\-interval \fIttlval\fR ] [ policy ( cname |
disabled | drop | given | no\-op | nodata | nxdomain | passthru
| tcp\-only \fIquoted_string\fR ) ] [ recursive\-only \fIboolean\fR ] [
nsip\-enable \fIboolean\fR ] [ nsdname\-enable \fIboolean\fR ]; \&.\&.\&. } [
break\-dnssec \fIboolean\fR ] [ max\-policy\-ttl \fIttlval\fR ] [
min\-update\-interval \fIttlval\fR ] [ min\-ns\-dots \fIinteger\fR ] [
nsip\-wait\-recurse \fIboolean\fR ] [ qname\-wait\-recurse \fIboolean\fR ]
[ recursive\-only \fIboolean\fR ] [ nsip\-enable \fIboolean\fR ] [
nsdname\-enable \fIboolean\fR ] [ dnsrps\-enable \fIboolean\fR ] [
dnsrps\-options { \fIunspecified\-text\fR } ];
root\-delegation\-only [ exclude { \fIstring\fR; \&.\&.\&. } ];
root\-key\-sentinel \fIboolean\fR;
rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
@ -895,9 +907,7 @@ view \fIstring\fR [ \fIclass\fR ] {
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR
| * ) ] [ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
pubkey \fIinteger\fR
\fIinteger\fR
\fIinteger\fR
pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
@ -1003,7 +1013,6 @@ zone \fIstring\fR [ \fIclass\fR ] {
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ]
[ dscp \fIinteger\fR ];
notify\-to\-soa \fIboolean\fR;
pubkey \fIinteger\fR \fIinteger\fR
request\-expire \fIboolean\fR;
request\-ixfr \fIboolean\fR;
serial\-update\-method ( date | increment | unixtime );
@ -1051,5 +1060,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2004-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004-2019 Internet Systems Consortium, Inc. ("ISC")
.br

118
bin/named/named.conf.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2004-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -190,9 +190,9 @@ options
bindkeys-file <em class="replaceable"><code>quoted_string</code></em>;<br>
blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
    port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
    [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
@ -246,12 +246,15 @@ options
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
    ( query | response ) ]; ... };<br>
dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |<br>
    <em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (<br>
    increment | timestamp ) ];<br>
dnstap { ( all | auth | client | forwarder |<br>
    resolver | update ) [ ( query | response ) ];<br>
    ... };<br>
dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none |<br>
    hostname );<br>
dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [<br>
    size ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (<br>
    unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment<br>
    | timestamp ) ];<br>
dnstap-version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
dscp <em class="replaceable"><code>integer</code></em>;<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
@ -267,9 +270,6 @@ options
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
files ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
flush-zones-on-shutdown <em class="replaceable"><code>boolean</code></em>;<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
@ -390,18 +390,17 @@ options
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    policy ( cname | disabled | drop | given | no-op | nodata |<br>
    nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
    recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
    <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
    disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
    | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
    break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
    nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
    [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
@ -462,7 +461,16 @@ options
</div>
<div class="refsection">
<a name="id-1.17"></a><h2>SERVER</h2>
<a name="id-1.17"></a><h2>PLUGIN</h2>
<div class="literallayout"><p><br>
plugin ( query ) <em class="replaceable"><code>string</code></em> [ { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
</p></div>
</div>
<div class="refsection">
<a name="id-1.18"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server <em class="replaceable"><code>netprefix</code></em> {<br>
@ -501,7 +509,7 @@ server
</div>
<div class="refsection">
<a name="id-1.18"></a><h2>STATISTICS-CHANNELS</h2>
<a name="id-1.19"></a><h2>STATISTICS-CHANNELS</h2>
<div class="literallayout"><p><br>
statistics-channels {<br>
@ -514,7 +522,7 @@ statistics-channels
</div>
<div class="refsection">
<a name="id-1.19"></a><h2>TRUSTED-KEYS</h2>
<a name="id-1.20"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
@ -523,7 +531,7 @@ trusted-keys
</div>
<div class="refsection">
<a name="id-1.20"></a><h2>VIEW</h2>
<a name="id-1.21"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@ -549,9 +557,9 @@ view
auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
auto-dnssec ( allow | maintain | off );<br>
cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
catalog-zones { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
    port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
catalog-zones { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]<br>
    [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
@ -604,8 +612,9 @@ view
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
    ( query | response ) ]; ... };<br>
dnstap { ( all | auth | client | forwarder |<br>
    resolver | update ) [ ( query | response ) ];<br>
    ... };<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port<br>
@ -619,9 +628,6 @@ view
fetch-quota-params <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em> <em class="replaceable"><code>fixedpoint</code></em>;<br>
fetches-per-server <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
fetches-per-zone <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];<br>
filter-aaaa { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
filter-aaaa-on-v4 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
filter-aaaa-on-v6 ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );<br>
forward ( first | only );<br>
forwarders [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em><br>
    | <em class="replaceable"><code>ipv6_address</code></em> ) [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ]; ... };<br>
@ -662,6 +668,8 @@ view
max-udp-size <em class="replaceable"><code>integer</code></em>;<br>
max-zone-ttl ( unlimited | <em class="replaceable"><code>ttlval</code></em> );<br>
message-compression <em class="replaceable"><code>boolean</code></em>;<br>
min-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
minimal-any <em class="replaceable"><code>boolean</code></em>;<br>
@ -680,6 +688,8 @@ view
nta-lifetime <em class="replaceable"><code>ttlval</code></em>;<br>
nta-recheck <em class="replaceable"><code>ttlval</code></em>;<br>
nxdomain-redirect <em class="replaceable"><code>string</code></em>;<br>
plugin ( query ) <em class="replaceable"><code>string</code></em> [ {<br>
    <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
preferred-glue <em class="replaceable"><code>string</code></em>;<br>
prefetch <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
@ -717,18 +727,17 @@ view
resolver-retry-interval <em class="replaceable"><code>integer</code></em>;<br>
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    policy ( cname | disabled | drop | given | no-op | nodata |<br>
    nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
    recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
response-policy { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl<br>
    <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |<br>
    disabled | drop | given | no-op | nodata | nxdomain | passthru<br>
    | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [<br>
    break-dnssec <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [<br>
    nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]<br>
    [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
@ -864,9 +873,7 @@ view
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em><br>
    | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
pubkey <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
    <em class="replaceable"><code>integer</code></em><br>
pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
@ -900,7 +907,7 @@ view
</div>
<div class="refsection">
<a name="id-1.21"></a><h2>ZONE</h2>
<a name="id-1.22"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@ -969,7 +976,6 @@ zone
notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * ) ]<br>
    [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
notify-to-soa <em class="replaceable"><code>boolean</code></em>;<br>
pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
@ -1001,14 +1007,14 @@ zone
</div>
<div class="refsection">
<a name="id-1.22"></a><h2>FILES</h2>
<a name="id-1.23"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsection">
<a name="id-1.23"></a><h2>SEE ALSO</h2>
<a name="id-1.24"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">ddns-confgen</span>(8)

2
bin/named/named.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/nsupdate/nsupdate.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -519,5 +519,5 @@ The TSIG key is redundantly stored in two separate files\&. This is a consequenc
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/nsupdate/nsupdate.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/pkcs11/pkcs11-destroy.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -93,5 +93,5 @@ Specify how long to pause before carrying out key destruction\&. The default is
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/pkcs11/pkcs11-destroy.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/pkcs11/pkcs11-keygen.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -116,5 +116,5 @@ Open the session with the given PKCS#11 slot\&. The default is slot 0\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/pkcs11/pkcs11-keygen.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/pkcs11/pkcs11-list.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -94,5 +94,5 @@ will prompt for it\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/pkcs11/pkcs11-list.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/pkcs11/pkcs11-tokens.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -65,5 +65,5 @@ Make the PKCS#11 libisc initialization verbose\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/pkcs11/pkcs11-tokens.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/plugins/filter-aaaa.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -112,5 +112,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/plugins/filter-aaaa.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/python/dnssec-checkds.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2012-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -87,5 +87,5 @@ binary\&. Used for testing\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2012-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2012-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/python/dnssec-checkds.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2012-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/python/dnssec-coverage.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -152,5 +152,5 @@ binary\&. Used for testing\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/python/dnssec-coverage.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

8
bin/python/dnssec-keymgr.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2016-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -69,6 +69,10 @@ will search the key directory (either the current working directory or the direc
\fB\-K\fR
option), and check the keys for all the zones represented in the directory\&.
.PP
Key times that are in the past will not be updated unless the
\fB\-f\fR
is used (see below)\&. Key inactivation and deletion times that are less than five minutes in the future will be delayed by five minutes\&.
.PP
It is expected that this tool will be run automatically and unattended (for example, by
\fBcron\fR)\&.
.SH "OPTIONS"
@ -288,5 +292,5 @@ Allow configuration of standby keys and use of the REVOKE bit, for keys that use
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2016-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2016-2019 Internet Systems Consortium, Inc. ("ISC")
.br

8
bin/python/dnssec-keymgr.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2016-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -91,6 +91,12 @@
set by the <code class="option">-K</code> option), and check the keys for
all the zones represented in the directory.
</p>
<p>
Key times that are in the past will not be updated unless
the <code class="option">-f</code> is used (see below). Key inactivation
and deletion times that are less than five minutes in the future
will be delayed by five minutes.
</p>
<p>
It is expected that this tool will be run automatically and
unattended (for example, by <span class="command"><strong>cron</strong></span>).

4
bin/rndc/rndc.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -750,5 +750,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
.br

4
bin/rndc/rndc.conf.5
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -230,5 +230,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/rndc/rndc.conf.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

2
bin/rndc/rndc.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/arpaname.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -52,5 +52,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/arpaname.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/dnstap-read.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -91,5 +91,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/dnstap-read.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/mdig.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -398,5 +398,5 @@ RFC1035\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2015-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/mdig.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2015-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/named-journalprint.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -64,5 +64,5 @@ BIND 9 Administrator Reference Manual\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/named-journalprint.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/named-nzd2nzf.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -63,5 +63,5 @@ BIND 9 Administrator Reference Manual
Internet Systems Consortium
.SH "COPYRIGHT"
.br
Copyright \(co 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/named-nzd2nzf.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/named-rrchecker.1
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -77,5 +77,5 @@ RFC 1035,
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/named-rrchecker.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
bin/tools/nsec3hash.8
View file

@ -1,4 +1,4 @@
.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
@ -84,5 +84,5 @@ RFC 5155\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
.br

2
bin/tools/nsec3hash.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this

4
doc/arm/Bv9ARM.ch01.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -614,6 +614,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch02.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -146,6 +146,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

13
doc/arm/Bv9ARM.ch03.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -501,15 +501,8 @@ zone "eng.example.com" {
(<span class="command"><strong>rndc</strong></span>) program allows the
system
administrator to control the operation of a name server.
Since <acronym class="acronym">BIND</acronym> 9.2, <span class="command"><strong>rndc</strong></span>
supports all the commands of the BIND 8 <span class="command"><strong>ndc</strong></span>
utility except <span class="command"><strong>ndc start</strong></span> and
<span class="command"><strong>ndc restart</strong></span>, which were also
not supported in <span class="command"><strong>ndc</strong></span>'s
channel mode.
If you run <span class="command"><strong>rndc</strong></span> without any
options
it will display a usage message as follows:
options, it will display a usage message as follows:
</p>
<div class="cmdsynopsis"><p>
<code class="command">rndc</code>
@ -863,6 +856,6 @@ controls {
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

47
doc/arm/Bv9ARM.ch04.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -921,41 +921,36 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
</p>
<p>
A secure zone must contain one or more zone keys. The
zone keys will sign all other records in the zone, as well as
the zone keys of any secure delegated zones. Zone keys must
have the same name as the zone, a name type of
<span class="command"><strong>ZONE</strong></span>, and must be usable for
authentication.
It is recommended that zone keys use a cryptographic algorithm
designated as "mandatory to implement" by the IETF; currently
the only one is RSASHA1.
A secure zone must contain one or more zone keys. The zone keys will
sign all other records in the zone, as well as the zone keys of any
secure delegated zones. Zone keys must have the same name as the
zone, a name type of <span class="command"><strong>ZONE</strong></span>, and must be usable for
authentication. It is recommended that zone keys use a cryptographic
algorithm designated as "mandatory to implement" by the IETF;
currently the are two algorithms: RSASHA256 and ECDSAP256SHA256.
ECDSAP256SHA256 is recommended for current and future deployments.
</p>
<p>
The following command will generate a 768-bit RSASHA1 key for
The following command will generate a ECDSAP256SHA256 key for
the <code class="filename">child.example</code> zone:
</p>
<p>
<strong class="userinput"><code>dnssec-keygen -a RSASHA1 -b 768 -n ZONE child.example.</code></strong>
<strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE child.example.</code></strong>
</p>
<p>
Two output files will be produced:
<code class="filename">Kchild.example.+005+12345.key</code> and
<code class="filename">Kchild.example.+005+12345.private</code>
(where
12345 is an example of a key tag). The key filenames contain
the key name (<code class="filename">child.example.</code>),
algorithm (3
is DSA, 1 is RSAMD5, 5 is RSASHA1, etc.), and the key tag (12345 in
this case).
The private key (in the <code class="filename">.private</code>
file) is
used to generate signatures, and the public key (in the
<code class="filename">.key</code> file) is used for signature
verification.
<code class="filename">Kchild.example.+013+12345.key</code> and
<code class="filename">Kchild.example.+013+12345.private</code> (where 12345 is
an example of a key tag). The key filenames contain the key name
(<code class="filename">child.example.</code>), algorithm (5 is RSASHA1, 8 is
RSASHA256, 13 is ECDSAP256SHA256, 15 is ED25519 etc.), and the key tag
(12345 in this case). The private key (in the
<code class="filename">.private</code> file) is used to generate signatures,
and the public key (in the <code class="filename">.key</code> file) is used for
signature verification.
</p>
<p>
@ -2868,6 +2863,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

418
doc/arm/Bv9ARM.ch05.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -1312,12 +1312,9 @@
</pre>
<p>
In <acronym class="acronym">BIND</acronym> 9, the logging configuration
is only established when
the entire configuration file has been parsed. In <acronym class="acronym">BIND</acronym> 8, it was
established as soon as the <span class="command"><strong>logging</strong></span>
statement
was parsed. When the server is starting up, all logging messages
The logging configuration is only established when
the entire configuration file has been parsed.
When the server is starting up, all logging messages
regarding syntax errors in the configuration file go to the default
channels, or to standard error if the <code class="option">-g</code> option
was specified.
@ -2393,9 +2390,9 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>bindkeys-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>blackhole</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>cache-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>catalog-zones</strong></span> { zone <em class="replaceable"><code>quoted_string</code></em> [ default-masters [ port
<em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [
<span class="command"><strong>port</strong></span> <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key
<span class="command"><strong>catalog-zones</strong></span> { zone <em class="replaceable"><code>string</code></em> [ default-masters [ port <em class="replaceable"><code>integer</code></em> ]
[ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [ port
<em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key
<em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [
<span class="command"><strong>in-memory</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };
<span class="command"><strong>check-dup-records</strong></span> ( fail | warn | ignore );
@ -2449,12 +2446,15 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>dnssec-secure-to-insecure</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>dnssec-update-mode</strong></span> ( maintain | no-resign );
<span class="command"><strong>dnssec-validation</strong></span> ( yes | no | auto );
<span class="command"><strong>dnstap</strong></span> { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
<span class="command"><strong>dnstap-identity</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );
<span class="command"><strong>dnstap-output</strong></span> ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |
<em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (
<span class="command"><strong>increment</strong></span> | timestamp ) ];
<span class="command"><strong>dnstap</strong></span> { ( all | auth | client | forwarder |
<span class="command"><strong>resolver</strong></span> | update ) [ ( query | response ) ];
... };
<span class="command"><strong>dnstap-identity</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none |
<span class="command"><strong>hostname</strong></span> );
<span class="command"><strong>dnstap-output</strong></span> ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [
<span class="command"><strong>size</strong></span> ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (
<span class="command"><strong>unlimited</strong></span> | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment
| timestamp ) ];
<span class="command"><strong>dnstap-version</strong></span> ( <em class="replaceable"><code>quoted_string</code></em> | none );
<span class="command"><strong>dscp</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>dual-stack-servers</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port
@ -2470,9 +2470,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>fetches-per-server</strong></span> <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];
<span class="command"><strong>fetches-per-zone</strong></span> <em class="replaceable"><code>integer</code></em> [ ( drop | fail ) ];
<span class="command"><strong>files</strong></span> ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );
<span class="command"><strong>filter-aaaa</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... };
<span class="command"><strong>filter-aaaa-on-v4</strong></span> ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>filter-aaaa-on-v6</strong></span> ( break-dnssec | <em class="replaceable"><code>boolean</code></em> );
<span class="command"><strong>flush-zones-on-shutdown</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>forward</strong></span> ( first | only );
<span class="command"><strong>forwarders</strong></span> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>ipv4_address</code></em>
@ -2528,6 +2525,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>memstatistics</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>memstatistics-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
<span class="command"><strong>message-compression</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>min-cache-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em>;
<span class="command"><strong>min-ncache-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em>;
<span class="command"><strong>min-refresh-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>min-retry-time</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>minimal-any</strong></span> <em class="replaceable"><code>boolean</code></em>;
@ -2591,18 +2590,17 @@ badresp:1,adberr:0,findfail:0,valfail:0]
<span class="command"><strong>resolver-retry-interval</strong></span> <em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>response-padding</strong></span> { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size
<em class="replaceable"><code>integer</code></em>;
<span class="command"><strong>response-policy</strong></span> { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>max-policy-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [
<span class="command"><strong>policy</strong></span> ( cname | disabled | drop | given | no-op | nodata |
<span class="command"><strong>nxdomain</strong></span> | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [
<span class="command"><strong>recursive-only</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>nsdname-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>max-policy-ttl</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [
<span class="command"><strong>min-ns-dots</strong></span> <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>qname-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>nsip-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>dnsrps-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em>
} ];
<span class="command"><strong>response-policy</strong></span> { zone <em class="replaceable"><code>string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl
<em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [ policy ( cname |
<span class="command"><strong>disabled</strong></span> | drop | given | no-op | nodata | nxdomain | passthru
| tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>nsip-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [
<span class="command"><strong>break-dnssec</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [
<span class="command"><strong>min-update-interval</strong></span> <em class="replaceable"><code>ttlval</code></em> ] [ min-ns-dots <em class="replaceable"><code>integer</code></em> ] [
<span class="command"><strong>nsip-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ]
[ recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>nsdname-enable</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [
<span class="command"><strong>dnsrps-options</strong></span> { <em class="replaceable"><code>unspecified-text</code></em> } ];
<span class="command"><strong>root-delegation-only</strong></span> [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];
<span class="command"><strong>root-key-sentinel</strong></span> <em class="replaceable"><code>boolean</code></em>;
<span class="command"><strong>rrset-order</strong></span> { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name
@ -3079,17 +3077,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
effective user ID of the <span class="command"><strong>named</strong></span> process.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>named-xfer</strong></span></span></dt>
<dd>
<p>
<span class="emphasis"><em>This option is obsolete.</em></span> It
was used in <acronym class="acronym">BIND</acronym> 8 to specify
the pathname to the <span class="command"><strong>named-xfer</strong></span>
program. In <acronym class="acronym">BIND</acronym> 9, no separate
<span class="command"><strong>named-xfer</strong></span> program is needed;
its functionality is built into the name server.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>qname-minimization</strong></span></span></dt>
<dd>
<p>
@ -3836,13 +3823,11 @@ options {
<dt><span class="term"><span class="command"><strong>auth-nxdomain</strong></span></span></dt>
<dd>
<p>
If <strong class="userinput"><code>yes</code></strong>, then the <span class="command"><strong>AA</strong></span> bit
is always set on NXDOMAIN responses, even if the server is
not actually
authoritative. The default is <strong class="userinput"><code>no</code></strong>;
this is
a change from <acronym class="acronym">BIND</acronym> 8. If you
are using very old DNS software, you
If <strong class="userinput"><code>yes</code></strong>, then the
<span class="command"><strong>AA</strong></span> bit is always set on NXDOMAIN
responses, even if the server is not actually
authoritative. The default is <strong class="userinput"><code>no</code></strong>.
If you are using very old DNS software, you
may need to set it to <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
@ -4088,28 +4073,6 @@ options {
</p>
</dd>
<dt><span class="term"><span class="command"><strong>fake-iquery</strong></span></span></dt>
<dd>
<p>
In <acronym class="acronym">BIND</acronym> 8, this option
enabled simulating the obsolete DNS query type
IQUERY. <acronym class="acronym">BIND</acronym> 9 never does
IQUERY simulation.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>fetch-glue</strong></span></span></dt>
<dd>
<p>
<span class="emphasis"><em>This option is obsolete</em></span>.
In BIND 8, <strong class="userinput"><code>fetch-glue yes</code></strong>
caused the server to attempt to fetch glue resource records
it
didn't have when constructing the additional
data section of a response. This is now considered a bad
idea
and BIND 9 never does it.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>flush-zones-on-shutdown</strong></span></span></dt>
<dd>
<p>
@ -4127,27 +4090,6 @@ options {
but is now obsolete.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>has-old-clients</strong></span></span></dt>
<dd>
<p>
This option was incorrectly implemented
in <acronym class="acronym">BIND</acronym> 8, and is ignored by <acronym class="acronym">BIND</acronym> 9.
To achieve the intended effect
of
<span class="command"><strong>has-old-clients</strong></span> <strong class="userinput"><code>yes</code></strong>, specify
the two separate options <span class="command"><strong>auth-nxdomain</strong></span> <strong class="userinput"><code>yes</code></strong>
and <span class="command"><strong>rfc2308-type1</strong></span> <strong class="userinput"><code>no</code></strong> instead.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>host-statistics</strong></span></span></dt>
<dd>
<p>
In BIND 8, this enabled keeping of
statistics for every host that the name server interacts
with.
Not implemented in BIND 9.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>root-key-sentinel</strong></span></span></dt>
<dd>
<p>
@ -4156,18 +4098,6 @@ options {
<strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
<dd>
<p>
<span class="emphasis"><em>This option is obsolete</em></span>.
It was used in <acronym class="acronym">BIND</acronym> 8 to
determine whether a transaction log was
kept for Incremental Zone Transfer. <acronym class="acronym">BIND</acronym> 9 maintains a transaction
log whenever possible. If you need to disable outgoing
incremental zone
transfers, use <span class="command"><strong>provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>message-compression</strong></span></span></dt>
<dd>
<p>
@ -4249,16 +4179,6 @@ options {
The default is <strong class="userinput"><code>no</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>multiple-cnames</strong></span></span></dt>
<dd>
<p>
This option was used in <acronym class="acronym">BIND</acronym> 8 to allow
a domain name to have multiple CNAME records in violation of
the DNS standards. <acronym class="acronym">BIND</acronym> 9.2 onwards
always strictly enforces the CNAME rules both in master
files and dynamic updates.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>notify</strong></span></span></dt>
<dd>
<p>
@ -4503,22 +4423,6 @@ options {
of two (for instance, 128), but this is not mandatory.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>rfc2308-type1</strong></span></span></dt>
<dd>
<p>
Setting this to <strong class="userinput"><code>yes</code></strong> will
cause the server to send NS records along with the SOA
record for negative
answers. The default is <strong class="userinput"><code>no</code></strong>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
Not yet implemented in <acronym class="acronym">BIND</acronym>
9.
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>trust-anchor-telemetry</strong></span></span></dt>
<dd>
<p>
@ -4546,14 +4450,6 @@ options {
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>use-id-pool</strong></span></span></dt>
<dd>
<p>
<span class="emphasis"><em>This option is obsolete</em></span>.
<acronym class="acronym">BIND</acronym> 9 always allocates query
IDs from a pool.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>use-ixfr</strong></span></span></dt>
<dd>
<p>
@ -4594,21 +4490,6 @@ options {
Usage&#8221;</a>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>treat-cr-as-space</strong></span></span></dt>
<dd>
<p>
This option was used in <acronym class="acronym">BIND</acronym>
8 to make
the server treat carriage return ("<span class="command"><strong>\r</strong></span>") characters the same way
as a space or tab character,
to facilitate loading of zone files on a UNIX system that
were generated
on an NT or DOS machine. In <acronym class="acronym">BIND</acronym> 9, both UNIX "<span class="command"><strong>\n</strong></span>"
and NT/DOS "<span class="command"><strong>\r\n</strong></span>" newlines
are always accepted,
and the option is ignored.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>match-mapped-addresses</strong></span></span></dt>
<dd>
<p>
@ -4728,7 +4609,9 @@ options {
The default is <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>dnssec-validation</strong></span></span></dt>
<dt>
<a name="dnssec_validation"></a><span class="term"><a name="dnssec_validation_term"></a><span class="command"><strong>dnssec-validation</strong></span></span>
</dt>
<dd>
<p>
This enables DNSSEC validation in <span class="command"><strong>named</strong></span>.
@ -5021,8 +4904,7 @@ options {
<dd>
<p>
Try to refresh the zone using TCP if UDP queries fail.
For BIND 8 compatibility, the default is
<span class="command"><strong>yes</strong></span>.
The default is <span class="command"><strong>yes</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>dnssec-secure-to-insecure</strong></span></span></dt>
@ -5174,18 +5056,24 @@ options {
<dt><span class="term"><span class="command"><strong>allow-notify</strong></span></span></dt>
<dd>
<p>
Specifies which hosts are allowed to
notify this server, a slave, of zone changes in addition
to the zone masters.
<span class="command"><strong>allow-notify</strong></span> may also be
specified in the
<span class="command"><strong>zone</strong></span> statement, in which case
it overrides the
<span class="command"><strong>options allow-notify</strong></span>
statement. It is only meaningful
for a slave zone. If not specified, the default is to
process notify messages
only from a zone's master.
This ACL specifies which hosts may send NOTIFY messages
to inform this server of changes to zones for which it
is acting as a secondary server. This is only
applicable for secondary zones (i.e., type
<code class="literal">secondary</code> or <code class="literal">slave</code>).
</p>
<p>
If this option is set in <span class="command"><strong>view</strong></span> or
<span class="command"><strong>options</strong></span>, it is globally applied to
all secondary zones. If set in the <span class="command"><strong>zone</strong></span>
statement, the global value is overridden.
</p>
<p>
If not specified, the default is to process NOTIFY
messages only from the configured
<span class="command"><strong>masters</strong></span> for the zone.
<span class="command"><strong>allow-notify</strong></span> can be used to expand the
list of permitted hosts, not to reduce it.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-query</strong></span></span></dt>
@ -5301,40 +5189,46 @@ options {
<dt><span class="term"><span class="command"><strong>allow-update</strong></span></span></dt>
<dd>
<p>
Specifies which hosts are allowed to
submit Dynamic DNS updates for master zones. The default is
to deny
updates from all hosts. Note that allowing updates based
on the requestor's IP address is insecure; see
When set in the <span class="command"><strong>zone</strong></span> statement for
a master zone, specifies which hosts are allowed to
submit Dynamic DNS updates to that zone. The default
is to deny updates from all hosts. This can only
be set at the <span class="command"><strong>zone</strong></span> level, not in
<span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
</p>
<p>
Note that allowing updates based on the
requestor's IP address is insecure; see
<a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a> for details.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-update-forwarding</strong></span></span></dt>
<dd>
<p>
Specifies which hosts are allowed to
submit Dynamic DNS updates to slave zones to be forwarded to
the
master. The default is <strong class="userinput"><code>{ none; }</code></strong>,
which
means that no update forwarding will be performed. To
enable
update forwarding, specify
When set in the <span class="command"><strong>zone</strong></span> statement for
a slave zone, specifies which hosts are allowed to
submit Dynamic DNS updates and have them be forwarded
to the master. The default is
<strong class="userinput"><code>{ none; }</code></strong>, which means that no
update forwarding will be performed. This can only be
set at the <span class="command"><strong>zone</strong></span> level, not in
<span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
</p>
<p>
To enable update forwarding, specify
<strong class="userinput"><code>allow-update-forwarding { any; };</code></strong>.
Specifying values other than <strong class="userinput"><code>{ none; }</code></strong> or
<strong class="userinput"><code>{ any; }</code></strong> is usually
counterproductive, since
the responsibility for update access control should rest
with the
master server, not the slaves.
in the <span class="command"><strong>zone</strong></span> statement.
Specifying values other than <strong class="userinput"><code>{ none; }</code></strong>
or <strong class="userinput"><code>{ any; }</code></strong> is usually
counterproductive; the responsibility for update
access control should rest with the master server, not
the slave.
</p>
<p>
Note that enabling the update forwarding feature on a slave
server
may expose master servers relying on insecure IP address
based
access control to attacks; see <a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a>
for more details.
server may expose master servers to attacks if they rely
on insecure IP-address-based access control; see
<a class="xref" href="Bv9ARM.ch06.html#dynamic_update_security" title="Dynamic Update Security">the section called &#8220;Dynamic Update Security&#8221;</a> for more details.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>allow-v6-synthesis</strong></span></span></dt>
@ -5354,13 +5248,14 @@ options {
</dt>
<dd>
<p>
Specifies which hosts are allowed to
receive zone transfers from the server. <span class="command"><strong>allow-transfer</strong></span> may
also be specified in the <span class="command"><strong>zone</strong></span>
statement, in which
case it overrides the <span class="command"><strong>options allow-transfer</strong></span> statement.
If not specified, the default is to allow transfers to all
hosts.
Specifies which hosts are allowed to receive zone
transfers from the server. <span class="command"><strong>allow-transfer</strong></span>
may also be specified in the <span class="command"><strong>zone</strong></span>
statement, in which case it overrides the
<span class="command"><strong>allow-transfer</strong></span> statement set in
<span class="command"><strong>options</strong></span> or <span class="command"><strong>view</strong></span>.
If not specified, the default is to allow transfers to
all hosts.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>blackhole</strong></span></span></dt>
@ -5819,19 +5714,6 @@ avoid-v6-udp-ports {};
to zero, it will be silently raised to one.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>serial-queries</strong></span></span></dt>
<dd>
<p>
In BIND 8, the <span class="command"><strong>serial-queries</strong></span>
option
set the maximum number of concurrent serial number queries
allowed to be outstanding at any given time.
BIND 9 does not limit the number of outstanding
serial queries and ignores the <span class="command"><strong>serial-queries</strong></span> option.
Instead, it limits the rate at which the queries are sent
as defined using the <span class="command"><strong>serial-query-rate</strong></span> option.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>transfer-format</strong></span></span></dt>
<dd>
@ -5993,10 +5875,9 @@ avoid-v6-udp-ports {};
<dd>
<p>
Use the alternate transfer sources or not. If views are
specified this defaults to <span class="command"><strong>no</strong></span>
specified this defaults to <span class="command"><strong>no</strong></span>,
otherwise it defaults to
<span class="command"><strong>yes</strong></span> (for BIND 8
compatibility).
<span class="command"><strong>yes</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>notify-source</strong></span></span></dt>
@ -6164,15 +6045,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="command"><strong>max-ixfr-log-size</strong></span></span></dt>
<dd>
<p>
This option is obsolete; it is accepted
and ignored for BIND 8 compatibility. The option
<span class="command"><strong>max-journal-size</strong></span> performs a
similar function in BIND 9.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>max-journal-size</strong></span></span></dt>
<dd>
<p>
@ -6203,14 +6075,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The default is zero which means unlimited.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
<dd>
<p>
In BIND 8, specifies the maximum number of host statistics
entries to be kept.
Not implemented in BIND 9.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>recursive-clients</strong></span></span></dt>
<dd>
<p>
@ -6587,32 +6451,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
used to specify the value.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>statistics-interval</strong></span></span></dt>
<dd>
<p>
Name server statistics will be logged
every <span class="command"><strong>statistics-interval</strong></span>
minutes. The default is
60. The maximum value is 28 days (40320 minutes).
If set to 0, no statistics will be logged.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
Not yet implemented in
<acronym class="acronym">BIND</acronym> 9.
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>topology</strong></span></span></dt>
<dd>
<p>
In BIND 8, this option indicated network topology
so that preferential treatment could be given to
the topologicaly closest name servers when sending
queries. It is not implemented in BIND 9.
</p>
</dd>
</dl></div>
</div>
@ -6958,21 +6796,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<span class="command"><strong>rndc serve-stale on</strong></span>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>min-roots</strong></span></span></dt>
<dd>
<p>
The minimum number of root servers that
is required for a request for the root servers to be
accepted. The default
is <strong class="userinput"><code>2</code></strong>.
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
Not implemented in <acronym class="acronym">BIND</acronym> 9.
</p>
</div>
</dd>
<dt><span class="term"><span class="command"><strong>sig-validity-interval</strong></span></span></dt>
<dd>
<p>
@ -9773,11 +9596,13 @@ view "external" {
in <span class="command"><strong>managed-keys</strong></span> or
<span class="command"><strong>trusted-keys</strong></span>. In the case
of the root zone, you may also rely on the
built-in root trust anchor, which can be enabled
by setting <span class="command"><strong>dnssec-validation</strong></span>
to <strong class="userinput"><code>auto</code></strong>. Answers coming
from a mirror zone look almost exactly like
answers from a zone of type
built-in root trust anchor, which is enabled
when <a class="xref" href="Bv9ARM.ch05.html#dnssec_validation"><span class="command"><strong>dnssec-validation</strong></span></a> is set to the
default value <strong class="userinput"><code>auto</code></strong>.
</p>
<p>
Answers coming from a mirror zone look almost
exactly like answers from a zone of type
<strong class="userinput"><code>secondary</code></strong>, with the
notable exceptions that the AA bit
("authoritative answer") is not set, and the AD
@ -10288,27 +10113,6 @@ view "external" {
not used.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>ixfr-base</strong></span></span></dt>
<dd>
<p>
Was used in <acronym class="acronym">BIND</acronym> 8 to
specify the name
of the transaction log (journal) file for dynamic update
and IXFR.
<acronym class="acronym">BIND</acronym> 9 ignores the option
and constructs the name of the journal
file by appending "<code class="filename">.jnl</code>"
to the name of the
zone file.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>ixfr-tmp-file</strong></span></span></dt>
<dd>
<p>
Was an undocumented option in <acronym class="acronym">BIND</acronym> 8.
Ignored in <acronym class="acronym">BIND</acronym> 9.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>journal</strong></span></span></dt>
<dd>
<p>
@ -10381,17 +10185,6 @@ view "external" {
<a class="xref" href="Bv9ARM.ch05.html#boolean_options" title="Boolean Options">the section called &#8220;Boolean Options&#8221;</a>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>pubkey</strong></span></span></dt>
<dd>
<p>
In <acronym class="acronym">BIND</acronym> 8, this option was
intended for specifying
a public zone key for verification of signatures in DNSSEC
signed
zones when they are loaded from disk. <acronym class="acronym">BIND</acronym> 9 does not verify signatures
on load and ignores the option.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>zone-statistics</strong></span></span></dt>
<dd>
<p>
@ -13338,9 +13131,6 @@ HOST-127.EXAMPLE. MX 0 .
The <span class="command"><strong>$GENERATE</strong></span> directive is a <acronym class="acronym">BIND</acronym> extension
and not part of the standard zone file format.
</p>
<p>
BIND 8 did not support the optional TTL and CLASS fields.
</p>
</div>
<div class="section">
@ -15014,6 +14804,6 @@ HOST-127.EXAMPLE. MX 0 .
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch06.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -361,6 +361,6 @@ allow-query { !{ !10/8; any; }; key example; };
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch07.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -191,6 +191,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

38
doc/arm/Bv9ARM.ch08.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -36,7 +36,7 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl class="toc">
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
@ -55,7 +55,7 @@
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.5</h2></div></div></div>
<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.6</h2></div></div></div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
@ -312,6 +312,13 @@
configuration options cannot exceed 90 seconds.
</p>
</li>
<li class="listitem">
<p>
<span class="command"><strong>rndc status</strong></span> output now includes a
<span class="command"><strong>reconfig/reload in progress</strong></span> status line if named
configuration is being reloaded.
</p>
</li>
</ul></div>
</div>
@ -496,6 +503,22 @@
removed from BIND as the DSA key length is limited to 1024
bits and this is not considered secure enough.
</p>
<p>
Support for RSAMD5 algorithm has been removed freom BIND as the usage
of the RSAMD5 algorithm for DNSSEC has been deprecated in RFC6725 and
the security of MD5 algorithm has been compromised and the its usage
is considered harmful.
</p>
</li>
<li class="listitem">
<p>
The incomplete support for internationalization message catalogs has
been removed from BIND. Since the internationalization was never
completed, and no localized message catalogs were ever made available
for the portions of BIND in which they could have been used, this
change will have no effect except to simplify the source code. BIND's
log messages and other output were already only available in English.
</p>
</li>
</ul></div>
</div>
@ -627,6 +650,13 @@
disables reading of the file <code class="filename">$HOME/.digrc</code>.
</p>
</li>
<li class="listitem">
<p>
Zone signing and key maintenance events are now logged to the
<span class="command"><strong>dnssec</strong></span> category rather than
<span class="command"><strong>zone</strong></span>.
</p>
</li>
</ul></div>
</div>
@ -760,6 +790,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch09.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -148,6 +148,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch10.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -914,6 +914,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch11.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/Bv9ARM.ch12.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -210,6 +210,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

10
doc/arm/Bv9ARM.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -32,8 +32,8 @@
<div>
<div><h1 class="title">
<a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
<div><p class="releaseinfo">BIND Version 9.13.5</p></div>
<div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="releaseinfo">BIND Version 9.13.6</p></div>
<div><p class="copyright">Copyright © 2000-2019 Internet Systems Consortium, Inc. ("ISC")</p></div>
</div>
<hr>
</div>
@ -242,7 +242,7 @@
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.5</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.6</a></span></dt>
<dd><dl>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
@ -440,6 +440,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

BIN
doc/arm/Bv9ARM.pdf
View file

Binary file not shown.

4
doc/arm/man.arpaname.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -90,6 +90,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.ddns-confgen.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -220,6 +220,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.delv.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -625,6 +625,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.dig.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -1151,6 +1151,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

10
doc/arm/man.dnssec-cds.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -147,9 +147,9 @@
record. This option has no effect when using CDS records.
</p>
<p>
The <em class="replaceable"><code>algorithm</code></em> must be one of SHA-1
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
The <em class="replaceable"><code>algorithm</code></em> must be one of
SHA-1, SHA-256, or SHA-384. These values are case insensitive,
and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>
@ -376,6 +376,6 @@ nsupdate -l
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.dnssec-checkds.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -150,6 +150,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.dnssec-coverage.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -270,6 +270,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

227
doc/arm/man.dnssec-dsfromkey.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -51,105 +51,167 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-1</code>]
[<code class="option">-2</code>]
[<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
[<code class="option">-C</code>]
[<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{keyfile}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
{-s}
[<code class="option">-1</code>]
[<code class="option">-2</code>]
[<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
[<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
[<code class="option">-s</code>]
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
[<code class="option">-A</code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
{dnsname}
</p></div>
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-A</code>]
{<code class="option">-f <em class="replaceable"><code>file</code></em></code>}
[dnsname]
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[<code class="option">-h</code>]
[<code class="option">-V</code>]
</p></div>
[
<code class="option">-1</code>
| <code class="option">-2</code>
| <code class="option">-a <em class="replaceable"><code>alg</code></em></code>
]
[
<code class="option">-C</code>
| <code class="option">-l <em class="replaceable"><code>domain</code></em></code>
]
[<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
[<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
[<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
[<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
{-s}
{dnsname}
</p></div>
<div class="cmdsynopsis"><p>
<code class="command">dnssec-dsfromkey</code>
[
<code class="option">-h</code>
| <code class="option">-V</code>
]
</p></div>
</div>
<div class="refsection">
<a name="id-1.13.9.7"></a><h2>DESCRIPTION</h2>
<p><span class="command"><strong>dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
<p>
The <span class="command"><strong>dnssec-dsfromkey</strong></span> command outputs DS (Delegation
Signer) resource records (RRs) and other similarly-constructed RRs:
with the <code class="option">-l</code> option it outputs DLV (DNSSEC Lookaside
Validation) RRs; or with the <code class="option">-C</code> it outputs CDS (Child
DS) RRs.
</p>
<p>
The input keys can be specified in a number of ways:
</p>
<p>
By default, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads a key file
named like <code class="filename">Knnnn.+aaa+iiiii.key</code>, as generated
by <span class="command"><strong>dnssec-keygen</strong></span>.
</p>
<p>
With the <code class="option">-f <em class="replaceable"><code>file</code></em></code>
option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads keys from a zone file
or partial zone file (which can contain just the DNSKEY records).
</p>
<p>
With the <code class="option">-s</code>
option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads
a <code class="filename">keyset-</code> file, as generated
by <span class="command"><strong>dnssec-keygen</strong></span> <code class="option">-C</code>.
</p>
</div>
<div class="refsection">
<a name="id-1.13.9.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd>
<p>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).
An abbreviation for <code class="option">-a SHA1</code>
</p>
</dd>
<dt><span class="term">-2</span></dt>
<dd>
<p>
Use SHA-256 as the digest algorithm.
An abbreviation for <code class="option">-a SHA-256</code>
</p>
</dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
Specify a digest algorithm to use when converting DNSKEY
records to DS records. This option can be repeated, so
that multiple DS records are created for each DNSKEY
record.
</p>
<p>
The <em class="replaceable"><code>algorithm</code></em> must be one of
SHA-1, SHA-256, or SHA-384. These values are case insensitive,
and the hyphen may be omitted. If no algorithm is specified,
the default is SHA-256.
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dd>
<p>
Include ZSKs when generating DS records. Without this option, only
keys which have the KSK flag set will be converted to DS records
and printed. Useful only in <code class="option">-f</code> zone file mode.
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd>
<p>
Specifies the DNS class (default is IN). Useful only
in <code class="option">-s</code> keyset or <code class="option">-f</code>
zone file mode.
</p>
</dd>
<dt><span class="term">-C</span></dt>
<dd>
<p>
Generate CDS records rather than DS records. This is mutually
exclusive with generating lookaside records.
</p>
</dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
Specifies the TTL of the DS records.
</p>
</dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
Look for key files (or, in keyset mode,
<code class="filename">keyset-</code> files) in
<code class="option">directory</code>.
Generate CDS records rather than DS records. This is mutually
exclusive with the <code class="option">-l</code> option for generating DLV
records.
</p>
</dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
Zone file mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
final <em class="replaceable"><code>dnsname</code></em> argument is
the DNS domain name of a zone whose master file can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
If <em class="replaceable"><code>file</code></em> is <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
@ -158,37 +220,41 @@
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dt><span class="term">-h</span></dt>
<dd>
<p>
Include ZSKs when generating DS records. Without this option,
only keys which have the KSK flag set will be converted to DS
records and printed. Useful only in zone file mode.
</p>
</dd>
<p>
Prints usage information.
</p>
</dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>
Look for key files or <code class="filename">keyset-</code> files in
<code class="option">directory</code>.
</p>
</dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd>
<p>
Generate a DLV set instead of a DS set. The specified
<code class="option">domain</code> is appended to the name for each
Generate a DLV set instead of a DS set. The specified
<em class="replaceable"><code>domain</code></em> is appended to the name for each
record in the set.
The DNSSEC Lookaside Validation (DLV) RR is described
in RFC 4431. This is mutually exclusive with generating
CDS records.
This is mutually exclusive with the <code class="option">-C</code> option
for generating CDS records.
</p>
</dd>
<dt><span class="term">-s</span></dt>
<dd>
<p>
Keyset mode: in place of the keyfile name, the argument is
the DNS domain name of a keyset file.
Keyset mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
final <em class="replaceable"><code>dnsname</code></em> argument is the DNS
domain name used to locate a <code class="filename">keyset-</code> file.
</p>
</dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd>
<p>
Specifies the DNS class (default is IN). Useful only
in keyset or zone file mode.
Specifies the TTL of the DS records. By default the TTL is omitted.
</p>
</dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
@ -197,12 +263,6 @@
Sets the debugging level.
</p>
</dd>
<dt><span class="term">-h</span></dt>
<dd>
<p>
Prints usage information.
</p>
</dd>
<dt><span class="term">-V</span></dt>
<dd>
<p>
@ -218,22 +278,23 @@
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
keyfile name, the following command would be issued:
keyfile name, you can issue the following command:
</p>
<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
</p>
<p>
The command would print something like:
</p>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</code></strong>
</p>
</div>
<div class="refsection">
<a name="id-1.13.9.10"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
The keyfile can be designated by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
<code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
<span class="refentrytitle">dnssec-keygen</span>(8).
@ -263,9 +324,11 @@
<span class="refentrytitle">dnssec-signzone</span>(8)
</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 3658</em>,
<em class="citetitle">RFC 4431</em>.
<em class="citetitle">RFC 4509</em>.
<em class="citetitle">RFC 3658</em> (DS RRs),
<em class="citetitle">RFC 4431</em> (DLV RRs),
<em class="citetitle">RFC 4509</em> (SHA-256 for DS RRs),
<em class="citetitle">RFC 6605</em> (SHA-384 for DS RRs),
<em class="citetitle">RFC 7344</em> (CDS and CDNSKEY RRs).
</p>
</div>
@ -289,6 +352,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

4
doc/arm/man.dnssec-importkey.html
View file

@ -1,6 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2019 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
@ -250,6 +250,6 @@
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.5 (Development Release)</p>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.6 (Development Release)</p>
</body>
</html>

Some files were not shown because too many files have changed in this diff Show more