From bd08d94f8b7abc00e037ba0a2e55a700ec88bdf4 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Mon, 9 Oct 2017 10:58:27 -0700 Subject: [PATCH] [master] add dnssec-cds man page to ARM --- bin/dnssec/dnssec-cds.docbook | 2 +- doc/arm/Bv9ARM-book.xml | 33 +-- doc/arm/Bv9ARM.ch13.html | 79 +++--- doc/arm/Bv9ARM.html | 69 +++--- doc/arm/man.arpaname.html | 21 +- doc/arm/man.ddns-confgen.html | 23 +- doc/arm/man.delv.html | 29 +-- doc/arm/man.dig.html | 34 +-- doc/arm/man.dnssec-cds.html | 370 ++++++++++++++++++++++++++++ doc/arm/man.dnssec-checkds.html | 9 +- doc/arm/man.dnssec-verify.html | 8 +- doc/arm/man.dnstap-read.html | 14 +- doc/arm/man.genrandom.html | 15 +- doc/arm/man.host.html | 27 +- doc/arm/man.isc-hmac-fixup.html | 23 +- doc/arm/man.mdig.html | 28 ++- doc/arm/man.named-checkconf.html | 16 +- doc/arm/man.named-checkzone.html | 8 +- doc/arm/man.named-journalprint.html | 4 +- doc/arm/man.named-nzd2nzf.html | 8 +- doc/arm/man.named-rrchecker.html | 12 +- doc/arm/man.named.conf.html | 50 ++-- doc/arm/man.named.html | 28 +-- doc/arm/man.nsec3hash.html | 23 +- doc/arm/man.nslookup.html | 29 +-- doc/arm/man.nsupdate.html | 31 ++- doc/arm/man.pkcs11-destroy.html | 22 +- doc/arm/man.pkcs11-keygen.html | 22 +- doc/arm/man.pkcs11-list.html | 22 +- doc/arm/man.pkcs11-tokens.html | 24 +- doc/arm/man.rndc-confgen.html | 24 +- doc/arm/man.rndc.conf.html | 24 +- doc/arm/man.rndc.html | 28 +-- 33 files changed, 769 insertions(+), 390 deletions(-) create mode 100644 doc/arm/man.dnssec-cds.html diff --git a/bin/dnssec/dnssec-cds.docbook b/bin/dnssec/dnssec-cds.docbook index d932ebef29..8c255dff12 100644 --- a/bin/dnssec/dnssec-cds.docbook +++ b/bin/dnssec/dnssec-cds.docbook @@ -6,7 +6,7 @@ - file, You can obtain one at http://mozilla.org/MPL/2.0/. --> - + 2017-10-02 diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index b5399b75c7..d00937758b 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -18515,11 +18515,11 @@ allow-query { !{ !10/8; any; }; key example; }; Manual pages - - - + + - + + @@ -18531,27 +18531,28 @@ allow-query { !{ !10/8; any; }; key example; }; - - + + + + + - - - - - - - - - + + + + - + + + + diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html index 8aba1892e0..bdc0de9da6 100644 --- a/doc/arm/Bv9ARM.ch13.html +++ b/doc/arm/Bv9ARM.ch13.html @@ -14,7 +14,7 @@ - +
@@ -24,7 +24,7 @@ Prev    - NextNext @@ -40,19 +40,19 @@

Table of Contents

-dig — DNS lookup utility +arpaname — translate IP addresses to the corresponding ARPA names
-mdig — DNS pipelined lookup utility -
-
-host — DNS lookup utility +ddns-confgen — ddns key generation tool
delv — DNS lookup and validation utility
-nslookup — query Internet name servers interactively +dig — DNS lookup utility +
+
+dnssec-cds — change DS records for a child zone based on CDS/CDNSKEY
dnssec-checkds — DNSSEC delegation consistency checking tool @@ -88,10 +88,19 @@ dnssec-verify — DNSSEC zone verification tool
-named — Internet domain name server +dnstap-read — print dnstap data in human-readable form
-named.conf — configuration file for named +genrandom — generate a file containing random data +
+
+host — DNS lookup utility +
+
+isc-hmac-fixup — fixes HMAC keys generated by older versions of BIND +
+
+mdig — DNS pipelined lookup utility
named-checkconf — named configuration file syntax checking tool @@ -111,47 +120,41 @@ named-rrchecker — syntax checker for individual DNS resource records
-nsupdate — Dynamic DNS update utility +named.conf — configuration file for named
-rndc — name server control utility -
-
-rndc.conf — rndc configuration file -
-
-rndc-confgen — rndc key generation tool -
-
-ddns-confgen — ddns key generation tool -
-
-arpaname — translate IP addresses to the corresponding ARPA names -
-
-dnstap-read — print dnstap data in human-readable form -
-
-genrandom — generate a file containing random data -
-
-isc-hmac-fixup — fixes HMAC keys generated by older versions of BIND +named — Internet domain name server
nsec3hash — generate NSEC3 hash
-pkcs11-destroy — destroy PKCS#11 objects +nslookup — query Internet name servers interactively
-pkcs11-list — list PKCS#11 objects +nsupdate — Dynamic DNS update utility +
+
+pkcs11-destroy — destroy PKCS#11 objects
pkcs11-keygen — generate keys on a PKCS#11 device
+pkcs11-list — list PKCS#11 objects +
+
pkcs11-tokens — list PKCS#11 available tokens
+
+rndc-confgen — rndc key generation tool +
+
+rndc.conf — rndc configuration file +
+
+rndc — name server control utility +
@@ -189,6 +192,7 @@ + @@ -199,13 +203,14 @@ Prev    - NextNext Appendix D. BIND 9 DNS Library Support  Home - dig + arpaname + diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html index 1160fc7a82..c0c541cdea 100644 --- a/doc/arm/Bv9ARM.html +++ b/doc/arm/Bv9ARM.html @@ -278,19 +278,19 @@
I. Manual pages
-dig — DNS lookup utility +arpaname — translate IP addresses to the corresponding ARPA names
-mdig — DNS pipelined lookup utility -
-
-host — DNS lookup utility +ddns-confgen — ddns key generation tool
delv — DNS lookup and validation utility
-nslookup — query Internet name servers interactively +dig — DNS lookup utility +
+
+dnssec-cds — change DS records for a child zone based on CDS/CDNSKEY
dnssec-checkds — DNSSEC delegation consistency checking tool @@ -326,10 +326,19 @@ dnssec-verify — DNSSEC zone verification tool
-named — Internet domain name server +dnstap-read — print dnstap data in human-readable form
-named.conf — configuration file for named +genrandom — generate a file containing random data +
+
+host — DNS lookup utility +
+
+isc-hmac-fixup — fixes HMAC keys generated by older versions of BIND +
+
+mdig — DNS pipelined lookup utility
named-checkconf — named configuration file syntax checking tool @@ -349,47 +358,41 @@ named-rrchecker — syntax checker for individual DNS resource records
-nsupdate — Dynamic DNS update utility +named.conf — configuration file for named
-rndc — name server control utility -
-
-rndc.conf — rndc configuration file -
-
-rndc-confgen — rndc key generation tool -
-
-ddns-confgen — ddns key generation tool -
-
-arpaname — translate IP addresses to the corresponding ARPA names -
-
-dnstap-read — print dnstap data in human-readable form -
-
-genrandom — generate a file containing random data -
-
-isc-hmac-fixup — fixes HMAC keys generated by older versions of BIND +named — Internet domain name server
nsec3hash — generate NSEC3 hash
-pkcs11-destroy — destroy PKCS#11 objects +nslookup — query Internet name servers interactively
-pkcs11-list — list PKCS#11 objects +nsupdate — Dynamic DNS update utility +
+
+pkcs11-destroy — destroy PKCS#11 objects
pkcs11-keygen — generate keys on a PKCS#11 device
+pkcs11-list — list PKCS#11 objects +
+
pkcs11-tokens — list PKCS#11 available tokens
+
+rndc-confgen — rndc key generation tool +
+
+rndc.conf — rndc configuration file +
+
+rndc — name server control utility +
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index f0b2426aef..f22b6954db 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ arpaname -Prev  +Prev  Manual pages - NextNext @@ -55,7 +55,7 @@
-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and @@ -64,7 +64,7 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual. @@ -77,16 +77,15 @@ +Prev  - - + -
-Prev  Up Next + Next
-ddns-confgen Manual pages  Home dnstap-read + ddns-confgen
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index e3ce2c2711..6e0f87743e 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ ddns-confgen -Prev  +Prev  Manual pages - NextNext @@ -71,7 +71,7 @@
-

DESCRIPTION

+

DESCRIPTION

tsig-keygen and ddns-confgen @@ -112,7 +112,7 @@

-

OPTIONS

+

OPTIONS

@@ -201,7 +201,7 @@
-

SEE ALSO

+

SEE ALSO

nsupdate(1) @@ -222,17 +222,16 @@ +Prev  - +arpaname  - +
-Prev  Up Next + Next
-rndc-confgen  Home arpaname - delv

diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html index f0c895cc24..987c37fe00 100644 --- a/doc/arm/man.delv.html +++ b/doc/arm/man.delv.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ delv -Prev  +Prev  Manual pages - NextNext @@ -90,7 +90,7 @@
-

DESCRIPTION

+

DESCRIPTION

delv is a tool for sending @@ -134,7 +134,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

@@ -197,7 +197,7 @@

-

OPTIONS

+

OPTIONS

-a anchor-file
@@ -358,7 +358,7 @@
-

QUERY OPTIONS

+

QUERY OPTIONS

delv @@ -583,14 +583,14 @@

-

FILES

+

FILES

/etc/bind.keys

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1) @@ -612,15 +612,16 @@ +Prev  - - + - +
-Prev  Up Next + Next
host  +ddns-confgen  Home nslookup dig

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html index a85ca7a817..c1d4230bc1 100644 --- a/doc/arm/man.dig.html +++ b/doc/arm/man.dig.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ dig -Prev  +Prev  Manual pages - NextNext @@ -86,7 +86,7 @@
-

DESCRIPTION

+

DESCRIPTION

dig is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -140,7 +140,7 @@

-

SIMPLE USAGE

+

SIMPLE USAGE

@@ -201,7 +201,7 @@

-

OPTIONS

+

OPTIONS

@@ -363,7 +363,7 @@
-

QUERY OPTIONS

+

QUERY OPTIONS

dig @@ -972,7 +972,7 @@

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

@@ -1025,7 +1025,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

IDN SUPPORT

+

IDN SUPPORT

If dig has been built with IDN (internationalized @@ -1041,7 +1041,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

@@ -1050,7 +1050,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-

SEE ALSO

+

SEE ALSO

delv(1) @@ -1069,7 +1069,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options. @@ -1082,15 +1082,15 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr +Prev  - - + -
-Prev  Up Next + Next
Manual pages delv  Home mdig + dnssec-cds
diff --git a/doc/arm/man.dnssec-cds.html b/doc/arm/man.dnssec-cds.html new file mode 100644 index 0000000000..15bceb82ac --- /dev/null +++ b/doc/arm/man.dnssec-cds.html @@ -0,0 +1,370 @@ + + + + + +dnssec-cds + + + + + + + +

+ + + + + + + +
dnssec-cds
+Prev Manual pages Next +
+
+
+
+
+ + + + + +
+

Name

+

+ dnssec-cds + — change DS records for a child zone based on CDS/CDNSKEY +

+
+ + + +
+

Synopsis

+

+ dnssec-cds + [-a alg...] + [-c class] + [-D] + {-d dsset-file} + {-f child-file} + [-i [extension]] + [-s start-time] + [-T ttl] + [-u] + [-v level] + [-V] + {domain} +

+
+ +
+

DESCRIPTION

+ +

+ The dnssec-cds command changes DS records at + a delegation point based on CDS or CDNSKEY records published in + the child zone. If both CDS and CDNSKEY records are present in + the child zone, the CDS is preferred. +

+

+ Two input files are required. The + -f child-file + option specifies a file containing the child's CDS and/or CDNSKEY + records, plus RRSIG and DNSKEY records so that they can be + authenticated. The + -d path + option specifies the location of a file containing the current DS + records. For example, this could be a dsset- + file generated by dnssec-signzone, or the output of + dnssec-dsfromkey, or the output of a previous + run of dnssec-cds. +

+

+ For protection against replay attacks, the signatures on the + child records must not be older than they were on a previous run + of dnssec-cds. This time is obtained from the + modification time of the dsset- file, or + from the -s option. +

+

+ To protect against breaking the delegation, + dnssec-cds ensures that the DNSKEY RRset can be + verified by every key algorithm in the new DS RRset, and that the + same set of keys are covered by every DS digest type. +

+

+ By default, replacement DS records are written to the standard + output; with the -i option the input file is + overwritten in place. The replacement DS records will be the + same as the existing records when no change is required. The + output can be empty if the CDS / CDNSKEY records specify that + the child zone wants to go insecure. +

+

+ Warning: Be careful not to delete the DS records + when dnssec-cds fails! +

+

+ Alternatively, dnssec-cds -u writes + an nsupdate script to the standard output. + You can use the -u and -i + options together to maintain a dsset- file + as well as emit an nsupdate script. +

+ +
+ +
+

OPTIONS

+ +
+
-a algorithm
+
+

+ Specify a digest algorithm to use when converting CDNSKEY + records to DS records. This option can be repeated, so + that multiple DS records are created for each CDNSKEY + record. This option has no effect when using CDS records. +

+

+ The algorithm must be one of SHA-1 + (SHA1), SHA-256 (SHA256), GOST, or SHA-384 (SHA384). These + values are case insensitive. If no algorithm is specified, + the default is SHA-256. +

+
+
-c class
+
+

+ Specifies the DNS class of the zones. +

+
+
-D
+
+

+ Generate DS records from CDNSKEY records if both CDS and + CDNSKEY records are present in the child zone. By default + CDS records are preferred. +

+
+
-d path
+
+

+ Location of the parent DS records. + The path can be the name of a file + containing the DS records, or if it is a + directory, dnssec-cds looks for + a dsset- file for + the domain inside the directory. +

+

+ To protect against replay attacks, child records are + rejected if they were signed earlier than the modification + time of the dsset- file. This can be + adjusted with the -s option. +

+
+
-f child-file
+
+

+ File containing the child's CDS and/or CDNSKEY records, + plus its DNSKEY records and the covering RRSIG records so + that they can be authenticated. +

+

+ The EXAMPLES below describe how to generate this file. +

+
+
-i[extension]
+
+

+ Update the dsset- file in place, + instead of writing DS records to the standard output. +

+

+ There must be no space between the -i and + the extension. If you provide + no extension then the + old dsset- is discarded. If + an extension is present, a + backup of the old dsset- file is kept + with the extension appended to + its filename. +

+

+ To protect against replay attacks, the modification time + of the dsset- file is set to match + the signature inception time of the child records, + provided that is later than the file's current + modification time. +

+
+
-s start-time
+
+

+ Specify the date and time after which RRSIG records become + acceptable. This can be either an absolute or relative + time. An absolute start time is indicated by a number in + YYYYMMDDHHMMSS notation; 20170827133700 denotes 13:37:00 + UTC on August 27th, 2017. A time relative to + the dsset- file is indicated with -N, + which is N seconds before the file modification time. A + time relative to the current time is indicated with now+N. +

+

+ If no start-time is specified, the + modification time of the dsset- file + is used. +

+
+
-T ttl
+
+

+ Specifies a TTL to be used for new DS records. If not + specified, the default is the TTL of the old DS records. + If they had no explicit TTL then the new DS records also + have no explicit TTL. +

+
+
-u
+
+

+ Write an nsupdate script to the + standard output, instead of printing the new DS reords. + The output will be empty if no change is needed. +

+

+ Note: The TTL of new records needs to be specified, either + in the original dsset- file, or with + the -T option, or using + the nsupdate ttl + command. +

+
+
-V
+
+

+ Print version information. +

+
+
-v level
+
+

+ Sets the debugging level. Level 1 is intended to be + usefully verbose for general users; higher levels are + intended for developers. +

+
+
domain
+
+

+ The name of the delegation point / child zone apex. +

+
+
+
+ +
+

EXIT STATUS

+ +

+ The dnssec-cds command exits 0 on success, or + non-zero if an error occurred. +

+

+ In the success case, the DS records might or might not need + to be changed. +

+ +
+ +
+

EXAMPLES

+ +

+ Before running dnssec-signzone, you can ensure + that the delegations are up-to-date by running + dnssec-cds on every dsset- file. +

+

+ To fetch the child records required by dnssec-cds + you can invoke dig as in the script below. It's + okay if the dig fails since + dnssec-cds performs all the necessary checking. +

+
for f in dsset-*
+do
+	d=${f#dsset-}
+	dig +dnssec +noall +answer $d DNSKEY $d CDNSKEY $d CDS |
+	dnssec-cds -i -f /dev/stdin -d $f $d
+done
+
+ +

+ When the parent zone is automatically signed by + named, you can use dnssec-cds + with nsupdate to maintain a delegation as follows. + The dsset- file allows the script to avoid + having to fetch and validate the parent DS records, and it keeps the + replay attack protection time. +

+
+dig +dnssec +noall +answer $d DNSKEY $d CDNSKEY $d CDS |
+dnssec-cds -u -i -f /dev/stdin -d $f $d |
+nsupdate -l
+
+
+ +
+

SEE ALSO

+ +

+ + dig(1) + , + + dnssec-settime(8) + , + + dnssec-signzone(8) + , + + nsupdate(1) + , + BIND 9 Administrator Reference Manual, + RFC 7344. +

+ +
+ +
+
+
+ + + + + + + + + + + +
+Prev Up Next +
dig Home dnssec-checkds +
+
+

BIND 9.12.0a1

+ + diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html index f7831e4cfb..3996e92baf 100644 --- a/doc/arm/man.dnssec-checkds.html +++ b/doc/arm/man.dnssec-checkds.html @@ -13,7 +13,7 @@ - + @@ -22,7 +22,7 @@ dnssec-checkds -Prev  +Prev  Manual pages  Next @@ -135,13 +135,14 @@ +Prev  - + diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html index 22e602f7c7..782414a6a4 100644 --- a/doc/arm/man.dnssec-verify.html +++ b/doc/arm/man.dnssec-verify.html @@ -14,7 +14,7 @@ - +
@@ -24,7 +24,7 @@
-
-Prev  Up  Next
nslookup  +dnssec-cds  Home  dnssec-coverage Prev  Manual pages Next + Next
@@ -190,14 +190,14 @@ Prev  UpNextNext dnssec-signzone  Homenameddnstap-read diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html index f7143de784..548e884ce0 100644 --- a/doc/arm/man.dnstap-read.html +++ b/doc/arm/man.dnstap-read.html @@ -13,7 +13,7 @@ - + @@ -22,7 +22,7 @@ dnstap-read -Prev  +Prev  Manual pages  Next @@ -60,7 +60,7 @@
-

DESCRIPTION

+

DESCRIPTION

dnstap-read @@ -73,7 +73,7 @@

-

OPTIONS

+

OPTIONS

@@ -110,7 +110,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -129,14 +129,14 @@ +Prev  +dnssec-verify  diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 465e2efb7d..8d557a1f48 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -14,7 +14,7 @@ - +
@@ -24,7 +24,7 @@
-
-Prev  Up  Next
-arpaname  Home  genrandom Prev  Manual pages Next + Next
@@ -58,7 +58,7 @@

-

DESCRIPTION

+

DESCRIPTION

genrandom @@ -69,7 +69,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number
@@ -95,7 +95,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -115,15 +115,14 @@ Prev  UpNextNext dnstap-read  Homeisc-hmac-fixup - + host

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html index ba04a487ab..3e47005466 100644 --- a/doc/arm/man.host.html +++ b/doc/arm/man.host.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ host -Prev  +Prev  Manual pages - NextNext @@ -70,7 +70,7 @@
-

DESCRIPTION

+

DESCRIPTION

host @@ -97,7 +97,7 @@

-

OPTIONS

+

OPTIONS

-4
@@ -321,7 +321,7 @@
-

IDN SUPPORT

+

IDN SUPPORT

If host has been built with IDN (internationalized @@ -337,14 +337,14 @@

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1) @@ -361,16 +361,17 @@ +Prev  - +genrandom  - +
-Prev  Up Next + Next
-mdig  Home delv isc-hmac-fixup +

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 584a26f6b8..82a9534801 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ isc-hmac-fixup -Prev  +Prev  Manual pages - NextNext @@ -57,7 +57,7 @@
-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing @@ -85,7 +85,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup @@ -98,7 +98,7 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, @@ -112,16 +112,15 @@ +Prev  - - + -
-Prev  Up Next + Next
-genrandom host  Home nsec3hash + mdig
diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html index d6f82a7373..59f40597a8 100644 --- a/doc/arm/man.mdig.html +++ b/doc/arm/man.mdig.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ mdig -Prev  +Prev  Manual pages - NextNext @@ -84,7 +84,7 @@
-

DESCRIPTION

+

DESCRIPTION

mdig is a multiple/pipelined query version of dig: @@ -134,7 +134,7 @@

-

ANYWHERE OPTIONS

+

ANYWHERE OPTIONS

@@ -158,7 +158,7 @@

-

GLOBAL OPTIONS

+

GLOBAL OPTIONS

@@ -358,7 +358,7 @@

-

LOCAL OPTIONS

+

LOCAL OPTIONS

@@ -583,7 +583,7 @@

-

SEE ALSO

+

SEE ALSO

dig(1) @@ -597,15 +597,17 @@ +Prev  - - + - +
-Prev  Up Next + Next
dig  +isc-hmac-fixup  Home host named-checkconf +

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index 84fa1071cf..738ff765bc 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -13,7 +13,7 @@ - + @@ -22,7 +22,7 @@ named-checkconf -Prev  +Prev  Manual pages  Next @@ -61,7 +61,7 @@
-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a @@ -83,7 +83,7 @@

-

OPTIONS

+

OPTIONS

-h
@@ -160,7 +160,7 @@
-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if @@ -169,7 +169,7 @@

-

SEE ALSO

+

SEE ALSO

named(8) @@ -186,14 +186,14 @@ +Prev  +mdig  diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index 8df777a793..97ba698972 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -111,7 +111,7 @@
-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the @@ -133,7 +133,7 @@

-

OPTIONS

+

OPTIONS

@@ -421,7 +421,7 @@
-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if @@ -430,7 +430,7 @@

-

SEE ALSO

+

SEE ALSO

named(8) diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index efd8be1b4f..3400b3ffbc 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -56,7 +56,7 @@

-

DESCRIPTION

+

DESCRIPTION

named-journalprint @@ -84,7 +84,7 @@

-

SEE ALSO

+

SEE ALSO

diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html index b6e74587d9..95dbde445b 100644 --- a/doc/arm/man.named-nzd2nzf.html +++ b/doc/arm/man.named-nzd2nzf.html @@ -57,7 +57,7 @@

-

DESCRIPTION

+

DESCRIPTION

named-nzd2nzf converts an NZD database to NZF @@ -71,7 +71,7 @@

-

ARGUMENTS

+

ARGUMENTS

filename
@@ -85,7 +85,7 @@
-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual @@ -93,7 +93,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html index 803cbe9693..550d48fd0b 100644 --- a/doc/arm/man.named-rrchecker.html +++ b/doc/arm/man.named-rrchecker.html @@ -14,7 +14,7 @@ - +
@@ -24,7 +24,7 @@
-
-Prev  Up  Next
-named.conf  Home  named-checkzone Prev  Manual pages Next + Next
@@ -60,7 +60,7 @@

-

DESCRIPTION

+

DESCRIPTION

named-rrchecker read a individual DNS resource record from standard input and checks if it @@ -90,7 +90,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1034, @@ -109,14 +109,14 @@ Prev  UpNextNext named-nzd2nzf  Homensupdatenamed.conf diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html index 406c91f89a..96d889c561 100644 --- a/doc/arm/man.named.conf.html +++ b/doc/arm/man.named.conf.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ named.conf -Prev  +Prev  Manual pages - NextNext @@ -55,7 +55,7 @@
-

DESCRIPTION

+

DESCRIPTION

named.conf is the configuration file for @@ -76,7 +76,7 @@

-

ACL

+

ACL


acl string { address_match_element; ... };
@@ -84,7 +84,7 @@ acl

-

CONTROLS

+

CONTROLS


controls {
@@ -102,7 +102,7 @@ controls

-

DLZ

+

DLZ


dlz string {
@@ -113,7 +113,7 @@ dlz

-

DYNDB

+

DYNDB


dyndb string quoted_string {
@@ -122,7 +122,7 @@ dyndb

-

KEY

+

KEY


key string {
@@ -133,7 +133,7 @@ key

-

LOGGING

+

LOGGING


logging {
@@ -155,7 +155,7 @@ logging

-

MANAGED-KEYS

+

MANAGED-KEYS


managed-keys { string string integer
@@ -164,7 +164,7 @@ managed-keys

-

MASTERS

+

MASTERS


masters string [ port integer ] [ dscp
@@ -175,7 +175,7 @@ masters

-

OPTIONS

+

OPTIONS


options {
@@ -466,7 +466,7 @@ options

-

SERVER

+

SERVER


server netprefix {
@@ -505,7 +505,7 @@ server

-

STATISTICS-CHANNELS

+

STATISTICS-CHANNELS


statistics-channels {
@@ -518,7 +518,7 @@ statistics-channels

-

TRUSTED-KEYS

+

TRUSTED-KEYS


trusted-keys { string integer integer
@@ -527,7 +527,7 @@ trusted-keys

-

VIEW

+

VIEW


view string [ class ] {
@@ -891,7 +891,7 @@ view

-

ZONE

+

ZONE


zone string [ class ] {
@@ -991,14 +991,14 @@ zone

-

FILES

+

FILES

/etc/named.conf

-

SEE ALSO

+

SEE ALSO

ddns-confgen(8) @@ -1025,16 +1025,16 @@ zone +Prev  - +named-rrchecker  -
-Prev  Up Next + Next
-named  Home named-checkconf + named
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index c673cb33fa..505999bf2e 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ named -Prev  +Prev  Manual pages - NextNext @@ -79,7 +79,7 @@
-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, @@ -96,7 +96,7 @@

-

OPTIONS

+

OPTIONS

@@ -369,7 +369,7 @@
-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control @@ -399,7 +399,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex @@ -420,7 +420,7 @@

-

FILES

+

FILES

@@ -441,7 +441,7 @@
-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, @@ -472,16 +472,16 @@ +Prev  - +named.conf  -
-Prev  Up Next + Next
-dnssec-verify  Home named.conf + nsec3hash
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index 795ea20717..518e77bbe7 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ nsec3hash -Prev  +Prev  Manual pages - NextNext @@ -67,7 +67,7 @@
-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on @@ -87,7 +87,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt
@@ -128,7 +128,7 @@
-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, @@ -142,17 +142,16 @@ +Prev  - +named  - +
-Prev  Up Next + Next
-isc-hmac-fixup  Home pkcs11-destroy - nslookup

diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html index b811ccf43c..78a6e85bac 100644 --- a/doc/arm/man.nslookup.html +++ b/doc/arm/man.nslookup.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ nslookup -Prev  +Prev  Manual pages - NextNext @@ -58,7 +58,7 @@
-

DESCRIPTION

+

DESCRIPTION

Nslookup is a program to query Internet domain name servers. Nslookup @@ -72,7 +72,7 @@

-

ARGUMENTS

+

ARGUMENTS

Interactive mode is entered in the following cases: @@ -121,7 +121,7 @@ nslookup -query=hinfo -timeout=10

-

INTERACTIVE COMMANDS

+

INTERACTIVE COMMANDS

host [server]
@@ -372,7 +372,7 @@ nslookup -query=hinfo -timeout=10
-

RETURN VALUES

+

RETURN VALUES

nslookup returns with an exit status of 1 if any query failed, and 0 otherwise. @@ -380,14 +380,14 @@ nslookup -query=hinfo -timeout=10

-

FILES

+

FILES

/etc/resolv.conf

-

SEE ALSO

+

SEE ALSO

dig(1) @@ -406,15 +406,16 @@ nslookup -query=hinfo -timeout=10 +Prev  - - + -
-Prev  Up Next + Next
delv  +nsec3hash  Home dnssec-checkds + nsupdate
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index baf9b9a858..b05445b220 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ nsupdate -Prev  +Prev  Manual pages - NextNext @@ -78,7 +78,7 @@
-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 @@ -138,7 +138,7 @@

-

OPTIONS

+

OPTIONS

@@ -322,7 +322,7 @@
-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from @@ -686,7 +686,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how @@ -742,7 +742,7 @@

-

FILES

+

FILES

@@ -780,7 +780,7 @@
-

SEE ALSO

+

SEE ALSO

RFC 2136, @@ -803,7 +803,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. @@ -819,16 +819,15 @@ +Prev  - - + -
-Prev  Up Next + Next
-named-rrchecker nslookup  Home rndc + pkcs11-destroy
diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html index 31924177f3..69acf13bab 100644 --- a/doc/arm/man.pkcs11-destroy.html +++ b/doc/arm/man.pkcs11-destroy.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ pkcs11-destroy -Prev  +Prev  Manual pages - NextNext @@ -63,7 +63,7 @@
-

DESCRIPTION

+

DESCRIPTION

pkcs11-destroy destroys keys stored in a @@ -78,7 +78,7 @@

-

ARGUMENTS

+

ARGUMENTS

-m module
@@ -127,7 +127,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -148,16 +148,16 @@ +Prev  - +nsupdate  -
-Prev  Up Next + Next
-nsec3hash  Home pkcs11-list + pkcs11-keygen
diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html index 82522d35e8..6c9ee379b3 100644 --- a/doc/arm/man.pkcs11-keygen.html +++ b/doc/arm/man.pkcs11-keygen.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ pkcs11-keygen -Prev  +Prev  Manual pages - NextNext @@ -66,7 +66,7 @@
-

DESCRIPTION

+

DESCRIPTION

pkcs11-keygen causes a PKCS#11 device to generate @@ -76,7 +76,7 @@

-

ARGUMENTS

+

ARGUMENTS

-a algorithm
@@ -162,7 +162,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -186,16 +186,16 @@ +Prev  - +pkcs11-destroy  -
-Prev  Up Next + Next
-pkcs11-list  Home pkcs11-tokens + pkcs11-list
diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html index 2fba65e1a1..f62c772394 100644 --- a/doc/arm/man.pkcs11-list.html +++ b/doc/arm/man.pkcs11-list.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ pkcs11-list -Prev  +Prev  Manual pages - NextNext @@ -61,7 +61,7 @@
-

DESCRIPTION

+

DESCRIPTION

pkcs11-list @@ -75,7 +75,7 @@

-

ARGUMENTS

+

ARGUMENTS

-P
@@ -123,7 +123,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -144,16 +144,16 @@ +Prev  - +pkcs11-keygen  -
-Prev  Up Next + Next
-pkcs11-destroy  Home pkcs11-keygen + pkcs11-tokens
diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html index 12e94c2532..8c805d7074 100644 --- a/doc/arm/man.pkcs11-tokens.html +++ b/doc/arm/man.pkcs11-tokens.html @@ -13,7 +13,8 @@ - + +

@@ -21,9 +22,10 @@ pkcs11-tokens -Prev  +Prev  Manual pages -  + Next +
@@ -55,7 +57,7 @@
-

DESCRIPTION

+

DESCRIPTION

pkcs11-tokens @@ -65,7 +67,7 @@

-

ARGUMENTS

+

ARGUMENTS

-m module
@@ -86,7 +88,7 @@
-

SEE ALSO

+

SEE ALSO

@@ -107,15 +109,17 @@ +Prev  - + +pkcs11-list  - +
-Prev  Up  Next +
-pkcs11-keygen  Home  rndc-confgen +

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 00b0bbed5f..083e73a47e 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -13,8 +13,8 @@ - - + +
@@ -22,9 +22,9 @@ rndc-confgen -Prev  +Prev  Manual pages - NextNext @@ -66,7 +66,7 @@
-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files @@ -85,7 +85,7 @@

-

OPTIONS

+

OPTIONS

@@ -223,7 +223,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with @@ -242,7 +242,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8) @@ -263,16 +263,16 @@ +Prev  - +pkcs11-tokens  -
-Prev  Up Next + Next
-rndc.conf  Home ddns-confgen + rndc.conf
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 291673fdb3..c0d7680409 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -13,8 +13,8 @@ - - + +

@@ -22,9 +22,9 @@ rndc.conf -Prev  +Prev  Manual pages - NextNext @@ -55,7 +55,7 @@
-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control @@ -143,7 +143,7 @@

-

EXAMPLE

+

EXAMPLE

@@ -221,7 +221,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and @@ -233,7 +233,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8) @@ -254,16 +254,16 @@ +Prev  - +rndc-confgen  -
-Prev  Up Next + Next
-rndc  Home rndc-confgen + rndc
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index d1e346d07c..5ba1d8ba5b 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -13,8 +13,7 @@ - - +

@@ -22,10 +21,9 @@ rndc -Prev  +Prev  Manual pages - Next - + 
@@ -69,7 +67,7 @@
-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name @@ -102,7 +100,7 @@

-

OPTIONS

+

OPTIONS

@@ -212,7 +210,7 @@
-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can @@ -947,7 +945,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a @@ -959,7 +957,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5) @@ -986,17 +984,15 @@ +Prev  - + +rndc.conf  - +
-Prev  Up Next - 
-nsupdate  Home rndc.conf -