Split out ddns-confgen and tsig-keygen man pages

Both utilities were included as one man page, but this caused a problem: Sphinx directive .. include was used twice on the same file, which prevented us from using labels (or anything with unique identifier) in the man pages. This effectivelly prevented linking to them. Splitting man pages allows us to solve the linking problems and also clearly make text easier to follow because it does not mention two tools at the same time. This change causes duplication of text, but given the frequecy of changes to these tools I think it is acceptable. Related: #2799 (cherry picked from commit 2e42414522)
2026-06-16 20:38:52 -04:00 · 2022-03-01 17:45:10 +01:00 · 2022-03-01 17:45:10 +01:00 · e46322c583
commit e46322c583
parent e322fc3cff
9 changed files with 191 additions and 74 deletions
--- a/bin/confgen/ddns-confgen.rst
+++ b/bin/confgen/ddns-confgen.rst
@ -11,34 +11,30 @@

 .. highlight: console

+.. BEWARE: Do not forget to edit also tsig-keygen.rst!
+
 .. _man_ddns-confgen:

-ddns-confgen - ddns key generation tool
+ddns-confgen - TSIG key generation tool
 ---------------------------------------

 Synopsis
 ~~~~~~~~
-:program:`tsig-keygen` [**-a** algorithm] [**-h**] [name]
-
 :program:`ddns-confgen` [**-a** algorithm] [**-h**] [**-k** keyname] [**-q**] [**-s** name] [**-z** zone]

 Description
 ~~~~~~~~~~~

-``tsig-keygen`` and ``ddns-confgen`` are invocation methods for a
-utility that generates keys for use in TSIG signing. The resulting keys
-can be used, for example, to secure dynamic DNS updates to a zone or for
-the ``rndc`` command channel.
+``ddns-confgen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.

-When run as ``tsig-keygen``, a domain name can be specified on the
-command line to be used as the name of the generated key. If no
-name is specified, the default is ``tsig-key``.
-
-When run as ``ddns-confgen``, the generated key is accompanied by
-configuration text and instructions that can be used with ``nsupdate``
-and ``named`` when setting up dynamic DNS, including an example
-``update-policy`` statement. (This usage is similar to the ``rndc-confgen``
-command for setting up command-channel security.)
+The key name can specified using ``-k`` parameter and defaults to ``ddns-key``.
+The generated key is accompanied by configuration text and instructions that
+can be used with ``nsupdate`` and ``named`` when setting up dynamic DNS,
+including an example ``update-policy`` statement.
+(This usage is similar to the ``rndc-confgen`` command for setting up
+command-channel security.)

 Note that ``named`` itself can configure a local DDNS key for use with
 ``nsupdate -l``; it does this when a zone is configured with
@ -50,37 +46,36 @@ Options
 ~~~~~~~

 ``-a algorithm``
-   This option specifies the algorithm to use for the TSIG key. Available choices
-   are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and
-   hmac-sha512. The default is hmac-sha256. Options are
+   This option specifies the algorithm to use for the TSIG key. Available
+   choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+   and hmac-sha512. The default is hmac-sha256. Options are
   case-insensitive, and the "hmac-" prefix may be omitted.

 ``-h``
   This option prints a short summary of options and arguments.

 ``-k keyname``
-   This option specifies the key name of the DDNS authentication key. The default is
-   ``ddns-key`` when neither the ``-s`` nor ``-z`` option is specified;
-   otherwise, the default is ``ddns-key`` as a separate label followed
-   by the argument of the option, e.g., ``ddns-key.example.com.`` The
-   key name must have the format of a valid domain name, consisting of
+   This option specifies the key name of the DDNS authentication key. The
+   default is ``ddns-key`` when neither the ``-s`` nor ``-z`` option is
+   specified; otherwise, the default is ``ddns-key`` as a separate label
+   followed by the argument of the option, e.g., ``ddns-key.example.com.``
+   The key name must have the format of a valid domain name, consisting of
   letters, digits, hyphens, and periods.

-``-q`` (``ddns-confgen`` only)
+``-q``
   This option enables quiet mode, which prints only the key, with no
   explanatory text or usage examples. This is essentially identical to
   ``tsig-keygen``.

-``-s name`` (``ddns-confgen`` only)
-   This option generates a configuration example to allow
-   dynamic updates of a single hostname. The example ``named.conf`` text
-   shows how to set an update policy for the specified name using the
-   "name" nametype. The default key name is ``ddns-key.name``. Note that the
-   "self" nametype cannot be used, since the name to be updated may
-   differ from the key name. This option cannot be used with the ``-z``
-   option.
+``-s name``
+   This option generates a configuration example to allow dynamic updates
+   of a single hostname. The example ``named.conf`` text shows how to set
+   an update policy for the specified name using the "name" nametype. The
+   default key name is ``ddns-key.name``. Note that the "self" nametype
+   cannot be used, since the name to be updated may differ from the key
+   name. This option cannot be used with the ``-z`` option.

-``-z zone`` (``ddns-confgen`` only)
+``-z zone``
   This option generates a configuration example to allow
   dynamic updates of a zone. The example ``named.conf`` text shows how
   to set an update policy for the specified zone using the "zonesub"
--- a/bin/confgen/tsig-keygen.rst
+++ b/bin/confgen/tsig-keygen.rst
@ -0,0 +1,50 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+.. highlight: console
+
+.. BEWARE: Do not forget to edit also ddns-confgen.rst!
+
+.. _man_tsig-keygen:
+
+tsig-keygen - TSIG key generation tool
+--------------------------------------
+
+Synopsis
+~~~~~~~~
+:program:`tsig-keygen` [**-a** algorithm] [**-h**] [name]
+
+Description
+~~~~~~~~~~~
+
+``tsig-keygen`` is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the ``rndc`` command channel.
+
+A domain name can be specified on the command line to be used as the name
+of the generated key. If no name is specified, the default is ``tsig-key``.
+
+Options
+~~~~~~~
+
+``-a algorithm``
+   This option specifies the algorithm to use for the TSIG key. Available
+   choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384,
+   and hmac-sha512. The default is hmac-sha256. Options are
+   case-insensitive, and the "hmac-" prefix may be omitted.
+
+``-h``
+   This option prints a short summary of options and arguments.
+
+See Also
+~~~~~~~~
+
+:manpage:`nsupdate(1)`, :manpage:`named.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.
--- a/doc/arm/manpages.rst
+++ b/doc/arm/manpages.rst
@ -15,7 +15,6 @@ Manual Pages
 ============

 .. include:: ../../bin/tools/arpaname.rst
-.. include:: ../../bin/confgen/ddns-confgen.rst
 .. include:: ../../bin/delv/delv.rst
 .. include:: ../../bin/dig/dig.rst
 .. include:: ../../bin/dnssec/dnssec-cds.rst
@ -51,3 +50,5 @@ Manual Pages
 .. include:: ../../bin/confgen/rndc-confgen.rst
 .. include:: ../../bin/rndc/rndc.conf.rst
 .. include:: ../../bin/rndc/rndc.rst
+.. include:: ../../bin/confgen/ddns-confgen.rst
+.. include:: ../../bin/confgen/tsig-keygen.rst
--- a/doc/man/Makefile.in
+++ b/doc/man/Makefile.in
@ -53,7 +53,8 @@ man8_MANS =			\
 	named.8			\
 	nsec3hash.8		\
 	rndc-confgen.8		\
-	rndc.8
+	rndc.8			\
+	tsig-keygen.8

 MANPAGES_RST =			\
 	arpaname.rst		\
@ -89,6 +90,7 @@ MANPAGES_RST =			\
 	rndc-confgen.rst	\
 	rndc.conf.rst		\
 	rndc.rst		\
+	tsig-keygen.rst		\
 	pkcs11-destroy.rst	\
 	pkcs11-keygen.rst	\
 	pkcs11-list.rst		\
@ -128,6 +130,7 @@ MANPAGES_IN = \
 	rndc-confgen.8in	\
 	rndc.conf.5in		\
 	rndc.8in		\
+	tsig-keygen.8in		\
 	pkcs11-destroy.8in	\
 	pkcs11-keygen.8in	\
 	pkcs11-list.8in		\
@ -248,8 +251,6 @@ install:: installdirs
 	for m in $(man1_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man1/; done
 	for m in $(man5_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man5/; done
 	for m in $(man8_MANS); do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
-	( cd ${DESTDIR}${mandir}/man8/; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8 )
-	( cd ${DESTDIR}${mandir}/man8/; rm -f tsig-keygen.8; ${LINK_PROGRAM} ddns-confgen.8 tsig-keygen.8 )
 	for m in @DNSTAP_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man1/; done
 	for m in @NZD_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
 	for m in @PKCS11_MANS@; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8/; done
@ -258,8 +259,6 @@ uninstall::
 	for m in $(man1_MANS); do rm -f ${DESTDIR}${mandir}/man1/$$m; done
 	for m in $(man5_MANS); do rm -f ${DESTDIR}${mandir}/man5/$$m; done
 	for m in $(man8_MANS); do rm -f ${DESTDIR}${mandir}/man8/$$m; done
-	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
-	rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
 	for m in @DNSTAP_MANS@; do rm -f ${DESTDIR}${mandir}/man1/$$m; done
 	for m in @NZD_MANS@; do rm -f ${DESTDIR}${mandir}/man8/$$m; done
 	for m in @PKCS11_MANS@; do rm -f ${DESTDIR}${mandir}/man8/$$m; done
--- a/doc/man/conf.py
+++ b/doc/man/conf.py
@ -103,4 +103,5 @@ man_pages = [
    ('rndc-confgen', 'rndc-confgen', 'rndc key generation tool', author, 8),
    ('rndc.conf', 'rndc.conf', 'rndc configuration file', author, 5),
    ('rndc', 'rndc', 'name server control utility', author, 8),
+    ('tsig-keygen', 'tsig-keygen', 'TSIG key generation tool', author, 8),
    ]
--- a/doc/man/ddns-confgen.8in
+++ b/doc/man/ddns-confgen.8in
@ -32,25 +32,19 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
 ddns-confgen \- ddns key generation tool
 .SH SYNOPSIS
 .sp
-\fBtsig\-keygen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [name]
-.sp
 \fBddns\-confgen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-q\fP] [\fB\-s\fP name] [\fB\-z\fP zone]
 .SH DESCRIPTION
 .sp
-\fBtsig\-keygen\fP and \fBddns\-confgen\fP are invocation methods for a
-utility that generates keys for use in TSIG signing. The resulting keys
-can be used, for example, to secure dynamic DNS updates to a zone or for
-the \fBrndc\fP command channel.
+\fBddns\-confgen\fP is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the \fBrndc\fP command channel.
 .sp
-When run as \fBtsig\-keygen\fP, a domain name can be specified on the
-command line to be used as the name of the generated key. If no
-name is specified, the default is \fBtsig\-key\fP\&.
-.sp
-When run as \fBddns\-confgen\fP, the generated key is accompanied by
-configuration text and instructions that can be used with \fBnsupdate\fP
-and \fBnamed\fP when setting up dynamic DNS, including an example
-\fBupdate\-policy\fP statement. (This usage is similar to the \fBrndc\-confgen\fP
-command for setting up command\-channel security.)
+The key name can specified using \fB\-k\fP parameter and defaults to \fBddns\-key\fP\&.
+The generated key is accompanied by configuration text and instructions that
+can be used with \fBnsupdate\fP and \fBnamed\fP when setting up dynamic DNS,
+including an example \fBupdate\-policy\fP statement.
+(This usage is similar to the \fBrndc\-confgen\fP command for setting up
+command\-channel security.)
 .sp
 Note that \fBnamed\fP itself can configure a local DDNS key for use with
 \fBnsupdate \-l\fP; it does this when a zone is configured with
@ -61,37 +55,36 @@ be used from a remote system.
 .INDENT 0.0
 .TP
 .B \fB\-a algorithm\fP
-This option specifies the algorithm to use for the TSIG key. Available choices
-are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384, and
-hmac\-sha512. The default is hmac\-sha256. Options are
+This option specifies the algorithm to use for the TSIG key. Available
+choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384,
+and hmac\-sha512. The default is hmac\-sha256. Options are
 case\-insensitive, and the "hmac\-" prefix may be omitted.
 .TP
 .B \fB\-h\fP
 This option prints a short summary of options and arguments.
 .TP
 .B \fB\-k keyname\fP
-This option specifies the key name of the DDNS authentication key. The default is
-\fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is specified;
-otherwise, the default is \fBddns\-key\fP as a separate label followed
-by the argument of the option, e.g., \fBddns\-key.example.com.\fP The
-key name must have the format of a valid domain name, consisting of
+This option specifies the key name of the DDNS authentication key. The
+default is \fBddns\-key\fP when neither the \fB\-s\fP nor \fB\-z\fP option is
+specified; otherwise, the default is \fBddns\-key\fP as a separate label
+followed by the argument of the option, e.g., \fBddns\-key.example.com.\fP
+The key name must have the format of a valid domain name, consisting of
 letters, digits, hyphens, and periods.
 .TP
-.B \fB\-q\fP (\fBddns\-confgen\fP only)
+.B \fB\-q\fP
 This option enables quiet mode, which prints only the key, with no
 explanatory text or usage examples. This is essentially identical to
 \fBtsig\-keygen\fP\&.
 .TP
-.B \fB\-s name\fP (\fBddns\-confgen\fP only)
-This option generates a configuration example to allow
-dynamic updates of a single hostname. The example \fBnamed.conf\fP text
-shows how to set an update policy for the specified name using the
-"name" nametype. The default key name is \fBddns\-key.name\fP\&. Note that the
-"self" nametype cannot be used, since the name to be updated may
-differ from the key name. This option cannot be used with the \fB\-z\fP
-option.
+.B \fB\-s name\fP
+This option generates a configuration example to allow dynamic updates
+of a single hostname. The example \fBnamed.conf\fP text shows how to set
+an update policy for the specified name using the "name" nametype. The
+default key name is \fBddns\-key.name\fP\&. Note that the "self" nametype
+cannot be used, since the name to be updated may differ from the key
+name. This option cannot be used with the \fB\-z\fP option.
 .TP
-.B \fB\-z zone\fP (\fBddns\-confgen\fP only)
+.B \fB\-z zone\fP
 This option generates a configuration example to allow
 dynamic updates of a zone. The example \fBnamed.conf\fP text shows how
 to set an update policy for the specified zone using the "zonesub"
--- a/doc/man/ddns-confgen.rst
+++ b/doc/man/ddns-confgen.rst
@ -11,4 +11,4 @@

 :orphan:

-.. include:: ../../bin/confgen/ddns-confgen.rst
+.. include:: ../../bin/confgen/ddns-confgen.rst
--- a/doc/man/tsig-keygen.8in
+++ b/doc/man/tsig-keygen.8in
@ -0,0 +1,64 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "TSIG-KEYGEN" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+tsig-keygen \- TSIG key generation tool
+.SH SYNOPSIS
+.sp
+\fBtsig\-keygen\fP [\fB\-a\fP algorithm] [\fB\-h\fP] [name]
+.SH DESCRIPTION
+.sp
+\fBtsig\-keygen\fP is an utility that generates keys for use in TSIG signing.
+The resulting keys can be used, for example, to secure dynamic DNS updates
+to a zone, or for the \fBrndc\fP command channel.
+.sp
+A domain name can be specified on the command line to be used as the name
+of the generated key. If no name is specified, the default is \fBtsig\-key\fP\&.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-a algorithm\fP
+This option specifies the algorithm to use for the TSIG key. Available
+choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384,
+and hmac\-sha512. The default is hmac\-sha256. Options are
+case\-insensitive, and the "hmac\-" prefix may be omitted.
+.TP
+.B \fB\-h\fP
+This option prints a short summary of options and arguments.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2022, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.
--- a/doc/man/tsig-keygen.rst
+++ b/doc/man/tsig-keygen.rst
@ -0,0 +1,14 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+:orphan:
+
+.. include:: ../../bin/confgen/tsig-keygen.rst