@@ -11953,7 +11962,7 @@ HOST-127.EXAMPLE. MX 0 .
-Socket I/O Statistics Counters
+
Socket I/O Statistics Counters
Socket I/O statistics counters are defined per socket
types, which are
@@ -12108,7 +12117,7 @@ HOST-127.EXAMPLE. MX 0 .
-Compatibility with BIND 8 Counters
+
Compatibility with
BIND 8 Counters
Most statistics counters that were available
in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 8e1bbe7ed7..61e9c173e1 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -46,10 +46,10 @@
Table of Contents
- Access Control Lists
-- Chroot and Setuid
+- Chroot and Setuid
-- The chroot Environment
-- Using the setuid Function
+- The chroot Environment
+- Using the setuid Function
- Dynamic Update Security
@@ -114,7 +114,7 @@ zone "example.com" {
-Chroot and Setuid
+Chroot and Setuid
On UNIX servers, it is possible to run BIND
@@ -140,7 +140,7 @@ zone "example.com" {
In order for a chroot environment
to
@@ -168,7 +168,7 @@ zone "example.com" {
-Using the setuid Function
+
Using the
setuid Function
Prior to running the named daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index f2a22a6490..02c192b73b 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -45,18 +45,18 @@
-It's not working; how can I figure out what's wrong?
+
It's not working; how can I figure out what's wrong?
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
-Incrementing and Changing the Serial Number
+
Incrementing and Changing the Serial Number
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
The Internet Systems Consortium
(ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 5ccb4a8ad5..4d9c15ce88 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,31 +45,31 @@
A Brief History of the DNS and BIND
@@ -172,7 +172,7 @@
-General DNS Reference Information
+
General
DNS Reference Information
Standards
-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986.
+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986.
-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987.
+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987.
-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
Specification. November 1987.
@@ -278,42 +278,42 @@
Proposed Standards
-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+[RFC2181] R., R. Bush Elz. Clarifications to the DNS
Specification. July 1997.
-
[RFC2308] M. Andrews. Negative Caching of DNS
+[RFC2308] M. Andrews. Negative Caching of DNS
Queries. March 1998.
-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996.
+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996.
-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996.
+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996.
-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997.
+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997.
-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997.
+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997.
-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999.
+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999.
-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000.
+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000.
-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000.
+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000.
-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000.
+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000.
-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000.
+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000.
-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG). October 2003.
DNS Security Proposed Standards
-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001.
+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001.
-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004.
+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004.
-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005.
+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005.
-
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005.
+
[RFC4034] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005.
-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
Security Extensions. March 2005.
Other Important RFCs About DNS
Implementation
-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
Deployed DNS Software.. October 1993.
-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
Errors and Suggested Fixes. October 1993.
-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996.
+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996.
-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
Queries for IPv6 Addresses. May 2005.
Resource Record Types
-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990.
+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990.
-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994.
+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994.
-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
the Domain Name System. June 1997.
-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
Domain
Name System. January 1996.
-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
Location of
Services.. October 1996.
-
[RFC2163] A. Allocchio. Using the Internet DNS to
+[RFC2163] A. Allocchio. Using the Internet DNS to
Distribute MIXER
Conformant Global Address Mapping. January 1998.
-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997.
+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997.
-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999.
-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999.
-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999.
+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999.
-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999.
-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999.
+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999.
-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000.
+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000.
-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000.
-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001.
-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001.
-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
version 6. October 2003.
-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003.
+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003.
DNS and the Internet
-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
and Other Types. April 1989.
-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+[RFC1123] Braden. Requirements for Internet Hosts - Application and
Support. October 1989.
-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994.
+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994.
-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998.
+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998.
-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000.
+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000.
-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000.
+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000.
DNS Operations
-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987.
+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987.
-
[RFC1537] P. Beertema. Common DNS Data File
+[RFC1537] P. Beertema. Common DNS Data File
Configuration Errors. October 1993.
-
[RFC1912] D. Barr. Common DNS Operational and
+[RFC1912] D. Barr. Common DNS Operational and
Configuration Errors. February 1996.
-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996.
+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996.
-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
Network Services.. October 1997.
Internationalized Domain Names
-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols. May 2000.
-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003.
+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003.
-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003.
+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003.
-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA). March 2003.
@@ -497,47 +497,47 @@
-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
Attributes. May 1993.
-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994.
+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994.
-
[RFC1794] T. Brisco. DNS Support for Load
+[RFC1794] T. Brisco. DNS Support for Load
Balancing. April 1995.
-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997.
+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997.
-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998.
+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998.
-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998.
+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998.
-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001.
-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
Shared Unicast Addresses. April 2002.
-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004.
+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004.
Obsolete and Unimplemented Experimental RFC
-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
Location. November 1994.
-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999.
+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999.
-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
and Renumbering. July 2000.
@@ -551,39 +551,39 @@
-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997.
+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997.
-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997.
+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997.
-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999.
+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999.
-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
Signing Authority. November 2000.
-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001.
+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001.
-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002.
+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002.
-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003.
+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003.
-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003.
+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003.
-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004.
-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag. April 2004.
-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004.
-Other Documents About BIND
+Other Documents About BIND
-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates.
GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -657,7 +657,7 @@
$ ./configure --enable-exportlib [other flags]
$ make
@@ -672,7 +672,7 @@ $ make
$ cd lib/export
$ make install
@@ -694,7 +694,7 @@ $ make install
-Known Defects/Restrictions
+
Known Defects/Restrictions
Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -734,7 +734,7 @@ $ make
The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -752,14 +752,14 @@ $ make
Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
-sample: a simple stub resolver utility
+
sample: a simple stub resolver utility
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -823,7 +823,7 @@ $ make
-sample-async: a simple stub resolver, working asynchronously
+
sample-async: a simple stub resolver, working asynchronously
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -864,7 +864,7 @@ $ make
-sample-request: a simple DNS transaction client
+
sample-request: a simple DNS transaction client
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -905,7 +905,7 @@ $ make
-sample-gai: getaddrinfo() and getnameinfo() test code
+
sample-gai: getaddrinfo() and getnameinfo() test code
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -922,7 +922,7 @@ $ make
-sample-update: a simple dynamic update client program
+
sample-update: a simple dynamic update client program
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -1017,7 +1017,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
-nsprobe: domain/name server checker in terms of RFC 4074
+
nsprobe: domain/name server checker in terms of RFC 4074
It checks a set
of domains to see the name servers of the domains behave
@@ -1074,7 +1074,7 @@ $ sample-update -a sample-update -k Kxxx.+nnn+mm
As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 3c35a5a7b7..199e91c492 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -113,39 +113,39 @@
DNSSEC, Dynamic Zones, and Automatic Signing
-- Converting from insecure to secure
-- Dynamic DNS update method
-- Fully automatic zone signing
-- Private-type records
-- DNSKEY rollovers
-- Dynamic DNS update method
-- Automatic key rollovers
-- NSEC3PARAM rollovers via UPDATE
-- Converting from NSEC to NSEC3
-- Converting from NSEC3 to NSEC
-- Converting from secure to insecure
-- Periodic re-signing
-- NSEC3 and OPTOUT
+- Converting from insecure to secure
+- Dynamic DNS update method
+- Fully automatic zone signing
+- Private-type records
+- DNSKEY rollovers
+- Dynamic DNS update method
+- Automatic key rollovers
+- NSEC3PARAM rollovers via UPDATE
+- Converting from NSEC to NSEC3
+- Converting from NSEC3 to NSEC
+- Converting from secure to insecure
+- Periodic re-signing
+- NSEC3 and OPTOUT
Dynamic Trust Anchor Management
-- Validating Resolver
-- Authoritative Server
+- Validating Resolver
+- Authoritative Server
PKCS#11 (Cryptoki) support
-- Prerequisites
-- Native PKCS#11
-- OpenSSL-based PKCS#11
-- PKCS#11 Tools
-- Using the HSM
-- Specifying the engine on the command line
-- Running named with automatic zone re-signing
+- Prerequisites
+- Native PKCS#11
+- OpenSSL-based PKCS#11
+- PKCS#11 Tools
+- Using the HSM
+- Specifying the engine on the command line
+- Running named with automatic zone re-signing
DLZ (Dynamically Loadable Zones)
-- Configuring DLZ
-- Sample DLZ Driver
+- Configuring DLZ
+- Sample DLZ Driver
IPv6 Support in BIND 9
@@ -205,16 +205,16 @@
- view Statement Definition and Usage
- zone
Statement Grammar
-- zone Statement Definition and Usage
+- zone Statement Definition and Usage
-Zone File
+Zone File
- Types of Resource Records and When to Use Them
-- Discussion of MX Records
+- Discussion of MX Records
- Setting TTLs
-- Inverse Mapping in IPv4
-- Other Zone File Directives
-- BIND Master File Extension: the $GENERATE Directive
+- Inverse Mapping in IPv4
+- Other Zone File Directives
+- BIND Master File Extension: the $GENERATE Directive
- Additional File Formats
BIND9 Statistics
@@ -223,41 +223,41 @@
7. BIND 9 Security Considerations
- Access Control Lists
-- Chroot and Setuid
+- Chroot and Setuid
-- The chroot Environment
-- Using the setuid Function
+- The chroot Environment
+- Using the setuid Function
- Dynamic Update Security
8. Troubleshooting
-- Common Problems
-- It's not working; how can I figure out what's wrong?
- Incrementing and Changing the Serial Number
-- Where Can I Get Help?
+- Common Problems
+- It's not working; how can I figure out what's wrong?
- Incrementing and Changing the Serial Number
+- Where Can I Get Help?
A. Appendices
-- Acknowledgments
+- Acknowledgments
- A Brief History of the DNS and BIND
- General DNS Reference Information
+- General DNS Reference Information
- IPv6 addresses (AAAA)
- Bibliography (and Suggested Reading)
- Request for Comments (RFCs)
- Internet Drafts
-- Other Documents About BIND
+- Other Documents About BIND
- BIND 9 DNS Library Support
-- Prerequisite
-- Compilation
-- Installation
-- Known Defects/Restrictions
-- The dns.conf File
-- Sample Applications
-- Library References
+- Prerequisite
+- Compilation
+- Installation
+- Known Defects/Restrictions
+- The dns.conf File
+- Sample Applications
+- Library References
I. Manual pages
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index b4f93aa9f9..5514b0f961 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
-
DESCRIPTION
+
DESCRIPTION
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]
-
DESCRIPTION
+
DESCRIPTION
tsig-keygen and ddns-confgen
are invokation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
@@ -159,7 +159,7 @@
-
SEE ALSO
+
SEE ALSO
nsupdate(1),
named.conf(5),
named(8),
@@ -167,7 +167,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
delve [queryopt...] [query...]
-
DESCRIPTION
+
DESCRIPTION
delve
(Domain Entity Lookup & Validation Engine) is a tool for sending
DNS queries and validating the results, using the the same internal
@@ -96,7 +96,7 @@
-
SIMPLE USAGE
+
SIMPLE USAGE
A typical invocation of delve looks like:
@@ -151,7 +151,7 @@
-
OPTIONS
+
OPTIONS
- -a
anchor-file
-
@@ -285,7 +285,7 @@
-
QUERY OPTIONS
+
QUERY OPTIONS
delve
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
@@ -465,12 +465,12 @@
-
FILES
+
FILES
/etc/bind.keys
/etc/resolv.conf
-
SEE ALSO
+
SEE ALSO
dig(1),
named(8),
RFC4034,
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 5bca394ab4..af2d82ac8a 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
dig [global-queryopt...] [query...]
-
DESCRIPTION
+
DESCRIPTION
dig
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -99,7 +99,7 @@
-
SIMPLE USAGE
+
SIMPLE USAGE
A typical invocation of dig looks like:
@@ -152,7 +152,7 @@
-
OPTIONS
+
OPTIONS
The -b option sets the source IP address of the query
to address. This must be a valid
@@ -260,7 +260,7 @@
-
QUERY OPTIONS
+
QUERY OPTIONS
dig
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -546,11 +546,18 @@
+edns=#
- Specify the EDNS version to query with. Valid values
- are 0 to 255. Setting the EDNS version will cause
- a EDNS query to be sent. +noedns
- clears the remembered EDNS version. EDNS is set to
- 0 by default.
+ Specify the EDNS version to query with. Valid values
+ are 0 to 255. Setting the EDNS version will cause
+ a EDNS query to be sent. +noedns
+ clears the remembered EDNS version. EDNS is set to
+ 0 by default.
+
+
+[no]ednsopt[=code[:value]]
+
+ Specify EDNS option with code point code
+ and optionally payload of value as a
+ hexadecimal string. +noednsopt
+ clears the EDNS options to to be sent.
+[no]multiline
@@ -645,7 +652,7 @@
-
MULTIPLE QUERIES
+
MULTIPLE QUERIES
The BIND 9 implementation of dig
supports
@@ -691,7 +698,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
IDN SUPPORT
+
IDN SUPPORT
If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -705,14 +712,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
FILES
+
FILES
/etc/resolv.conf
${HOME}/.digrc
-
SEE ALSO
+
SEE ALSO
host(1),
named(8),
dnssec-keygen(8),
@@ -720,7 +727,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-
BUGS
+
BUGS
There are probably too many query options.
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index e87f45be7b..d8ce418152 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}
-
DESCRIPTION
+
DESCRIPTION
dnssec-checkds
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
-
OPTIONS
+
OPTIONS
- -f
file
@@ -88,14 +88,14 @@
-
SEE ALSO
+
SEE ALSO
dnssec-dsfromkey(8),
dnssec-keygen(8),
dnssec-signzone(8),
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-coverage [-K directory] [-l length] [-f file] [-d DNSKEY TTL] [-m max TTL] [-r interval] [-c compilezone path] [-k] [-z] [zone]
-
DESCRIPTION
+
DESCRIPTION
dnssec-coverage
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
-
OPTIONS
+
OPTIONS
- -K
directory
@@ -192,7 +192,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-checkds(8),
dnssec-dsfromkey(8),
@@ -201,7 +201,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-dsfromkey {-s} [-1] [-2] [-a alg] [-K directory] [-l domain] [-s] [-c class] [-T TTL] [-f file] [-A] [-v level] {dnsname}
-
DESCRIPTION
+
DESCRIPTION
dnssec-dsfromkey
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
-
EXAMPLE
+
EXAMPLE
To build the SHA-256 DS RR from the
Kexample.com.+003+26160
@@ -150,7 +150,7 @@
-
FILES
+
FILES
The keyfile can be designed by the key identification
Knnnn.+aaa+iiiii or the full file name
@@ -164,13 +164,13 @@
-
CAVEAT
+
CAVEAT
A keyfile error can give a "file not found" even if the file exists.
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -180,7 +180,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-importkey {-f filename} [-K directory] [-L ttl] [-P date/offset] [-D date/offset] [-h] [-v level] [dnsname]
-
DESCRIPTION
+
DESCRIPTION
dnssec-importkey
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
-
OPTIONS
+
OPTIONS
- -f
filename
-
@@ -110,7 +110,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -138,7 +138,7 @@
-
FILES
+
FILES
A keyfile can be designed by the key identification
Knnnn.+aaa+iiiii or the full file name
@@ -147,7 +147,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -155,7 +155,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-i interval] [-k] [-K directory] [-L ttl] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-S key] [-t type] [-v level] [-y] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keyfromlabel
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -66,7 +66,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -239,7 +239,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -311,7 +311,7 @@
-
GENERATED KEY FILES
+
GENERATED KEY FILES
When dnssec-keyfromlabel completes
successfully,
@@ -350,7 +350,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -359,7 +359,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-i interval] [-K directory] [-L ttl] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-S key] [-s strength] [-t type] [-v level] [-z] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -281,7 +281,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -355,7 +355,7 @@
-
GENERATED KEYS
+
GENERATED KEYS
When dnssec-keygen completes
successfully,
@@ -401,7 +401,7 @@
-
EXAMPLE
+
EXAMPLE
To generate a 768-bit DSA key for the domain
example.com, the following command would be
@@ -422,7 +422,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
@@ -431,7 +431,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] [-R] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-settime [-f] [-K directory] [-L ttl] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the -P, -A,
@@ -76,7 +76,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -206,7 +206,7 @@
-
PRINTING OPTIONS
+
PRINTING OPTIONS
dnssec-settime can also be used to print the
timing metadata associated with a key.
@@ -232,7 +232,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -240,7 +240,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-signzone [-a] [-c class] [-d directory] [-D] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-L serial] [-l domain] [-M domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-P] [-p] [-R] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-X extended end-time] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
-
DESCRIPTION
+
DESCRIPTION
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
-
EXAMPLE
+
EXAMPLE
The following command signs the example.com
zone with the DSA key generated by dnssec-keygen
@@ -535,14 +535,14 @@ db.example.com.signed
%
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 4033, RFC 4641.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-verify [-c class] [-E engine] [-I input-format] [-o origin] [-v level] [-x] [-z] {zonefile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-verify
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
-
OPTIONS
+
OPTIONS
- -c
class
@@ -134,7 +134,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -142,7 +142,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
genrandom [-n number] {size} {filename}
-
DESCRIPTION
+
DESCRIPTION
genrandom
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
-
ARGUMENTS
+
ARGUMENTS
- -n
number
@@ -77,14 +77,14 @@
-
SEE ALSO
+
SEE ALSO
rand(3),
arc4random(3)
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] [-v] [-V] {name} [server]
-
DESCRIPTION
+
DESCRIPTION
host
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -96,7 +96,9 @@
options are equivalent. They have been provided for backwards
compatibility. In previous versions, the -d option
switched on debugging traces and -v enabled verbose
- output.
+ output. Verbose output can also be enabled by setting the
+ debug option in
+ /etc/resolv.conf.
List mode is selected by the -l option. This makes
@@ -130,10 +132,12 @@
indicates
how many times host will repeat a query
that does
- not get answered. The default number of retries is 1. If
+ not get answered. If
number is negative or zero, the
number of
- retries will default to 1.
+ retries will default to 1. The default value is 1, or
+ the value of the attempts option in
+ /etc/resolv.conf, if set.
Non-recursive queries can be made via the -r option.
@@ -186,7 +190,11 @@
will
effectively wait forever for a reply. The time to wait for a response
will be set to the number of seconds given by the hardware's maximum
- value for an integer quantity.
+ value for an integer quantity. By default, host
+ will wait for 5 seconds for UDP responses and 10 seconds for TCP
+ connections. These defaults can be overridden by the
+ timeout option in
+ /etc/resolv.conf.
The -s option tells host
@@ -206,7 +214,7 @@
-
IDN SUPPORT
+
IDN SUPPORT
If host has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -220,12 +228,12 @@
-
FILES
+
FILES
/etc/resolv.conf
-
SEE ALSO
+
SEE ALSO
dig(1),
named(8).
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 129116f0f3..ad84d8b370 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -50,7 +50,7 @@
isc-hmac-fixup {algorithm} {secret}
-
DESCRIPTION
+
DESCRIPTION
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
-
SECURITY CONSIDERATIONS
+
SECURITY CONSIDERATIONS
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 2104.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-x] [-z]
-
DESCRIPTION
+
DESCRIPTION
named-checkconf
checks the syntax, but not the semantics, of a
named configuration file. The file is parsed
@@ -70,7 +70,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkzone(8),
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-J filename] [-i mode] [-k mode] [-m mode] [-n mode] [-l ttl] [-L serial] [-r mode] [-s style] [-t directory] [-T mode] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}
-
DESCRIPTION
+
DESCRIPTION
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkconf(8),
RFC 1035,
@@ -320,7 +320,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-journalprint {journal}
-
DESCRIPTION
+
DESCRIPTION
named-journalprint
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
-
SEE ALSO
+
SEE ALSO
named(8),
nsupdate(8),
@@ -84,7 +84,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-rrchecker [-h] [-o origin] [-p] [-u] [-C] [-T] [-P]
-
DESCRIPTION
+
DESCRIPTION
named-rrchecker
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -78,7 +78,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 1034,
RFC 1035,
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 675a9c04c7..929fb20a93 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -50,7 +50,7 @@
named [-4] [-6] [-c config-file] [-d debug-level] [-D string] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-U #listeners] [-u user] [-v] [-V] [-x cache-file]
-
DESCRIPTION
+
DESCRIPTION
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
-
SIGNALS
+
SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -297,7 +297,7 @@
-
CONFIGURATION
+
CONFIGURATION
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -314,7 +314,7 @@
-
FILES
+
FILES
/etc/named.conf
@@ -327,7 +327,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 1033,
RFC 1034,
RFC 1035,
@@ -340,7 +340,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsec3hash {salt} {algorithm} {iterations} {domain}
-
DESCRIPTION
+
DESCRIPTION
nsec3hash generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 5155.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]
-
DESCRIPTION
+
DESCRIPTION
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -131,7 +131,13 @@
[hmac:]keyname:secret.
keyname is the name of the key, and
secret is the base64 encoded shared secret.
- Use of the -y option is discouraged because the
+ hmac is the name of the key algorithm;
+ valid choices are hmac-md5,
+ hmac-sha1, hmac-sha224,
+ hmac-sha256, hmac-sha384, or
+ hmac-sha512. If hmac
+ is not specified, the default is hmac-md5.
+ NOTE: Use of the -y option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
ps(1)
@@ -230,7 +236,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -334,14 +340,16 @@
key
- {name}
+ [hmac:] {keyname}
{secret}
Specifies that all updates are to be TSIG-signed using the
- keyname keysecret pair.
- The key command
- overrides any key specified on the command line via
+ keyname secret pair.
+ If hmac is specified, then it sets the
+ signing algorithm in use; the default is
+ hmac-md5. The key
+ command overrides any key specified on the command line via
-y or -k.
@@ -530,7 +538,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -584,7 +592,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -607,7 +615,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -622,7 +630,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 72ee4fb36a..04a510d909 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-
DESCRIPTION
+
DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
-
EXAMPLES
+
EXAMPLES
To allow rndc to be used with
no manual configuration, run
@@ -197,7 +197,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
@@ -205,7 +205,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
-
EXAMPLE
+
EXAMPLE
options {
default-server localhost;
@@ -210,7 +210,7 @@
-
NAME SERVER CONFIGURATION
+
NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -220,7 +220,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc-confgen(8),
mmencode(1),
@@ -228,7 +228,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}
-
DESCRIPTION
+
DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -81,7 +81,7 @@
-
OPTIONS
+
OPTIONS
- -b
source-address
@@ -152,7 +152,7 @@
-
COMMANDS
+
COMMANDS
A list of commands supported by rndc can
be seen by running rndc without arguments.
@@ -537,7 +537,7 @@
-
LIMITATIONS
+
LIMITATIONS
There is currently no way to provide the shared secret for a
key_id without using the configuration file.
@@ -547,7 +547,7 @@
-
SEE ALSO
+
SEE ALSO
rndc.conf(5),
rndc-confgen(8),
named(8),
@@ -557,7 +557,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium