The state of the signing process is signaled by private-type records (with a default type value of 65534). When signing is complete, these records will have a nonzero value for @@ -1246,12 +1246,12 @@ options {
+DNSKEY rollovers
As with insecure-to-secure conversions, rolling DNSSEC keys can be done in two ways: using a dynamic DNS update, or the auto-dnssec zone option.
+Dynamic DNS update method To perform key rollovers via dynamic update, you need to add
the K* files for the new keys so that
named can find them. You can then add the new
@@ -1273,7 +1273,7 @@ options {
named will clean out any signatures generated
by the old key after the update completes.
When a new key reaches its activation date (as set by dnssec-keygen or dnssec-settime), if the auto-dnssec zone option is set to @@ -1288,27 +1288,27 @@ options { completes in 30 days, after which it will be safe to remove the old key from the DNSKEY RRset.
+NSEC3PARAM rollovers via UPDATEAdd the new NSEC3PARAM record via dynamic update. When the new NSEC3 chain has been generated, the NSEC3PARAM flag field will be zero. At this point you can remove the old NSEC3PARAM record. The old chain will be removed after the update request completes.
+Converting from NSEC to NSEC3To do this, you just need to add an NSEC3PARAM record. When the conversion is complete, the NSEC chain will have been removed and the NSEC3PARAM record will have a zero flag field. The NSEC3 chain will be generated before the NSEC chain is destroyed.
+Converting from NSEC3 to NSECTo do this, use nsupdate to remove all NSEC3PARAM records with a zero flag field. The NSEC chain will be generated before the NSEC3 chain is removed.
+Converting from secure to insecureTo convert a signed zone to unsigned using dynamic DNS, delete all the DNSKEY records from the zone apex using nsupdate. All signatures, NSEC or NSEC3 chains, @@ -1323,14 +1323,14 @@ options { allow instead (or it will re-sign).
+Periodic re-signingIn any secure zone which supports dynamic updates, named will periodically re-sign RRsets which have not been re-signed as a result of some update action. The signature lifetimes will be adjusted so as to spread the re-sign load over time rather than all at once.
+NSEC3 and OPTOUTnamed only supports creating new NSEC3 chains where all the NSEC3 records in the zone have the same OPTOUT @@ -1352,7 +1352,7 @@ options { configuration files.
To configure a validating resolver to use RFC 5011 to maintain a trust anchor, configure the trust anchor using a managed-keys statement. Information about @@ -1363,7 +1363,7 @@ options {
To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1460,7 +1460,7 @@ $ dnssec-signzone -S -K keys example.net<
See the documentation provided by your HSM vendor for
information about installing, initializing, testing and
@@ -1469,7 +1469,7 @@ $
Native PKCS#11 mode will only work with an HSM capable of carrying
out every cryptographic operation BIND 9 may
@@ -1502,7 +1502,7 @@ $
SoftHSMv2, the latest development version of SoftHSM, is available
from
@@ -1777,7 +1777,7 @@ $
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -1797,7 +1797,7 @@ $
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
@@ -1819,7 +1819,7 @@ $
BIND 9 includes a minimal set of tools to operate the
HSM, including
@@ -1863,7 +1863,7 @@ $
For OpenSSL-based PKCS#11, we must first set up the runtime
environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -1984,7 +1984,7 @@ example.net.signed
When using OpenSSL-based PKCS#11, the "engine" to be used by
OpenSSL can be specified in named and all of
@@ -2016,7 +2016,7 @@ $
If you want named to dynamically re-sign zones
using HSM keys, and/or to to sign new records inserted via nsupdate,
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 870fd81418..a64cba17ac 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -78,16 +78,16 @@
- Specifies a maximum permissible TTL value.
+ Specifies a maximum permissible TTL value in seconds.
+ For convenience, TTL-style time unit suffixes may be
+ used to specify the maximum value.
When loading a zone file using a
(NOTE: Because
Dual-stack servers are used as servers of last resort to work
around
@@ -4543,7 +4545,7 @@ options {
The interfaces and ports that the server will answer queries
from may be specified using the listen-on option. listen-on takes
@@ -5020,7 +5022,7 @@ avoid-v6-udp-ports {};
use-v4-udp-ports,
avoid-v4-udp-ports,
@@ -5062,7 +5064,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -5403,7 +5405,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
@@ -5768,8 +5770,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
Sets the maximum time for which the server will
- cache ordinary (positive) answers. The default is
- one week (7 days).
+ cache ordinary (positive) answers in seconds.
+ The default is 604800 (one week).
A value of zero may cause all queries to return
SERVFAIL, because of lost caches of intermediate
RRsets (such as NS and glue AAAA/A records) in the
@@ -5876,9 +5878,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
These options allow the administrator to set a minimum and
- maximum
- refresh and retry time either per-zone, per-view, or
- globally.
+ maximum refresh and retry time in seconds per-zone,
+ per-view, or globally.
These options are valid for slave and stub zones,
and clamp the SOA refresh and retry times to the specified
values.
@@ -6446,7 +6447,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
BIND 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -6867,8 +6868,8 @@ deny-answer-aliases { "example.net"; };
The TTL of a record modified by RPZ policies is set from the
TTL of the relevant record in policy zone. It is then limited
to a maximum value.
- The max-policy-ttl clause changes that
- maximum from its default of 5.
+ The max-policy-ttl clause changes the
+ maximum seconds from its default of 5.
For example, you might use this option statement
@@ -7510,7 +7511,7 @@ example.com CNAME rpz-tcp-only.
The statistics-channels statement
@@ -7630,7 +7631,7 @@ example.com CNAME rpz-tcp-only.
The trusted-keys statement defines
@@ -7674,7 +7675,7 @@ example.com CNAME rpz-tcp-only.
The view statement is a powerful
feature
@@ -10786,7 +10787,7 @@ view external {
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -11041,7 +11042,7 @@ view external {
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the in-addr.arpa domain
@@ -11102,7 +11103,7 @@ view external {
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -11117,7 +11118,7 @@ view external {
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -11128,7 +11129,7 @@ view external {
Syntax: $ORIGIN
Syntax: $INCLUDE
Syntax: $TTL
Syntax: $GENERATE
Socket I/O statistics counters are defined per socket
types, which are
@@ -12970,7 +12971,7 @@ HOST-127.EXAMPLE. MX 0 .
Most statistics counters that were available
in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 1735bae5f8..410b275986 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -48,8 +48,8 @@
In order for a chroot environment
to
@@ -299,7 +299,7 @@ allow-query { !{ !10/8; any; }; key example; };
Prior to running the named daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 4878ee527c..073315a288 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -45,18 +45,18 @@
Table of Contents
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
Zone serial numbers are just numbers — they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
The Internet Systems Consortium
(ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 053948ed0f..bf118a50c3 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,7 +45,7 @@
Table of Contents [RFC974] Mail Routing and the Domain System. January 1986. [RFC974] Mail Routing and the Domain System. January 1986. [RFC1034] Domain Names — Concepts and Facilities. November 1987. Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -193,14 +193,14 @@ $ Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -458,7 +458,7 @@ $
It checks a set
of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 0089569d24..bcebe21cdf 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -117,31 +117,31 @@
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
dig(1),
named(8),
RFC4034,
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 3a6a272558..6bc9b6fbd9 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
dig
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -99,7 +99,7 @@
@@ -735,7 +735,7 @@
The BIND 9 implementation of dig
supports
@@ -781,7 +781,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
If dig has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -795,14 +795,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
host(1),
named(8),
dnssec-keygen(8),
@@ -810,7 +810,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
There are probably too many query options.
dnssec-checkds
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
dnssec-coverage
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index e74eb7f8ff..7af30c973f 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -52,14 +52,14 @@
dnssec-dsfromkey
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
The keyfile can be designed by the key identification
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -195,7 +195,7 @@
A keyfile can be designed by the key identification
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -159,7 +159,7 @@
dnssec-keyfromlabel
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -66,7 +66,7 @@
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 74786fb7f2..22bc9a5886 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -361,7 +361,7 @@
To generate a 768-bit DSA key for the domain
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
@@ -437,7 +437,7 @@
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -246,7 +246,7 @@
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
The following command signs the dnssec-verify
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
host
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -214,7 +214,7 @@
If host has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -228,12 +228,12 @@
dig(1),
named(8).
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 9c52bfab71..ed94ccbe07 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -50,7 +50,7 @@
named-checkconf
checks the syntax, but not the semantics, of a
named configuration file. The file is parsed
@@ -70,7 +70,7 @@
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
named-journalprint
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
named-rrchecker
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -78,7 +78,7 @@
RFC 1034,
RFC 1035,
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index bcb953c598..24f1dd1a7f 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -50,7 +50,7 @@
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -320,7 +320,7 @@
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -337,7 +337,7 @@
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -108,7 +108,7 @@
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 6949eeb69e..f260fce1d6 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
To allow rndc to be used with
no manual configuration, run
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 1185f66944..72c01c67f3 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -50,7 +50,7 @@
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -81,7 +81,7 @@
A list of commands supported by rndc can
be seen by running rndc without arguments.
@@ -744,7 +744,7 @@
dnssec-signzone -S -K keys example.net<
./configure --enable-native-pkcs11 \
./Configure linux-x86_64 -pthread \
./configure CC="gcc -m32" --enable-threads \
./configure CC="cc -xarch=amd64" --enable-thre
$
cd ../bind9
$ ./configure --enable-threads \
@@ -1840,7 +1840,7 @@ $ ./configure --enable-threads \
./configure --enable-threads \
dnssec-signzone -E '' -S example.net
masterfile-format of
text or raw,
@@ -3196,9 +3198,9 @@ options {
This is useful in DNSSEC-signed zones because when
rolling to a new DNSKEY, the old key needs to remain
available until RRSIG records have expired from
- caches. Themax-zone-ttl option guarantees
+ caches. The max-zone-ttl option guarantees
that the largest TTL in the zone will be no higher
- the set value.
+ than the set value.
map-format files
@@ -4265,7 +4267,7 @@ options {
managed-keys {
name initial-key flags protocol algorithm key-data ;
[ name initial-key flags protocol algorithm key-data ; [...]]
@@ -7812,7 +7813,7 @@ example.com CNAME rpz-tcp-only.
domain-name
@@ -11157,7 +11158,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
filename
@@ -11193,7 +11194,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
default-ttl
@@ -11212,7 +11213,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
range
@@ -12278,7 +12279,7 @@ HOST-127.EXAMPLE. MX 0 .
Standards
make install
make
make
make
make
sample-update -a sample-update -k Kxxx.+nnn+mm
sample-update -a sample-update -k Kxxx.+nnn+mm
-
@@ -194,16 +194,16 @@
arpaname {ipaddress ...}DESCRIPTION
+DESCRIPTION
ddns-confgen [-a ] [algorithm-h] [-k ] [keyname-q] [-r ] [ -s randomfilename | -z zone ]OPTIONS
+OPTIONS
anchor-fileSEE ALSO
+SEE ALSO
dig [global-queryopt...] [query...]DESCRIPTION
+DESCRIPTION
OPTIONS
+OPTIONS
MULTIPLE QUERIES
+MULTIPLE QUERIES
IDN SUPPORT
+IDN SUPPORT
SEE ALSO
+SEE ALSO
BUGS
+BUGS
dnssec-dsfromkey [-l ] [domain-f ] [file-d ] [dig path-D ] {zone}dsfromkey pathDESCRIPTION
+DESCRIPTION
dnssec-coverage [-K ] [directory-l ] [length-f ] [file-d ] [DNSKEY TTL-m ] [max TTL-r ] [interval-c ] [compilezone path-k] [-z] [zone]DESCRIPTION
+DESCRIPTION
OPTIONS
+OPTIONS
directorydnssec-dsfromkey [-h] [-V]DESCRIPTION
+DESCRIPTION
FILES
+FILES
Knnnn.+aaa+iiiii or the full file name
@@ -179,13 +179,13 @@
SEE ALSO
+SEE ALSO
dnssec-importkey {-f } [filename-K ] [directory-L ] [ttl-P ] [date/offset-D ] [date/offset-h] [-v ] [level-V] [dnsname]FILES
+FILES
Knnnn.+aaa+iiiii or the full file name
@@ -151,7 +151,7 @@
SEE ALSO
+SEE ALSO
dnssec-keyfromlabel {-l label} [-3] [-a ] [algorithm-A ] [date/offset-c ] [class-D ] [date/offset-E ] [engine-f ] [flag-G] [-I ] [date/offset-i ] [interval-k] [-K ] [directory-L ] [ttl-n ] [nametype-P ] [date/offset-p ] [protocol-R ] [date/offset-S ] [key-t ] [type-v ] [level-V] [-y] {name}DESCRIPTION
+DESCRIPTION
TIMING OPTIONS
+TIMING OPTIONS
dnssec-keygen [-a ] [algorithm-b ] [keysize-n ] [nametype-3] [-A ] [date/offset-C] [-c ] [class-D ] [date/offset-E ] [engine-f ] [flag-G] [-g ] [generator-h] [-I ] [date/offset-i ] [interval-K ] [directory-L ] [ttl-k] [-P ] [date/offset-p ] [protocol-q] [-R ] [date/offset-r ] [randomdev-S ] [key-s ] [strength-t ] [type-v ] [level-V] [-z] {name}DESCRIPTION
+DESCRIPTION
TIMING OPTIONS
+TIMING OPTIONS
EXAMPLE
+EXAMPLE
example.com, the following command would be
@@ -428,7 +428,7 @@
SEE ALSO
+SEE ALSO
dnssec-revoke [-hr] [-v ] [level-V] [-K ] [directory-E ] [engine-f] [-R] {keyfile}DESCRIPTION
+DESCRIPTION
dnssec-settime [-f] [-K ] [directory-L ] [ttl-P ] [date/offset-A ] [date/offset-R ] [date/offset-I ] [date/offset-D ] [date/offset-h] [-V] [-v ] [level-E ] {keyfile}engineDESCRIPTION
+DESCRIPTION
-P, -A,
@@ -76,7 +76,7 @@
TIMING OPTIONS
+TIMING OPTIONS
dnssec-signzone [-a] [-c ] [class-d ] [directory-D] [-E ] [engine-e ] [end-time-f ] [output-file-g] [-h] [-K ] [directory-k ] [key-L ] [serial-l ] [domain-M ] [domain-i ] [interval-I ] [input-format-j ] [jitter-N ] [soa-serial-format-o ] [origin-O ] [output-format-P] [-p] [-Q] [-R] [-r ] [randomdev-S] [-s ] [start-time-T ] [ttl-t] [-u] [-v ] [level-V] [-X ] [extended end-time-x] [-z] [-3 ] [salt-H ] [iterations-A] {zonefile} [key...]DESCRIPTION
+DESCRIPTION
EXAMPLE
+EXAMPLE
example.com
zone with the DSA key generated by dnssec-keygen
@@ -542,14 +542,14 @@ db.example.com.signed
%
dnssec-verify [-c ] [class-E ] [engine-I ] [input-format-o ] [origin-v ] [level-V] [-x] [-z] {zonefile}DESCRIPTION
+DESCRIPTION
host [-aCdlnrsTwv] [-c ] [class-N ] [ndots-R ] [number-t ] [type-W ] [wait-m ] [flag-4] [-6] [-v] [-V] {name} [server]DESCRIPTION
+DESCRIPTION
IDN SUPPORT
+IDN SUPPORT
SEE ALSO
+SEE ALSO
isc-hmac-fixup {algorithm} {secret}DESCRIPTION
+DESCRIPTION
SECURITY CONSIDERATIONS
+SECURITY CONSIDERATIONS
named-checkconf [-h] [-v] [-j] [-t ] {filename} [directory-p] [-x] [-z]DESCRIPTION
+DESCRIPTION
RETURN VALUES
+RETURN VALUES
named-compilezone [-d] [-j] [-q] [-v] [-c ] [class-C ] [mode-f ] [format-F ] [format-J ] [filename-i ] [mode-k ] [mode-m ] [mode-n ] [mode-l ] [ttl-L ] [serial-r ] [mode-s ] [style-t ] [directory-T ] [mode-w ] [directory-D] [-W ] {mode-o } {zonename} {filename}filenameDESCRIPTION
+DESCRIPTION
RETURN VALUES
+RETURN VALUES
named-journalprint {journal}DESCRIPTION
+DESCRIPTION
named-rrchecker [-h] [-o ] [origin-p] [-u] [-C] [-T] [-P]DESCRIPTION
+DESCRIPTION
SEE ALSO
+SEE ALSO
named [-4] [-6] [-c ] [config-file-d ] [debug-level-D ] [string-E ] [engine-name-f] [-g] [-L ] [logfile-M ] [option-m ] [flag-n ] [#cpus-p ] [port-s] [-S ] [#max-socks-t ] [directory-U ] [#listeners-u ] [user-v] [-V] [-X ] [lock-file-x ]cache-fileDESCRIPTION
+DESCRIPTION
SIGNALS
+SIGNALS
CONFIGURATION
+CONFIGURATION
nsupdate [-d] [-D] [-L ] [[level-g] | [-o] | [-l] | [-y ] | [[hmac:]keyname:secret-k ]] [keyfile-t ] [timeout-u ] [udptimeout-r ] [udpretries-R ] [randomdev-v] [-T] [-P] [-V] [filename]DESCRIPTION
+DESCRIPTION
BUGS
+BUGS
rndc-confgen [-a] [-A ] [algorithm-b ] [keysize-c ] [keyfile-h] [-k ] [keyname-p ] [port-r ] [randomfile-s ] [address-t ] [chrootdir-u ]userDESCRIPTION
+DESCRIPTION
EXAMPLES
+EXAMPLES
rndc.conf DESCRIPTION
+DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
NAME SERVER CONFIGURATION
+NAME SERVER CONFIGURATION
rndc.conf
@@ -220,7 +220,7 @@
rndc [-b ] [source-address-c ] [config-file-k ] [key-file-s ] [server-p ] [port-q] [-r] [-V] [-y ] {command}key_idDESCRIPTION
+DESCRIPTION
COMMANDS
+COMMANDS