mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

regen master

Browse Source
This commit is contained in:
Tinderbox User 2015-01-11 01:05:05 +00:00
parent f0cbe180f0
commit 2f161339d2
31 changed files with 356 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

354
doc/arm/Bv9ARM.ch04.html
View File

@ -91,18 +91,18 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2666992">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667001">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612469">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639305">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639478">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639832">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639880">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667127">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667137">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612533">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639440">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639476">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639693">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639810">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639944">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611755">Sample DLZ Driver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611749">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612027">Sample DLZ Driver</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
@ -1431,8 +1431,9 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
been tested with Debian Linux, Solaris x86 and Windows Server 2003;
the Thales nShield, tested with Debian Linux; and the Sun SCA 6000
cryptographic acceleration board, tested with Solaris x86. In
addition, BIND can be used with SoftHSM, a software-based HSM
simulator produced by the OpenDNSSEC project.
addition, BIND can be used with all current versions of SoftHSM,
a software-based HSM simulator library produced by the OpenDNSSEC
project.
</p>
<p>
PKCS#11 makes use of a "provider library": a dynamically loadable
@ -1452,7 +1453,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2666992"></a>Prerequisites</h3></div></div></div>
<a name="id2667127"></a>Prerequisites</h3></div></div></div>
<p>
See the documentation provided by your HSM vendor for
information about installing, initializing, testing and
@ -1461,18 +1462,18 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2667001"></a>Native PKCS#11</h3></div></div></div>
<a name="id2667137"></a>Native PKCS#11</h3></div></div></div>
<p>
Native PKCS#11 mode will only work with an HSM capable of carrying
out <span class="emphasis"><em>every</em></span> cryptographic operation BIND 9 may
need. The HSM's provider library must have a complete implementation
of the PKCS#11 API, so that all these functions are accessible. As of
this writing, only the Thales nShield HSM and the latest development
version of SoftHSM can be used in this fashion. For other HSMs,
including the AEP Keyper, Sun SCA 6000 and older versions of SoftHSM,
use OpenSSL-based PKCS#11. (Note: As more HSMs become capable of
supporting native PKCS#11, it is expected that OpenSSL-based
PKCS#11 will eventually be deprecated.)
this writing, only the Thales nShield HSM and SoftHSMv2 can be used
in this fashion. For other HSMs, including the AEP Keyper, Sun SCA
6000 and older versions of SoftHSM, use OpenSSL-based PKCS#11.
(Note: Eventually, when more HSMs become capable of supporting
native PKCS#11, it is expected that OpenSSL-based PKCS#11 will
be deprecated.)
</p>
<p>
To build BIND with native PKCS#11, configure as follows:
@ -1492,10 +1493,47 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
<span><strong class="command">dnssec-*</strong></span> tools, or the <code class="option">-m</code> in
the <span><strong class="command">pkcs11-*</strong></span> tools.)
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612467"></a>Building SoftHSMv2</h4></div></div></div>
<p>
SoftHSMv2, the latest development version of SoftHSM, is available
from
<a href="https://github.com/opendnssec/SoftHSMv2" target="_top">
https://github.com/opendnssec/SoftHSMv2
</a>.
It is a software library developed by the OpenDNSSEC project
(<a href="http://www.opendnssec.org" target="_top">
http://www.opendnssec.org
</a>)
which provides a PKCS#11 interface to a virtual HSM, implemented in
the form of a SQLite3 database on the local filesystem. It provides
less security than a true HSM, but it allows you to experiment with
native PKCS#11 when an HSM is not available. SoftHSMv2 can be
configured to use either OpenSSL or the Botan library to perform
cryptographic functions, but when using it for native PKCS#11 in
BIND, OpenSSL is required.
</p>
<p>
By default, the SoftHSMv2 configuration file is
<em class="replaceable"><code>prefix</code></em>/etc/softhsm2.conf (where
<em class="replaceable"><code>prefix</code></em> is configured at compile time).
This location can be overridden by the SOFTHSM2_CONF environment
variable. The SoftHSMv2 cryptographic store must be installed and
initialized before using it with BIND.
</p>
<pre class="screen">
$ <strong class="userinput"><code> cd SoftHSMv2 </code></strong>
$ <strong class="userinput"><code> configure --with-crypto-backend=openssl --prefix=/opt/pkcs11/usr --enable-gost </code></strong>
$ <strong class="userinput"><code> make </code></strong>
$ <strong class="userinput"><code> make install </code></strong>
$ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label softhsmv2 </code></strong>
</pre>
</div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2612469"></a>OpenSSL-based PKCS#11</h3></div></div></div>
<a name="id2612533"></a>OpenSSL-based PKCS#11</h3></div></div></div>
<p>
OpenSSL-based PKCS#11 mode uses a modified version of the
OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@ -1512,23 +1550,23 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
</p>
<div class="itemizedlist"><ul type="disc">
<li><p>
Use 'crypto-accelerator' with HSMs that have hardware
cryptographic acceleration features, such as the SCA 6000
board. This causes OpenSSL to run all supported
cryptographic operations in the HSM.
</p></li>
Use 'crypto-accelerator' with HSMs that have hardware
cryptographic acceleration features, such as the SCA 6000
board. This causes OpenSSL to run all supported
cryptographic operations in the HSM.
</p></li>
<li><p>
Use 'sign-only' with HSMs that are designed to
function primarily as secure key storage devices, but lack
hardware acceleration. These devices are highly secure, but
are not necessarily any faster at cryptography than the
system CPU &#8212; often, they are slower. It is therefore
most efficient to use them only for those cryptographic
functions that require access to the secured private key,
such as zone signing, and to use the system CPU for all
other computationally-intensive operations. The AEP Keyper
is an example of such a device.
</p></li>
Use 'sign-only' with HSMs that are designed to
function primarily as secure key storage devices, but lack
hardware acceleration. These devices are highly secure, but
are not necessarily any faster at cryptography than the
system CPU &#8212; often, they are slower. It is therefore
most efficient to use them only for those cryptographic
functions that require access to the secured private key,
such as zone signing, and to use the system CPU for all
other computationally-intensive operations. The AEP Keyper
is an example of such a device.
</p></li>
</ul></div>
<p>
The modified OpenSSL code is included in the BIND 9 release,
@ -1540,8 +1578,8 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
</p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
The latest OpenSSL versions as of this writing (January 2014)
are 0.9.8y, 1.0.0l, and 1.0.1f.
The latest OpenSSL versions as of this writing (January 2015)
are 0.9.8zc, 1.0.0o, and 1.0.1j.
ISC will provide updated patches as new versions of OpenSSL
are released. The version number in the following examples
is expected to change.
@ -1553,130 +1591,132 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612574"></a>Patching OpenSSL</h4></div></div></div>
<a name="id2612570"></a>Patching OpenSSL</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8y.tar.gz</a></code></strong>
$ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</a></code></strong>
</pre>
<p>Extract the tarball:</p>
<pre class="screen">
$ <strong class="userinput"><code>tar zxf openssl-0.9.8y.tar.gz</code></strong>
$ <strong class="userinput"><code>tar zxf openssl-0.9.8zc.tar.gz</code></strong>
</pre>
<p>Apply the patch from the BIND 9 release:</p>
<pre class="screen">
$ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8y \
&lt; bind9/bin/pkcs11/openssl-0.9.8y-patch</code></strong>
$ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
&lt; bind9/bin/pkcs11/openssl-0.9.8zc-patch</code></strong>
</pre>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
Note that the patch file may not be compatible with the
"patch" utility on all operating systems. You may need to
install GNU patch.
Note that the patch file may not be compatible with the
"patch" utility on all operating systems. You may need to
install GNU patch.
</div>
<p>
When building OpenSSL, place it in a non-standard
location so that it does not interfere with OpenSSL libraries
elsewhere on the system. In the following examples, we choose
to install into "/opt/pkcs11/usr". We will use this location
when we configure BIND 9.
When building OpenSSL, place it in a non-standard
location so that it does not interfere with OpenSSL libraries
elsewhere on the system. In the following examples, we choose
to install into "/opt/pkcs11/usr". We will use this location
when we configure BIND 9.
</p>
<p>
Later, when building BIND 9, the location of the custom-built
OpenSSL library will need to be specified via configure.
Later, when building BIND 9, the location of the custom-built
OpenSSL library will need to be specified via configure.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612701"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<a name="id2612629"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>
The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
slower than your system's CPU. Therefore, we choose the
'sign-only' flavor when building OpenSSL.
The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
slower than your system's CPU. Therefore, we choose the
'sign-only' flavor when building OpenSSL.
</p>
<p>
The Keyper-specific PKCS#11 provider library is
delivered with the Keyper software. In this example, we place
it /opt/pkcs11/usr/lib:
The Keyper-specific PKCS#11 provider library is
delivered with the Keyper software. In this example, we place
it /opt/pkcs11/usr/lib:
</p>
<pre class="screen">
$ <strong class="userinput"><code>cp pkcs11.GCC4.0.2.so.4.05 /opt/pkcs11/usr/lib/libpkcs11.so</code></strong>
</pre>
<p>
This library is only available for Linux as a 32-bit
binary. If we are compiling on a 64-bit Linux system, it is
necessary to force a 32-bit build, by specifying -m32 in the
build options.
This library is only available for Linux as a 32-bit
binary. If we are compiling on a 64-bit Linux system, it is
necessary to force a 32-bit build, by specifying -m32 in the
build options.
</p>
<p>
Finally, the Keyper library requires threads, so we
must specify -pthread.
Finally, the Keyper library requires threads, so we
must specify -pthread.
</p>
<pre class="screen">
$ <strong class="userinput"><code>cd openssl-0.9.8y</code></strong>
$ <strong class="userinput"><code>cd openssl-0.9.8zc</code></strong>
$ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
--pk11-libname=/opt/pkcs11/usr/lib/libpkcs11.so \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
--pk11-libname=/opt/pkcs11/usr/lib/libpkcs11.so \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
</pre>
<p>
After configuring, run "<span><strong class="command">make</strong></span>"
and "<span><strong class="command">make test</strong></span>". If "<span><strong class="command">make
test</strong></span>" fails with "pthread_atfork() not found", you forgot to
add the -pthread above.
After configuring, run "<span><strong class="command">make</strong></span>"
and "<span><strong class="command">make test</strong></span>". If "<span><strong class="command">make
test</strong></span>" fails with "pthread_atfork() not found", you forgot to
add the -pthread above.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612772"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<a name="id2612766"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>
The SCA-6000 PKCS#11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
'crypto-accelerator'.
The SCA-6000 PKCS#11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
'crypto-accelerator'.
</p>
<p>
In this example, we are building on Solaris x86 on an
AMD64 system.
In this example, we are building on Solaris x86 on an
AMD64 system.
</p>
<pre class="screen">
$ <strong class="userinput"><code>cd openssl-0.9.8y</code></strong>
$ <strong class="userinput"><code>cd openssl-0.9.8zc</code></strong>
$ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
--pk11-libname=/usr/lib/64/libpkcs11.so \
--pk11-flavor=crypto-accelerator \
--prefix=/opt/pkcs11/usr</code></strong>
--pk11-libname=/usr/lib/64/libpkcs11.so \
--pk11-flavor=crypto-accelerator \
--prefix=/opt/pkcs11/usr</code></strong>
</pre>
<p>
(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
</p>
<p>
After configuring, run
<span><strong class="command">make</strong></span> and
<span><strong class="command">make test</strong></span>.
After configuring, run
<span><strong class="command">make</strong></span> and
<span><strong class="command">make test</strong></span>.
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612822"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<a name="id2612816"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
<p>
SoftHSM is a software library provided by the OpenDNSSEC
project (http://www.opendnssec.org) which provides a PKCS#11
interface to a virtual HSM, implemented in the form of encrypted
data on the local filesystem. SoftHSM can be configured to use
either OpenSSL or the Botan library for encryption, and SQLite3
for data storage. Though less secure than a true HSM, it can
provide more secure key storage than traditional key files,
and can allow you to experiment with PKCS#11 when an HSM is
not available.
SoftHSM (version 1) is a software library developed by the
OpenDNSSEC project
(<a href="http://www.opendnssec.org" target="_top">
http://www.opendnssec.org
</a>)
which provides a
PKCS#11 interface to a virtual HSM, implemented in the form of
a SQLite3 database on the local filesystem. SoftHSM uses
the Botan library to perform cryptographic functions. Though
less secure than a true HSM, it can allow you to experiment
with PKCS#11 when an HSM is not available.
</p>
<p>
The SoftHSM cryptographic store must be installed and
initialized before using it with OpenSSL, and the SOFTHSM_CONF
environment variable must always point to the SoftHSM configuration
file:
The SoftHSM cryptographic store must be installed and
initialized before using it with OpenSSL, and the SOFTHSM_CONF
environment variable must always point to the SoftHSM configuration
file:
</p>
<pre class="screen">
$ <strong class="userinput"><code> cd softhsm-1.3.0 </code></strong>
$ <strong class="userinput"><code> cd softhsm-1.3.7 </code></strong>
$ <strong class="userinput"><code> configure --prefix=/opt/pkcs11/usr </code></strong>
$ <strong class="userinput"><code> make </code></strong>
$ <strong class="userinput"><code> make install </code></strong>
@ -1685,21 +1725,21 @@ $ <strong class="userinput"><code> echo "0:/opt/pkcs11/softhsm.db" &gt; $SOFTHSM
$ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm --init-token 0 --slot 0 --label softhsm </code></strong>
</pre>
<p>
SoftHSM can perform all cryptographic operations, but
since it only uses your system CPU, there is no advantage to using
it for anything but signing. Therefore, we choose the 'sign-only'
flavor when building OpenSSL.
SoftHSM can perform all cryptographic operations, but
since it only uses your system CPU, there is no advantage to using
it for anything but signing. Therefore, we choose the 'sign-only'
flavor when building OpenSSL.
</p>
<pre class="screen">
$ <strong class="userinput"><code>cd openssl-0.9.8y</code></strong>
$ <strong class="userinput"><code>cd openssl-0.9.8zc</code></strong>
$ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
--pk11-libname=/opt/pkcs11/usr/lib/libsofthsm.so \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
--pk11-libname=/opt/pkcs11/usr/lib/libsofthsm.so \
--pk11-flavor=sign-only \
--prefix=/opt/pkcs11/usr</code></strong>
</pre>
<p>
After configuring, run "<span><strong class="command">make</strong></span>"
and "<span><strong class="command">make test</strong></span>".
After configuring, run "<span><strong class="command">make</strong></span>"
and "<span><strong class="command">make test</strong></span>".
</p>
</div>
<p>
@ -1710,11 +1750,11 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
selected:
</p>
<pre class="screen">
(pkcs11) PKCS #11 engine support (sign only)
(pkcs11) PKCS #11 engine support (sign only)
</pre>
<p>Or:</p>
<pre class="screen">
(pkcs11) PKCS #11 engine support (crypto accelerator)
(pkcs11) PKCS #11 engine support (crypto accelerator)
</pre>
<p>
Next, run
@ -1730,54 +1770,54 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2612973"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<a name="id2639254"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
<p>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
</p>
<p>
The PKCS#11 library for the AEP Keyper is currently
only available as a 32-bit binary. If we are building on a
64-bit host, we must force a 32-bit build by adding "-m32" to
the CC options on the "configure" command line.
The PKCS#11 library for the AEP Keyper is currently
only available as a 32-bit binary. If we are building on a
64-bit host, we must force a 32-bit build by adding "-m32" to
the CC options on the "configure" command line.
</p>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libpkcs11.so</code></strong>
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libpkcs11.so</code></strong>
</pre>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2639220"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<a name="id2639354"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
<p>
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
To link with the PKCS#11 provider, threads must be
enabled in the BIND 9 build.
</p>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-threads \
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/usr/lib/64/libpkcs11.so</code></strong>
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/usr/lib/64/libpkcs11.so</code></strong>
</pre>
<p>(For a 32-bit build, omit CC="cc -xarch=amd64".)</p>
<p>
If configure complains about OpenSSL not working, you
may have a 32/64-bit architecture mismatch. Or, you may have
incorrectly specified the path to OpenSSL (it should be the
same as the --prefix argument to the OpenSSL
Configure).
If configure complains about OpenSSL not working, you
may have a 32/64-bit architecture mismatch. Or, you may have
incorrectly specified the path to OpenSSL (it should be the
same as the --prefix argument to the OpenSSL
Configure).
</p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2639256"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<a name="id2639390"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd ../bind9</code></strong>
$ <strong class="userinput"><code>./configure --enable-threads \
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libsofthsm.so</code></strong>
--with-openssl=/opt/pkcs11/usr \
--with-pkcs11=/opt/pkcs11/usr/lib/libsofthsm.so</code></strong>
</pre>
</div>
<p>
@ -1793,7 +1833,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2639305"></a>PKCS#11 Tools</h3></div></div></div>
<a name="id2639440"></a>PKCS#11 Tools</h3></div></div></div>
<p>
BIND 9 includes a minimal set of tools to operate the
HSM, including
@ -1816,7 +1856,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2639478"></a>Using the HSM</h3></div></div></div>
<a name="id2639476"></a>Using the HSM</h3></div></div></div>
<p>
For OpenSSL-based PKCS#11, we must first set up the runtime
environment so the OpenSSL and PKCS#11 libraries can be loaded:
@ -1937,7 +1977,7 @@ example.net.signed
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2639832"></a>Specifying the engine on the command line</h3></div></div></div>
<a name="id2639693"></a>Specifying the engine on the command line</h3></div></div></div>
<p>
When using OpenSSL-based PKCS#11, the "engine" to be used by
OpenSSL can be specified in <span><strong class="command">named</strong></span> and all of
@ -1969,7 +2009,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2639880"></a>Running named with automatic zone re-signing</h3></div></div></div>
<a name="id2639810"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>
If you want <span><strong class="command">named</strong></span> to dynamically re-sign zones
using HSM keys, and/or to to sign new records inserted via nsupdate,
@ -1985,13 +2025,13 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<p>Sample openssl.cnf:</p>
<pre class="programlisting">
openssl_conf = openssl_def
[ openssl_def ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_section
[ pkcs11_section ]
PIN = <em class="replaceable"><code>&lt;PLACE PIN HERE&gt;</code></em>
openssl_conf = openssl_def
[ openssl_def ]
engines = engine_section
[ engine_section ]
pkcs11 = pkcs11_section
[ pkcs11_section ]
PIN = <em class="replaceable"><code>&lt;PLACE PIN HERE&gt;</code></em>
</pre>
<p>
This will also allow the dnssec-* tools to access the HSM
@ -2002,16 +2042,16 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
<p>
In native PKCS#11 mode, the PIN can be provided in a file specified
as an attribute of the key's label. For example, if a key had the label
<strong class="userinput"><code>pkcs11:object=local-zsk;pin-source=/etc/hsmpin"</code></strong>,
<strong class="userinput"><code>pkcs11:object=local-zsk;pin-source=/etc/hsmpin</code></strong>,
then the PIN would be read from the file
<code class="filename">/etc/hsmpin</code>.
</p>
<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Warning</h3>
<p>
Placing the HSM's PIN in a text file in this manner may reduce the
security advantage of using an HSM. Be sure this is what you want to
do before configuring the system in this way.
Placing the HSM's PIN in a text file in this manner may reduce the
security advantage of using an HSM. Be sure this is what you want to
do before configuring the system in this way.
</p>
</div>
</div>
@ -2056,7 +2096,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2639944"></a>Configuring DLZ</h3></div></div></div>
<a name="id2611749"></a>Configuring DLZ</h3></div></div></div>
<p>
A DLZ database is configured with a <span><strong class="command">dlz</strong></span>
statement in <code class="filename">named.conf</code>:
@ -2105,7 +2145,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2611755"></a>Sample DLZ Driver</h3></div></div></div>
<a name="id2612027"></a>Sample DLZ Driver</h3></div></div></div>
<p>
For guidance in implementation of DLZ modules, the directory
<code class="filename">contrib/dlz/example</code> contains a basic

4
doc/arm/Bv9ARM.ch09.html
View File

@ -420,6 +420,10 @@
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</p></li>
<li><p>
Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">

32
doc/arm/Bv9ARM.html
View File

@ -135,18 +135,18 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2666992">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667001">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612469">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639305">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639478">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639832">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639880">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667127">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667137">Native PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612533">OpenSSL-based PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639440">PKCS#11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639476">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639693">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639810">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2639944">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611755">Sample DLZ Driver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2611749">Configuring DLZ</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612027">Sample DLZ Driver</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
@ -268,13 +268,13 @@
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614725">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614734">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612165">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612196">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613843">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613869">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615047">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614457">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614467">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613672">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613703">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613780">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613875">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615189">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>

6
doc/arm/man.arpaname.html
View File

@ -50,20 +50,20 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2624644"></a><h2>DESCRIPTION</h2>
<a name="id2625332"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625273"></a><h2>SEE ALSO</h2>
<a name="id2625347"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625287"></a><h2>AUTHOR</h2>
<a name="id2625361"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.ddns-confgen.html
View File

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2666830"></a><h2>DESCRIPTION</h2>
<a name="id2664242"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
are invocation methods for a utility that generates keys for use
@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669050"></a><h2>OPTIONS</h2>
<a name="id2664345"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@ -159,7 +159,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669267"></a><h2>SEE ALSO</h2>
<a name="id2665040"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -167,7 +167,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669305"></a><h2>AUTHOR</h2>
<a name="id2665078"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.delv.html
View File

@ -53,7 +53,7 @@
<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617619"></a><h2>DESCRIPTION</h2>
<a name="id2617624"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">delv</strong></span>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the the same internal
@ -96,7 +96,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617691"></a><h2>SIMPLE USAGE</h2>
<a name="id2617697"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">delv</strong></span> looks like:
</p>
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617822"></a><h2>OPTIONS</h2>
<a name="id2618033"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
<dd>
@ -285,7 +285,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673326"></a><h2>QUERY OPTIONS</h2>
<a name="id2673332"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">delv</strong></span>
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
@ -471,12 +471,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673788"></a><h2>FILES</h2>
<a name="id2673862"></a><h2>FILES</h2>
<p><code class="filename">/etc/bind.keys</code></p>
<p><code class="filename">/etc/resolv.conf</code></p>
</div>
<div class="refsect1" lang="en">
<a name="id2673808"></a><h2>SEE ALSO</h2>
<a name="id2673881"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC4034</em>,

18
doc/arm/man.dig.html
View File

@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615489"></a><h2>DESCRIPTION</h2>
<a name="id2615357"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@ -99,7 +99,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615591"></a><h2>SIMPLE USAGE</h2>
<a name="id2615460"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615717"></a><h2>OPTIONS</h2>
<a name="id2615586"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@ -260,7 +260,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2667204"></a><h2>QUERY OPTIONS</h2>
<a name="id2667414"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@ -688,7 +688,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668628"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2668906"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@ -734,7 +734,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668781"></a><h2>IDN SUPPORT</h2>
<a name="id2668992"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -748,14 +748,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668810"></a><h2>FILES</h2>
<a name="id2669020"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668832"></a><h2>SEE ALSO</h2>
<a name="id2669042"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@ -763,7 +763,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668869"></a><h2>BUGS</h2>
<a name="id2669079"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

8
doc/arm/man.dnssec-checkds.html
View File

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618166"></a><h2>DESCRIPTION</h2>
<a name="id2618649"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618180"></a><h2>OPTIONS</h2>
<a name="id2618663"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
@ -88,14 +88,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618282"></a><h2>SEE ALSO</h2>
<a name="id2618765"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618316"></a><h2>AUTHOR</h2>
<a name="id2618868"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-coverage.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619074"></a><h2>DESCRIPTION</h2>
<a name="id2619079"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619100"></a><h2>OPTIONS</h2>
<a name="id2619106"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@ -192,7 +192,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619546"></a><h2>SEE ALSO</h2>
<a name="id2619552"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619590"></a><h2>AUTHOR</h2>
<a name="id2619595"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-dsfromkey.html
View File

@ -52,14 +52,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620050"></a><h2>DESCRIPTION</h2>
<a name="id2620260"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620064"></a><h2>OPTIONS</h2>
<a name="id2620274"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@ -144,7 +144,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620736"></a><h2>EXAMPLE</h2>
<a name="id2620809"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@ -159,7 +159,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620772"></a><h2>FILES</h2>
<a name="id2620845"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -173,13 +173,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620813"></a><h2>CAVEAT</h2>
<a name="id2620887"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620823"></a><h2>SEE ALSO</h2>
<a name="id2621989"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -189,7 +189,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622091"></a><h2>AUTHOR</h2>
<a name="id2622028"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-importkey.html
View File

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621027"></a><h2>DESCRIPTION</h2>
<a name="id2621100"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-importkey</strong></span>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621054"></a><h2>OPTIONS</h2>
<a name="id2621128"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
@ -114,7 +114,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621260"></a><h2>TIMING OPTIONS</h2>
<a name="id2621470"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -142,7 +142,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621785"></a><h2>FILES</h2>
<a name="id2621586"></a><h2>FILES</h2>
<p>
A keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621811"></a><h2>SEE ALSO</h2>
<a name="id2621611"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -159,7 +159,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621844"></a><h2>AUTHOR</h2>
<a name="id2621644"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-keyfromlabel.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2622790"></a><h2>DESCRIPTION</h2>
<a name="id2622181"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622816"></a><h2>OPTIONS</h2>
<a name="id2622206"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -243,7 +243,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674006"></a><h2>TIMING OPTIONS</h2>
<a name="id2674080"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -315,7 +315,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674196"></a><h2>GENERATED KEY FILES</h2>
<a name="id2674201"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@ -354,7 +354,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674358"></a><h2>SEE ALSO</h2>
<a name="id2674363"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -363,7 +363,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674395"></a><h2>AUTHOR</h2>
<a name="id2674401"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-keygen.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623697"></a><h2>DESCRIPTION</h2>
<a name="id2623361"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623717"></a><h2>OPTIONS</h2>
<a name="id2623381"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@ -285,7 +285,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674713"></a><h2>TIMING OPTIONS</h2>
<a name="id2674855"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -359,7 +359,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2675040"></a><h2>GENERATED KEYS</h2>
<a name="id2675045"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@ -405,7 +405,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675147"></a><h2>EXAMPLE</h2>
<a name="id2675221"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@ -426,7 +426,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675204"></a><h2>SEE ALSO</h2>
<a name="id2675277"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@ -435,7 +435,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2675235"></a><h2>AUTHOR</h2>
<a name="id2675308"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-revoke.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2637738"></a><h2>DESCRIPTION</h2>
<a name="id2626480"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2637752"></a><h2>OPTIONS</h2>
<a name="id2626493"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -109,14 +109,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2637890"></a><h2>SEE ALSO</h2>
<a name="id2633185"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2637914"></a><h2>AUTHOR</h2>
<a name="id2633209"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-settime.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2638913"></a><h2>DESCRIPTION</h2>
<a name="id2637348"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2640268"></a><h2>OPTIONS</h2>
<a name="id2637406"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@ -131,7 +131,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2640407"></a><h2>TIMING OPTIONS</h2>
<a name="id2640071"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@ -210,7 +210,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2641706"></a><h2>PRINTING OPTIONS</h2>
<a name="id2640210"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@ -236,7 +236,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644517"></a><h2>SEE ALSO</h2>
<a name="id2640290"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -244,7 +244,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644550"></a><h2>AUTHOR</h2>
<a name="id2640323"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.dnssec-signzone.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-Q</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644279"></a><h2>DESCRIPTION</h2>
<a name="id2644762"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644298"></a><h2>OPTIONS</h2>
<a name="id2644781"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@ -512,7 +512,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2676699"></a><h2>EXAMPLE</h2>
<a name="id2676705"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@ -542,14 +542,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2676778"></a><h2>SEE ALSO</h2>
<a name="id2676784"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2676806"></a><h2>AUTHOR</h2>
<a name="id2676811"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-verify.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2645326"></a><h2>DESCRIPTION</h2>
<a name="id2644990"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2645340"></a><h2>OPTIONS</h2>
<a name="id2645004"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
@ -138,7 +138,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2645524"></a><h2>SEE ALSO</h2>
<a name="id2645256"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@ -146,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2645549"></a><h2>AUTHOR</h2>
<a name="id2645282"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.genrandom.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2624770"></a><h2>DESCRIPTION</h2>
<a name="id2625116"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669363"></a><h2>ARGUMENTS</h2>
<a name="id2665204"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@ -77,14 +77,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669424"></a><h2>SEE ALSO</h2>
<a name="id2665265"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669518"></a><h2>AUTHOR</h2>
<a name="id2665291"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.host.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2616034"></a><h2>DESCRIPTION</h2>
<a name="id2615902"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@ -214,7 +214,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616938"></a><h2>IDN SUPPORT</h2>
<a name="id2618309"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@ -228,12 +228,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616967"></a><h2>FILES</h2>
<a name="id2618338"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616981"></a><h2>SEE ALSO</h2>
<a name="id2618352"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

8
doc/arm/man.isc-hmac-fixup.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669780"></a><h2>DESCRIPTION</h2>
<a name="id2666645"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669808"></a><h2>SECURITY CONSIDERATIONS</h2>
<a name="id2666673"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@ -87,14 +87,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669824"></a><h2>SEE ALSO</h2>
<a name="id2666689"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669841"></a><h2>AUTHOR</h2>
<a name="id2666706"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkconf.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2645922"></a><h2>DESCRIPTION</h2>
<a name="id2645449"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2645992"></a><h2>OPTIONS</h2>
<a name="id2645520"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@ -119,21 +119,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2646148"></a><h2>RETURN VALUES</h2>
<a name="id2645880"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646162"></a><h2>SEE ALSO</h2>
<a name="id2645894"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2646192"></a><h2>AUTHOR</h2>
<a name="id2645924"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkzone.html
View File

@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2676896"></a><h2>DESCRIPTION</h2>
<a name="id2678608"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2676946"></a><h2>OPTIONS</h2>
<a name="id2678658"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@ -305,14 +305,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2677984"></a><h2>RETURN VALUES</h2>
<a name="id2679696"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677997"></a><h2>SEE ALSO</h2>
<a name="id2679709"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@ -320,7 +320,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678030"></a><h2>AUTHOR</h2>
<a name="id2679742"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

6
doc/arm/man.named-journalprint.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621995"></a><h2>DESCRIPTION</h2>
<a name="id2622615"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2622041"></a><h2>SEE ALSO</h2>
<a name="id2622661"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652929"></a><h2>AUTHOR</h2>
<a name="id2654777"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
doc/arm/man.named-rrchecker.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-rrchecker</code> [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2652992"></a><h2>DESCRIPTION</h2>
<a name="id2654840"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-rrchecker</strong></span>
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2653048"></a><h2>SEE ALSO</h2>
<a name="id2654897"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,

14
doc/arm/man.named.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>lock-file</code></em></code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2648912"></a><h2>DESCRIPTION</h2>
<a name="id2647893"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2648942"></a><h2>OPTIONS</h2>
<a name="id2647924"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@ -288,7 +288,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2678416"></a><h2>SIGNALS</h2>
<a name="id2681493"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@ -309,7 +309,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678466"></a><h2>CONFIGURATION</h2>
<a name="id2681543"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@ -326,7 +326,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678515"></a><h2>FILES</h2>
<a name="id2681592"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@ -339,7 +339,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2678558"></a><h2>SEE ALSO</h2>
<a name="id2681636"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@ -352,7 +352,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678697"></a><h2>AUTHOR</h2>
<a name="id2681774"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.nsec3hash.html
View File

@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2625171"></a><h2>DESCRIPTION</h2>
<a name="id2625313"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625186"></a><h2>ARGUMENTS</h2>
<a name="id2625328"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@ -80,14 +80,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669962"></a><h2>SEE ALSO</h2>
<a name="id2669353"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669979"></a><h2>AUTHOR</h2>
<a name="id2669438"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.nsupdate.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2654664"></a><h2>DESCRIPTION</h2>
<a name="id2655216"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@ -236,7 +236,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678917"></a><h2>INPUT FORMAT</h2>
<a name="id2682062"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@ -549,7 +549,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680065"></a><h2>EXAMPLES</h2>
<a name="id2683210"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@ -603,7 +603,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680115"></a><h2>FILES</h2>
<a name="id2683329"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@ -626,7 +626,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2680266"></a><h2>SEE ALSO</h2>
<a name="id2683412"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@ -641,7 +641,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680324"></a><h2>BUGS</h2>
<a name="id2683469"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

10
doc/arm/man.rndc-confgen.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2664284"></a><h2>DESCRIPTION</h2>
<a name="id2662651"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2664350"></a><h2>OPTIONS</h2>
<a name="id2663332"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@ -180,7 +180,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2665232"></a><h2>EXAMPLES</h2>
<a name="id2664145"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@ -197,7 +197,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669657"></a><h2>SEE ALSO</h2>
<a name="id2665566"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -205,7 +205,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669696"></a><h2>AUTHOR</h2>
<a name="id2665605"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.rndc.conf.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623880"></a><h2>DESCRIPTION</h2>
<a name="id2623885"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@ -136,7 +136,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2661394"></a><h2>EXAMPLE</h2>
<a name="id2660102"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663495"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2661384"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@ -220,7 +220,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663521"></a><h2>SEE ALSO</h2>
<a name="id2661410"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@ -228,7 +228,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663559"></a><h2>AUTHOR</h2>
<a name="id2661448"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.html
View File

@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2660106"></a><h2>DESCRIPTION</h2>
<a name="id2656152"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660156"></a><h2>OPTIONS</h2>
<a name="id2656202"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@ -152,7 +152,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661675"></a><h2>COMMANDS</h2>
<a name="id2659837"></a><h2>COMMANDS</h2>
<p>
A list of commands supported by <span><strong class="command">rndc</strong></span> can
be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@ -620,7 +620,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2686376"></a><h2>LIMITATIONS</h2>
<a name="id2686381"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@ -630,7 +630,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2686394"></a><h2>SEE ALSO</h2>
<a name="id2686400"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@ -640,7 +640,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2686450"></a><h2>AUTHOR</h2>
<a name="id2686455"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
doc/arm/notes.html
View File

@ -381,6 +381,10 @@
initial packet sizes used in BIND 9.10 and higher when
contacting authoritative servers for the first time.
</p></li>
<li><p>
Built-in "empty" zones did not correctly inherit the
"allow-transfer" ACL from the options or view. [RT #38310]
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">