diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index ed62ada8f8..165d59fa17 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.51 2009/10/23 01:14:47 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.52 2009/10/28 01:14:38 tbox Exp $
.\"
.hy 0
.ad l
@@ -33,7 +33,7 @@
dnssec\-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP 14
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
@@ -144,6 +144,15 @@ Deprecated in favor of \-T KEY.
Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
.RE
.PP
+\-q
+.RS 4
+Quiet mode: Suppresses unnecessary output, including progress indication. Without this option, when
+\fBdnssec\-keygen\fR
+is run interactively to generate an RSA or DSA key pair, it will print a string of symbols to
+\fIstderr\fR
+indicating the progress of the key generation. A '.' indicates that a random number has been found which passed an initial sieve test; '+' means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key.
+.RE
+.PP
\-r \fIrandomdev\fR
.RS 4
Specifies the source of randomness. If the operating system does not provide a
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index c7365c80c6..452b7ecbfa 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -29,10 +29,10 @@
Synopsis
-
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}
+
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -46,7 +46,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -177,6 +177,20 @@
Other possible values for this argument are listed in
RFC 2535 and its successors.
+- -q
+
+ Quiet mode: Suppresses unnecessary output, including
+ progress indication. Without this option, when
+ dnssec-keygen is run interactively
+ to generate an RSA or DSA key pair, it will print a string
+ of symbols to stderr indicating the
+ progress of the key generation. A '.' indicates that a
+ random number has been found which passed an initial
+ sieve test; '+' means a number has passed a single
+ round of the Miller-Rabin primality test; a space
+ means that the number has passed all the tests and is
+ a satisfactory key.
+
- -r
randomdev
Specifies the source of randomness. If the operating
@@ -224,7 +238,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -271,7 +285,7 @@
-
GENERATED KEYS
+
GENERATED KEYS
When dnssec-keygen completes
successfully,
@@ -317,7 +331,7 @@
-
EXAMPLE
+
EXAMPLE
To generate a 768-bit DSA key for the domain
example.com, the following command would be
@@ -338,7 +352,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
@@ -347,7 +361,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
ddns-confgen [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name | -z zone ] [-q] [name]
-
DESCRIPTION
+
DESCRIPTION
ddns-confgen
generates a key for use by nsupdate
and named. It simplifies configuration
@@ -75,7 +75,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
@@ -142,7 +142,7 @@
-
SEE ALSO
+
SEE ALSO
nsupdate(1),
named.conf(5),
named(8),
@@ -150,7 +150,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
Synopsis
-
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}
+
dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}
-
DESCRIPTION
+
DESCRIPTION
dnssec-keygen
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
-
@@ -195,6 +195,20 @@
Other possible values for this argument are listed in
RFC 2535 and its successors.
+- -q
+
+ Quiet mode: Suppresses unnecessary output, including
+ progress indication. Without this option, when
+ dnssec-keygen is run interactively
+ to generate an RSA or DSA key pair, it will print a string
+ of symbols to stderr indicating the
+ progress of the key generation. A '.' indicates that a
+ random number has been found which passed an initial
+ sieve test; '+' means a number has passed a single
+ round of the Miller-Rabin primality test; a space
+ means that the number has passed all the tests and is
+ a satisfactory key.
+
- -r
randomdev
Specifies the source of randomness. If the operating
@@ -242,7 +256,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -289,7 +303,7 @@
-
GENERATED KEYS
+
GENERATED KEYS
When dnssec-keygen completes
successfully,
@@ -335,7 +349,7 @@
-
EXAMPLE
+
EXAMPLE
To generate a 768-bit DSA key for the domain
example.com, the following command would be
@@ -356,7 +370,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
RFC 2539,
@@ -365,7 +379,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-revoke
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 5011.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-settime [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}
-
DESCRIPTION
+
DESCRIPTION
dnssec-settime
reads a DNSSEC private key file and sets the key timing metadata
as specified by the -P, -A,
@@ -75,7 +75,7 @@
-
TIMING OPTIONS
+
TIMING OPTIONS
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -151,7 +151,7 @@
-
PRINTING OPTIONS
+
PRINTING OPTIONS
dnssec-settime can also be used to print the
timing metadata associated with a key.
@@ -177,7 +177,7 @@
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
dnssec-signzone(8),
BIND 9 Administrator Reference Manual,
@@ -185,7 +185,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
dnssec-signzone [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]
-
DESCRIPTION
+
DESCRIPTION
dnssec-signzone
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
-
EXAMPLE
+
EXAMPLE
The following command signs the example.com
zone with the DSA key generated by dnssec-keygen
@@ -427,14 +427,14 @@ db.example.com.signed
%
-
SEE ALSO
+
SEE ALSO
dnssec-keygen(8),
BIND 9 Administrator Reference Manual,
RFC 4033.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]
-
DESCRIPTION
+
DESCRIPTION
named-checkconf
checks the syntax, but not the semantics, of a named
configuration file.
-
RETURN VALUES
+
RETURN VALUES
named-checkconf
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkzone(8),
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}
-
DESCRIPTION
+
DESCRIPTION
named-checkzone
checks the syntax and integrity of a zone file. It performs the
same checks as named does when loading a
@@ -71,7 +71,7 @@
-
RETURN VALUES
+
RETURN VALUES
named-checkzone
returns an exit status of 1 if
errors were detected and 0 otherwise.
-
SEE ALSO
+
SEE ALSO
named(8),
named-checkconf(8),
RFC 1035,
@@ -272,7 +272,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
named [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]
-
DESCRIPTION
+
DESCRIPTION
named
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
-
SIGNALS
+
SIGNALS
In routine operation, signals should not be used to control
the nameserver; rndc should be used
@@ -267,7 +267,7 @@
-
CONFIGURATION
+
CONFIGURATION
The named configuration file is too complex
to describe in detail here. A complete description is provided
@@ -284,7 +284,7 @@
-
FILES
+
FILES
/etc/named.conf
@@ -297,7 +297,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 1033,
RFC 1034,
RFC 1035,
@@ -310,7 +310,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]
-
DESCRIPTION
+
DESCRIPTION
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -210,7 +210,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -474,7 +474,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -528,7 +528,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -551,7 +551,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -566,7 +566,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index c0013eea22..ae70fb761e 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-
+
@@ -50,7 +50,7 @@
rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-
DESCRIPTION
+
DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
-
EXAMPLES
+
EXAMPLES
To allow rndc to be used with
no manual configuration, run
@@ -190,7 +190,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
@@ -198,7 +198,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
-
EXAMPLE
+
EXAMPLE
options {
default-server localhost;
@@ -209,7 +209,7 @@
-
NAME SERVER CONFIGURATION
+
NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc-confgen(8),
mmencode(1),
@@ -227,7 +227,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}
-
DESCRIPTION
+
DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -79,7 +79,7 @@
-
OPTIONS
+
OPTIONS
- -b
source-address
@@ -151,7 +151,7 @@
-
LIMITATIONS
+
LIMITATIONS
rndc
does not yet support all the commands of
the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
-
SEE ALSO
+
SEE ALSO
rndc.conf(5),
rndc-confgen(8),
named(8),
@@ -175,7 +175,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium