mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

regen

Browse Source
This commit is contained in:
Brian Wellington
2002-01-29 23:30:32 +00:00
parent a20b2c5f53
commit 8fb0f1fa42
2 changed files with 40 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
bin/nsupdate/nsupdate.8
View File

@@ -52,10 +52,10 @@ made and the replies received from the name server.
.PP .PP
Transaction signatures can be used to authenticate the Dynamic DNS Transaction signatures can be used to authenticate the Dynamic DNS
updates. updates.
These use the TSIG resource record type described in RFC2845. These use the TSIG resource record type described in RFC2845 or the
The signatures rely on a shared secret that should only be known to SIG(0) record described in RFC3535 and RFC2931.
\fBnsupdate\fR TSIG relies on a shared secret that should only be known to
and the name server. \fBnsupdate\fR and the name server.
Currently, the only supported encryption algorithm for TSIG is Currently, the only supported encryption algorithm for TSIG is
HMAC-MD5, which is defined in RFC 2104. HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to Once other algorithms are defined for TSIG, applications will need to
@@ -70,6 +70,8 @@ statements would be added to
so that the name server can associate the appropriate secret key so that the name server can associate the appropriate secret key
and algorithm with the IP address of the and algorithm with the IP address of the
client application that will be using TSIG authentication. client application that will be using TSIG authentication.
SIG(0) uses public key cryptography. To use a SIG(0) key, the public
key must be stored in a KEY record in a zone served by the name server.
\fBnsupdate\fR \fBnsupdate\fR
does not read does not read
\fI/etc/named.conf\fR. \fI/etc/named.conf\fR.
@@ -79,8 +81,8 @@ uses the
\fB-y\fR \fB-y\fR
or or
\fB-k\fR \fB-k\fR
option to provide the shared secret needed to generate a TSIG record option (with an HMAC-MD5 key) to provide the shared secret needed to generate
for authenticating Dynamic DNS update requests. a TSIG record for authenticating Dynamic DNS update requests.
These options are mutually exclusive. These options are mutually exclusive.
With the With the
\fB-k\fR \fB-k\fR
@@ -110,6 +112,10 @@ This may be visible in the output from
\fBps\fR(1) \fBps\fR(1)
or in a history file maintained by the user's shell. or in a history file maintained by the user's shell.
.PP .PP
The \fB-k\fR may also be used to specify a SIG(0) key used
to authenticate Dynamic DNS update requests. In this case, the key
specified is not an HMAC-MD5 key.
.PP
By default By default
\fBnsupdate\fR \fBnsupdate\fR
uses UDP to send update requests to the name server. uses UDP to send update requests to the name server.
@@ -331,6 +337,7 @@ base-64 encoding of HMAC-MD5 key created by
\fBRFC2845\fR, \fBRFC2845\fR,
\fBRFC1034\fR, \fBRFC1034\fR,
\fBRFC2535\fR, \fBRFC2535\fR,
\fBRFC2931\fR,
\fBnamed\fR(8), \fBnamed\fR(8),
\fBdnssec-keygen\fR(8). \fBdnssec-keygen\fR(8).
.SH "BUGS" .SH "BUGS"

38
bin/nsupdate/nsupdate.html
View File

@@ -130,13 +130,13 @@ made and the replies received from the name server.</P
><P ><P
>Transaction signatures can be used to authenticate the Dynamic DNS >Transaction signatures can be used to authenticate the Dynamic DNS
updates. updates.
These use the TSIG resource record type described in RFC2845. These use the TSIG resource record type described in RFC2845 or the
The signatures rely on a shared secret that should only be known to SIG(0) record described in RFC3535 and RFC2931.
TSIG relies on a shared secret that should only be known to
<B <B
CLASS="COMMAND" CLASS="COMMAND"
>nsupdate</B >nsupdate</B
> > and the name server.
and the name server.
Currently, the only supported encryption algorithm for TSIG is Currently, the only supported encryption algorithm for TSIG is
HMAC-MD5, which is defined in RFC 2104. HMAC-MD5, which is defined in RFC 2104.
Once other algorithms are defined for TSIG, applications will need to Once other algorithms are defined for TSIG, applications will need to
@@ -160,6 +160,8 @@ CLASS="FILENAME"
so that the name server can associate the appropriate secret key so that the name server can associate the appropriate secret key
and algorithm with the IP address of the and algorithm with the IP address of the
client application that will be using TSIG authentication. client application that will be using TSIG authentication.
SIG(0) uses public key cryptography. To use a SIG(0) key, the public
key must be stored in a KEY record in a zone served by the name server.
<B <B
CLASS="COMMAND" CLASS="COMMAND"
>nsupdate</B >nsupdate</B
@@ -184,8 +186,8 @@ or
CLASS="OPTION" CLASS="OPTION"
>-k</TT >-k</TT
> >
option to provide the shared secret needed to generate a TSIG record option (with an HMAC-MD5 key) to provide the shared secret needed to generate
for authenticating Dynamic DNS update requests. a TSIG record for authenticating Dynamic DNS update requests.
These options are mutually exclusive. These options are mutually exclusive.
With the With the
<TT <TT
@@ -259,6 +261,13 @@ CLASS="REFENTRYTITLE"
> >
or in a history file maintained by the user's shell.</P or in a history file maintained by the user's shell.</P
><P ><P
>The <TT
CLASS="OPTION"
>-k</TT
> may also be used to specify a SIG(0) key used
to authenticate Dynamic DNS update requests. In this case, the key
specified is not an HMAC-MD5 key.</P
><P
>By default >By default
<B <B
CLASS="COMMAND" CLASS="COMMAND"
@@ -281,7 +290,7 @@ This may be preferable when a batch of update requests is made.</P
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN65" NAME="AEN67"
></A ></A
><H2 ><H2
>INPUT FORMAT</H2 >INPUT FORMAT</H2
@@ -752,7 +761,7 @@ CLASS="COMMAND"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN223" NAME="AEN225"
></A ></A
><H2 ><H2
>EXAMPLES</H2 >EXAMPLES</H2
@@ -823,7 +832,7 @@ SIG, KEY and NXT records.)</P
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN236" NAME="AEN238"
></A ></A
><H2 ><H2
>FILES</H2 >FILES</H2
@@ -879,7 +888,7 @@ CLASS="REFENTRYTITLE"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN260" NAME="AEN262"
></A ></A
><H2 ><H2
>SEE ALSO</H2 >SEE ALSO</H2
@@ -930,6 +939,13 @@ CLASS="REFENTRYTITLE"
CLASS="CITEREFENTRY" CLASS="CITEREFENTRY"
><SPAN ><SPAN
CLASS="REFENTRYTITLE" CLASS="REFENTRYTITLE"
>RFC2931</SPAN
></SPAN
>,
<SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>named</SPAN >named</SPAN
>(8)</SPAN >(8)</SPAN
>, >,
@@ -944,7 +960,7 @@ CLASS="REFENTRYTITLE"
><DIV ><DIV
CLASS="REFSECT1" CLASS="REFSECT1"
><A ><A
NAME="AEN281" NAME="AEN285"
></A ></A
><H2 ><H2
>BUGS</H2 >BUGS</H2