mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

SIG(0) updates, DNSSEC fixes.

Browse Source
This commit is contained in:
Brian Wellington
2002-01-30 06:33:37 +00:00
parent 1ed8794070
commit b39e8e9c00
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
doc/arm/Bv9ARM-book.xml
View File

@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"> "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.191 2002/01/30 02:23:11 bwelling Exp $ --> <!-- File: $Id: Bv9ARM-book.xml,v 1.192 2002/01/30 06:33:37 bwelling Exp $ -->
<book> <book>
<title>BIND 9 Administrator Reference Manual</title> <title>BIND 9 Administrator Reference Manual</title>
@@ -1406,11 +1406,11 @@ allow-update { key host1-host2. ;};
<sect1> <sect1>
<title>SIG(0)</title> <title>SIG(0)</title>
<para><acronym>BIND</acronym> 9 partially supports DNSSEC SIG(0) transaction <para><acronym>BIND</acronym> 9 partially supports DNSSEC SIG(0)
signatures as specified in RFC 2535. SIG(0) uses public/private transaction signatures as specified in RFC 2535 and RFC2931. SIG(0)
keys to authenticate messages. Access control is performed in the uses public/private keys to authenticate messages. Access control
same manner as TSIG keys; privileges can be granted or denied is performed in the same manner as TSIG keys; privileges can be
based on the key name.</para> granted or denied based on the key name.</para>
<para>When a SIG(0) signed message is received, it will only be <para>When a SIG(0) signed message is received, it will only be
verified if the key is known and trusted by the server; the server verified if the key is known and trusted by the server; the server
@@ -1419,8 +1419,8 @@ allow-update { key host1-host2. ;};
<para>SIG(0) signing of multiple-message TCP streams is not <para>SIG(0) signing of multiple-message TCP streams is not
supported.</para> supported.</para>
<para><acronym>BIND</acronym> 9 does not ship with any tools that generate SIG(0) <para>The only tool shipped with <acronym>BIND</acronym> 9 that
signed messages.</para> generates SIG(0) signed messages is <command>nsupdate</command>.</para>
</sect1> </sect1>
<sect1 id="DNSSEC"> <sect1 id="DNSSEC">
@@ -1435,9 +1435,10 @@ allow-update { key host1-host2. ;};
of steps which must be followed. <acronym>BIND</acronym> 9 ships of steps which must be followed. <acronym>BIND</acronym> 9 ships
with several tools with several tools
that are used in this process, which are explained in more detail that are used in this process, which are explained in more detail
below. In all cases, the "<option>-h</option>" option prints a below. In all cases, the <option>-h</option> option prints a
full list of parameters. Note that the DNSSEC tools require the full list of parameters. Note that the DNSSEC tools require the
keyset and signedkey files to be in the working directory, and keyset and signedkey files to be in the working directory or the
directory specified by the <option>-h</option> option, and
that the tools shipped with BIND 9.0.x are not fully compatible that the tools shipped with BIND 9.0.x are not fully compatible
with the current ones.</para> with the current ones.</para>