diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index bebea34274..c13ec90fb2 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -130,77 +130,97 @@ will perform a lookup for an A record. .RE .SH "OPTIONS" .PP -The -\fB\-b\fR -option sets the source IP address of the query to -\fIaddress\fR. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#" +\-4 +.RS 4 +Use IPv4 only. +.RE .PP -The default query class (IN for internet) is overridden by the -\fB\-c\fR -option. +\-6 +.RS 4 +Use IPv6 only. +.RE +.PP +\-b \fIaddress\fR\fI[#port]\fR +.RS 4 +Set the source IP address of the query. The +\fIaddress\fR +must be a valid address on one of the host's network interfaces, or "0.0.0.0" or "::". An optional port may be specified by appending "#" +.RE +.PP +\-c \fIclass\fR +.RS 4 +Set the query class. The default \fIclass\fR -is any valid class, such as HS for Hesiod records or CH for Chaosnet records. +is IN; other classes are HS for Hesiod records or CH for Chaosnet records. +.RE .PP -The -\fB\-f\fR -option makes -\fBdig \fR -operate in batch mode by reading a list of lookup requests to process from the file -\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to +\-f \fIfile\fR +.RS 4 +Batch mode: +\fBdig\fR +reads a list of lookup requests to process from the given +\fIfile\fR. Each line in the file should be organized in the same way they would be presented as queries to \fBdig\fR using the command\-line interface. +.RE .PP -The -\fB\-m\fR -option enables memory usage debugging. +\-i +.RS 4 +Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT domain, which is no longer in use. Obsolete bit string label queries (RFC2874) are not attempted. +.RE .PP -If a non\-standard port number is to be queried, the -\fB\-p\fR -option is used. -\fIport#\fR -is the port number that -\fBdig\fR -will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number. +\-k \fIkeyfile\fR +.RS 4 +Sign queries using TSIG using a key read from the given file. Key files can be generated using +\fBtsig\-keygen\fR(8). When using TSIG authentication with +\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate +\fBkey\fR +and +\fBserver\fR +statements in +\fInamed.conf\fR. +.RE .PP -The -\fB\-4\fR -option forces -\fBdig\fR -to only use IPv4 query transport. The -\fB\-6\fR -option forces -\fBdig\fR -to only use IPv6 query transport. +\-m +.RS 4 +Enable memory usage debugging. +.RE .PP -The -\fB\-t\fR -option sets the query type to -\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the -\fB\-x\fR -option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, -\fItype\fR -is set to -ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was -\fIN\fR. +\-p \fIport\fR +.RS 4 +Send the query to a non\-standard port on the server, instead of the defaut port 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number. +.RE .PP -The -\fB\-q\fR -option sets the query name to -\fIname\fR. This is useful to distinguish the +\-q \fIname\fR +.RS 4 +The domain name to query. This is useful to distinguish the \fIname\fR from other arguments. +.RE .PP -The -\fB\-v\fR -causes -\fBdig\fR -to print the version number and exit. -.PP -Reverse lookups \(em mapping addresses to names \(em are simplified by the +\-t \fItype\fR +.RS 4 +The resource record type to query. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the \fB\-x\fR -option. +option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, set the +\fItype\fR +to +ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was +\fIN\fR. +.RE +.PP +\-v +.RS 4 +Print the version number and exit. +.RE +.PP +\-x \fIaddr\fR +.RS 4 +Simplified reverse lookups, for mapping addresses to names. The \fIaddr\fR -is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the +is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When the +\fB\-x\fR +is used, there is no need to provide the \fIname\fR, \fIclass\fR and @@ -208,35 +228,41 @@ and arguments. \fBdig\fR automatically performs a lookup for a name like -11.12.13.10.in\-addr.arpa -and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the +94.2.0.192.in\-addr.arpa +and sets the query type and class to PTR and IN respectively. IPv6 addresses are looked up using nibble format under the IP6.ARPA domain (but see also the \fB\-i\fR -option. Bit string labels (RFC2874) are now experimental and are not attempted. +option). +.RE .PP -To sign the DNS queries sent by -\fBdig\fR -and their responses using transaction signatures (TSIG), specify a TSIG key file using the -\fB\-k\fR -option. You can also specify the TSIG key itself on the command line using the -\fB\-y\fR -option; +\-y \fI[hmac:]\fR\fIkeyname:secret\fR +.RS 4 +Sign queries using TSIG with the given authentication key. +\fIkeyname\fR +is the name of the key, and +\fIsecret\fR +is the base64 encoded shared secret. \fIhmac\fR -is the type of the TSIG, default HMAC\-MD5, -\fIname\fR -is the name of the TSIG key and -\fIkey\fR -is the actual key. The key is a base\-64 encoded string, typically generated by -\fBdnssec\-keygen\fR(8). Caution should be taken when using the +is the name of the key algorithm; valid choices are +hmac\-md5, +hmac\-sha1, +hmac\-sha224, +hmac\-sha256, +hmac\-sha384, or +hmac\-sha512. If +\fIhmac\fR +is not specified, the default is +hmac\-md5. +.sp +NOTE: You should use the +\fB\-k\fR +option and avoid the \fB\-y\fR -option on multi\-user systems as the key can be visible in the output from +option, because with +\fB\-y\fR +the shared secret is supplied as a command line argument in clear text. This may be visible in the output from \fBps\fR(1) -or in the shell's history file. When using TSIG authentication with -\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate -\fBkey\fR -and -\fBserver\fR -statements in -\fInamed.conf\fR. +or in a history file maintained by the user's shell. +.RE .SH "QUERY OPTIONS" .PP \fBdig\fR diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 01aa7532ce..17082140ef 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -135,114 +135,134 @@

OPTIONS

+
+
-4
+

+ Use IPv4 only. +

+
-6
+

+ Use IPv6 only. +

+
-b address[#port]
+

+ Set the source IP address of the query. + The address must be a valid address on + one of the host's network interfaces, or "0.0.0.0" or "::". An + optional port may be specified by appending "#<port>" +

+
-c class
+

+ Set the query class. The + default class is IN; other classes + are HS for Hesiod records or CH for Chaosnet records. +

+
-f file
+

+ Batch mode: dig reads a list of lookup + requests to process from the + given file. Each line in the file + should be organized in the same way they would be + presented as queries to + dig using the command-line interface. +

+
-i
+

+ Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT + domain, which is no longer in use. Obsolete bit string + label queries (RFC2874) are not attempted. +

+
-k keyfile
+

+ Sign queries using TSIG using a key read from the given file. + Key files can be generated using + tsig-keygen(8). + When using TSIG authentication with dig, + the name server that is queried needs to know the key and + algorithm that is being used. In BIND, this is done by + providing appropriate key + and server statements in + named.conf. +

+
-m
+

+ Enable memory usage debugging. + +

+
-p port
+

+ Send the query to a non-standard port on the server, + instead of the defaut port 53. This option would be used + to test a name server that has been configured to listen + for queries on a non-standard port number. +

+
-q name
+

+ The domain name to query. This is useful to distinguish + the name from other arguments. +

+
-t type
+

+ The resource record type to query. It can be any valid query type + which is + supported in BIND 9. The default query type is "A", unless the + -x option is supplied to indicate a reverse lookup. + A zone transfer can be requested by specifying a type of AXFR. When + an incremental zone transfer (IXFR) is required, set the + type to ixfr=N. + The incremental zone transfer will contain the changes + made to the zone since the serial number in the zone's SOA + record was + N. +

+
-v
+

+ Print the version number and exit. +

+
-x addr
+

+ Simplified reverse lookups, for mapping addresses to + names. The addr is an IPv4 address + in dotted-decimal notation, or a colon-delimited IPv6 + address. When the -x is used, there is no + need to provide + the name, class + and type + arguments. dig automatically performs a + lookup for a name like + 94.2.0.192.in-addr.arpa and sets the + query type and class to PTR and IN respectively. IPv6 + addresses are looked up using nibble format under the + IP6.ARPA domain (but see also the -i + option). +

+
-y [hmac:]keyname:secret
+

- The -b option sets the source IP address of the query - to address. This must be a valid - address on - one of the host's network interfaces or "0.0.0.0" or "::". An optional - port - may be specified by appending "#<port>" -

+ Sign queries using TSIG with the given authentication key. + keyname is the name of the key, and + secret is the base64 encoded shared secret. + hmac is the name of the key algorithm; + valid choices are hmac-md5, + hmac-sha1, hmac-sha224, + hmac-sha256, hmac-sha384, or + hmac-sha512. If hmac + is not specified, the default is hmac-md5. +

- The default query class (IN for internet) is overridden by the - -c option. class is - any valid - class, such as HS for Hesiod records or CH for Chaosnet records. -

-

- The -f option makes dig - operate - in batch mode by reading a list of lookup requests to process from the - file filename. The file contains a - number of - queries, one per line. Each entry in the file should be organized in - the same way they would be presented as queries to - dig using the command-line interface. -

-

- The -m option enables memory usage debugging. - -

-

- If a non-standard port number is to be queried, the - -p option is used. port# is - the port number that dig will send its - queries - instead of the standard DNS port number 53. This option would be used - to test a name server that has been configured to listen for queries - on a non-standard port number. -

-

- The -4 option forces dig - to only - use IPv4 query transport. The -6 option forces - dig to only use IPv6 query transport. -

-

- The -t option sets the query type to - type. It can be any valid query type - which is - supported in BIND 9. The default query type is "A", unless the - -x option is supplied to indicate a reverse lookup. - A zone transfer can be requested by specifying a type of AXFR. When - an incremental zone transfer (IXFR) is required, - type is set to ixfr=N. - The incremental zone transfer will contain the changes made to the zone - since the serial number in the zone's SOA record was - N. -

-

- The -q option sets the query name to - name. This is useful to distinguish the - name from other arguments. -

-

- The -v causes dig to - print the version number and exit. -

-

- Reverse lookups — mapping addresses to names — are simplified by the - -x option. addr is - an IPv4 - address in dotted-decimal notation, or a colon-delimited IPv6 address. - When this option is used, there is no need to provide the - name, class and - type arguments. dig - automatically performs a lookup for a name like - 11.12.13.10.in-addr.arpa and sets the - query type and - class to PTR and IN respectively. By default, IPv6 addresses are - looked up using nibble format under the IP6.ARPA domain. - To use the older RFC1886 method using the IP6.INT domain - specify the -i option. Bit string labels (RFC2874) - are now experimental and are not attempted. -

-

- To sign the DNS queries sent by dig and - their - responses using transaction signatures (TSIG), specify a TSIG key file - using the -k option. You can also specify the TSIG - key itself on the command line using the -y option; - hmac is the type of the TSIG, default HMAC-MD5, - name is the name of the TSIG key and - key is the actual key. The key is a - base-64 - encoded string, typically generated by - dnssec-keygen(8). - - Caution should be taken when using the -y option on - multi-user systems as the key can be visible in the output from - ps(1) - or in the shell's history file. When - using TSIG authentication with dig, the name - server that is queried needs to know the key and algorithm that is - being used. In BIND, this is done by providing appropriate - key and server statements in - named.conf. -

+ NOTE: You should use the -k option and + avoid the -y option, because + with -y the shared secret is supplied as + a command line argument in clear text. This may be visible + in the output from + ps(1) + or in a history file maintained by the user's shell. +

+
+
-

QUERY OPTIONS

+

QUERY OPTIONS

dig provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -670,7 +690,7 @@

-

MULTIPLE QUERIES

+

MULTIPLE QUERIES

The BIND 9 implementation of dig supports @@ -716,7 +736,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

IDN SUPPORT

+

IDN SUPPORT

If dig has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -730,14 +750,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

FILES

+

FILES

/etc/resolv.conf

${HOME}/.digrc

-

SEE ALSO

+

SEE ALSO

host(1), named(8), dnssec-keygen(8), @@ -745,7 +765,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr

-

BUGS

+

BUGS

There are probably too many query options.

diff --git a/bin/named/named.8 b/bin/named/named.8 index 98f671944f..a4308d27f3 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011, 2013-2015 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-D\ \fR\fB\fIstring\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-L\ \fR\fB\fIlogfile\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIlock\-file\fR\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-D\ \fR\fB\fIstring\fR\fR] [\fB\-E\ \fR\fB\fIengine\-name\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-L\ \fR\fB\fIlogfile\fR\fR] [\fB\-M\ \fR\fB\fIoption\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-U\ \fR\fB\fI#listeners\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIlock\-file\fR\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -117,6 +117,12 @@ Log to the file by default instead of the system log. .RE .PP +\-M \fIoption\fR +.RS 4 +Sets the default memory context options. Currently the only supported option is +\fIexternal\fR, which causes the internal memory manager to be bypassed in favor of system\-provided memory allocation functions. +.RE +.PP \-m \fIflag\fR .RS 4 Turn on memory usage debugging flags. Possible flags are @@ -304,7 +310,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011, 2013\-2015 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.html b/bin/named/named.html index 46b3399d02..129b325eb4 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@