diff --git a/FAQ b/FAQ index b256ed8b10..9e3469ce4a 100644 --- a/FAQ +++ b/FAQ @@ -1,6 +1,6 @@ Frequently Asked Questions about BIND 9 -Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC") Copyright © 2000-2003 Internet Software Consortium. @@ -784,6 +784,22 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections : See these man-pages for more information : selinux(8), named_selinux (8), chcon(1), setsebool(8) +Q: I'm running BIND on Ubuntu - + + Why can't named update slave zone database files? + + Why can't named create DDNS journal files or update the master zones + from journals? + + Why can't named create custom log files? + +A: Ubuntu uses AppArmor in + addition to normal file system permissions to protect the system. + + Adjust the paths to use those specified in /etc/apparmor.d/ + usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named + to write at the location specified in named.conf. + Q: Listening on individual IPv6 interfaces does not work. A: This is usually due to "/proc/net/if_inet6" not being available in the diff --git a/FAQ.xml b/FAQ.xml index 258bc8a903..a931323e83 100644 --- a/FAQ.xml +++ b/FAQ.xml @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - +
Frequently Asked Questions about BIND 9 @@ -1382,6 +1382,36 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d + + + + I'm running BIND on Ubuntu - + + + Why can't named update slave zone database files? + + + Why can't named create DDNS journal files or update + the master zones from journals? + + + Why can't named create custom log files? + + + + + Ubuntu uses AppArmor + <http://en.wikipedia.org/wiki/AppArmor> in + addition to normal file system permissions to protect the system. + + + Adjust the paths to use those specified in /etc/apparmor.d/usr.sbin.named + or adjust /etc/apparmor.d/usr.sbin.named to allow named to write at the + location specified in named.conf. + + + + diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8 index 1ea7f5cd21..4f5615006e 100644 --- a/bin/dnssec/dnssec-keyfromlabel.8 +++ b/bin/dnssec/dnssec-keyfromlabel.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keyfromlabel.8,v 1.16 2009/11/03 21:58:30 tbox Exp $ +.\" $Id: dnssec-keyfromlabel.8,v 1.16.24.1 2010/01/20 02:08:51 tbox Exp $ .\" .hy 0 .ad l @@ -32,7 +32,7 @@ dnssec\-keyfromlabel \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 20 -\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name} +\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keyfromlabel\fR @@ -138,6 +138,11 @@ must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. .RS 4 Sets the debugging level. .RE +.PP +\-y +.RS 4 +Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked. (This is only safe to use if you are sure you won't be using RFC 5011 trust anchor maintenance with either of the keys involved.) +.RE .SH "TIMING OPTIONS" .PP Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. @@ -210,5 +215,5 @@ RFC 4034. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2008, 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index 735aed445b..778b23fdf9 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -1,5 +1,5 @@ - + @@ -28,10 +28,10 @@

Synopsis

-

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

+

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] [-y] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keyfromlabel gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 @@ -44,7 +44,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -152,10 +152,18 @@

Sets the debugging level.

+
-y
+

+ Allows DNSSEC key files to be generated even if the key ID + would collide with that of an existing key, in the event of + either key being revoked. (This is only safe to use if you + are sure you won't be using RFC 5011 trust anchor maintenance + with either of the keys involved.) +

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -202,7 +210,7 @@

-

GENERATED KEY FILES

+

GENERATED KEY FILES

When dnssec-keyfromlabel completes successfully, @@ -241,7 +249,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -249,7 +257,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index 1cda803b41..0bf82d4a26 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,20 +50,20 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index 97d831a393..aeed4b8e4a 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-r randomfile] [ -s name | -z zone ] [-q] [name]

-

DESCRIPTION

+

DESCRIPTION

ddns-confgen generates a key for use by nsupdate and named. It simplifies configuration @@ -77,7 +77,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -144,7 +144,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), @@ -152,7 +152,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html index 030fe908be..3c9177cd1e 100644 --- a/doc/arm/man.dnssec-keyfromlabel.html +++ b/doc/arm/man.dnssec-keyfromlabel.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -47,10 +47,10 @@

Synopsis

-

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] {name}

+

dnssec-keyfromlabel {-l label} [-3] [-a algorithm] [-A date/offset] [-c class] [-D date/offset] [-E engine] [-f flag] [-G] [-I date/offset] [-k] [-K directory] [-n nametype] [-P date/offset] [-p protocol] [-R date/offset] [-t type] [-v level] [-y] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keyfromlabel gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 @@ -63,7 +63,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -171,10 +171,18 @@

Sets the debugging level.

+
-y
+

+ Allows DNSSEC key files to be generated even if the key ID + would collide with that of an existing key, in the event of + either key being revoked. (This is only safe to use if you + are sure you won't be using RFC 5011 trust anchor maintenance + with either of the keys involved.) +

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -221,7 +229,7 @@

-

GENERATED KEY FILES

+

GENERATED KEY FILES

When dnssec-keyfromlabel completes successfully, @@ -260,7 +268,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -268,7 +276,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html index 69132cc13f..c83bff8235 100644 --- a/doc/arm/man.dnssec-keygen.html +++ b/doc/arm/man.dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

dnssec-keygen [-a algorithm] [-b keysize] [-n nametype] [-3] [-A date/offset] [-C] [-c class] [-D date/offset] [-E engine] [-e] [-f flag] [-G] [-g generator] [-h] [-I date/offset] [-K directory] [-k] [-P date/offset] [-p protocol] [-q] [-R date/offset] [-r randomdev] [-s strength] [-t type] [-v level] [-z] {name}

-

DESCRIPTION

+

DESCRIPTION

dnssec-keygen generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -64,7 +64,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm
@@ -256,7 +256,7 @@
-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -303,7 +303,7 @@

-

GENERATED KEYS

+

GENERATED KEYS

When dnssec-keygen completes successfully, @@ -349,7 +349,7 @@

-

EXAMPLE

+

EXAMPLE

To generate a 768-bit DSA key for the domain example.com, the following command would be @@ -370,7 +370,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-signzone(8), BIND 9 Administrator Reference Manual, RFC 2539, @@ -379,7 +379,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html index 13d84ea9a1..217d2efd22 100644 --- a/doc/arm/man.dnssec-revoke.html +++ b/doc/arm/man.dnssec-revoke.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

dnssec-revoke [-hr] [-v level] [-K directory] [-E engine] [-f] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-revoke reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -58,7 +58,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -91,14 +91,14 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 5011.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html index 9462558ba6..b778af86b0 100644 --- a/doc/arm/man.dnssec-settime.html +++ b/doc/arm/man.dnssec-settime.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

dnssec-settime [-f] [-K directory] [-P date/offset] [-A date/offset] [-R date/offset] [-I date/offset] [-D date/offset] [-h] [-v level] [-E engine] {keyfile}

-

DESCRIPTION

+

DESCRIPTION

dnssec-settime reads a DNSSEC private key file and sets the key timing metadata as specified by the -P, -A, @@ -75,7 +75,7 @@

-

OPTIONS

+

OPTIONS

-f

@@ -106,7 +106,7 @@

-

TIMING OPTIONS

+

TIMING OPTIONS

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -151,7 +151,7 @@

-

PRINTING OPTIONS

+

PRINTING OPTIONS

dnssec-settime can also be used to print the timing metadata associated with a key. @@ -177,7 +177,7 @@

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), dnssec-signzone(8), BIND 9 Administrator Reference Manual, @@ -185,7 +185,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html index 8d565e41a6..e5fda4581d 100644 --- a/doc/arm/man.dnssec-signzone.html +++ b/doc/arm/man.dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

dnssec-signzone [-a] [-c class] [-d directory] [-E engine] [-e end-time] [-f output-file] [-g] [-h] [-K directory] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-P] [-r randomdev] [-S] [-s start-time] [-T ttl] [-t] [-u] [-v level] [-x] [-z] [-3 salt] [-H iterations] [-A] {zonefile} [key...]

-

DESCRIPTION

+

DESCRIPTION

dnssec-signzone signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -61,7 +61,7 @@

-

OPTIONS

+

OPTIONS

-a

@@ -397,7 +397,7 @@

-

EXAMPLE

+

EXAMPLE

The following command signs the example.com zone with the DSA key generated by dnssec-keygen @@ -427,14 +427,14 @@ db.example.com.signed %

-

SEE ALSO

+

SEE ALSO

dnssec-keygen(8), BIND 9 Administrator Reference Manual, RFC 4033.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 8f3c9daf86..21885b8b11 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

genrandom {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file containing a specified quantity of pseudo-random @@ -59,7 +59,7 @@

-

ARGUMENTS

+

ARGUMENTS

size

@@ -72,14 +72,14 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3)

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 83c3de2d38..fbcefeb99c 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html index c01a5ae7b3..bae1246f00 100644 --- a/doc/arm/man.named-checkconf.html +++ b/doc/arm/man.named-checkconf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

named-checkconf [-h] [-v] [-j] [-t directory] {filename} [-p] [-z]

-

DESCRIPTION

+

DESCRIPTION

named-checkconf checks the syntax, but not the semantics, of a named configuration file. The file is parsed @@ -70,7 +70,7 @@

-

OPTIONS

+

OPTIONS

-h

@@ -109,21 +109,21 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkconf returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkzone(8), BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html index fe665eab09..2965763d80 100644 --- a/doc/arm/man.named-checkzone.html +++ b/doc/arm/man.named-checkzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -51,7 +51,7 @@

named-compilezone [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-r mode] [-s style] [-t directory] [-w directory] [-D] [-W mode] {-o filename} {zonename} {filename}

-

DESCRIPTION

+

DESCRIPTION

named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a @@ -71,7 +71,7 @@

-

OPTIONS

+

OPTIONS

-d

@@ -265,14 +265,14 @@

-

RETURN VALUES

+

RETURN VALUES

named-checkzone returns an exit status of 1 if errors were detected and 0 otherwise.

-

SEE ALSO

+

SEE ALSO

named(8), named-checkconf(8), RFC 1035, @@ -280,7 +280,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html index 5d87ea83f3..691616d0be 100644 --- a/doc/arm/man.named-journalprint.html +++ b/doc/arm/man.named-journalprint.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

named-journalprint {journal}

-

DESCRIPTION

+

DESCRIPTION

named-journalprint prints the contents of a zone journal file in a human-readable @@ -76,7 +76,7 @@

-

SEE ALSO

+

SEE ALSO

named(8), nsupdate(8), @@ -84,7 +84,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html index d13837ab64..c18bad7ba2 100644 --- a/doc/arm/man.named.html +++ b/doc/arm/man.named.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

named [-4] [-6] [-c config-file] [-d debug-level] [-E engine-name] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-V] [-x cache-file]

-

DESCRIPTION

+

DESCRIPTION

named is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -65,7 +65,7 @@

-

OPTIONS

+

OPTIONS

-4

@@ -246,7 +246,7 @@

-

SIGNALS

+

SIGNALS

In routine operation, signals should not be used to control the nameserver; rndc should be used @@ -267,7 +267,7 @@

-

CONFIGURATION

+

CONFIGURATION

The named configuration file is too complex to describe in detail here. A complete description is provided @@ -284,7 +284,7 @@

-

FILES

+

FILES

/etc/named.conf

@@ -297,7 +297,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 1033, RFC 1034, RFC 1035, @@ -310,7 +310,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index c52cdb03a7..90294a57d2 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -14,7 +14,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -48,7 +48,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -80,14 +80,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index ddb419e0a0..219a41b09d 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -210,7 +210,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -474,7 +474,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -528,7 +528,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -551,7 +551,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -566,7 +566,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 621a0fb634..fdaf948032 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

rndc-confgen [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -173,7 +173,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -190,7 +190,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -198,7 +198,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 6545772c07..41ca9787d9 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -135,7 +135,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -219,7 +219,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -227,7 +227,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index 73e75dbebb..cd59e49058 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -50,7 +50,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -79,7 +79,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -151,7 +151,7 @@

-

LIMITATIONS

+

LIMITATIONS

rndc does not yet support all the commands of the BIND 8 ndc utility. @@ -165,7 +165,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), @@ -175,7 +175,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium