ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

regen v9_10

Browse Source
This commit is contained in:
Tinderbox User
2015-08-08 01:11:49 +00:00
parent 979d849b60
commit cd7459a034
31 changed files with 165 additions and 632 deletions
Download Patch File Download Diff File Expand all files Collapse all files

237
doc/arm/Bv9ARM.ch09.html
View File

@@ -42,242 +42,7 @@
<div class="appendix" lang="en">
<div class="titlepage"><div><div><h2 class="title">
<a name="Bv9ARM.ch09"></a>Appendix A. Release Notes</h2></div></div></div>
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2611259">Release Notes for BIND Version 9.10.3b1</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2611259"></a>Release Notes for BIND Version 9.10.3b1</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
A specially crafted query could trigger an assertion failure
in message.c
</p>
<p>
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #39795]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
</p>
<p>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
</p>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
New quotas have been added to limit the queries that are
sent by recursive resolvers to authoritative servers
experiencing denial-of-service attacks. When configured,
these options can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursives when they are being used as a
vehicle for such an attack.
</p>
<p>
NOTE: These options are not available by default; use
<span><strong class="command">configure --enable-fetchlimit</strong></span> to include
them in the build.
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
<code class="option">fetches-per-server</code> limits the number of
simultaneous queries that can be sent to any single
authoritative server. The configured value is a starting
point; it is automatically adjusted downward if the server is
partially or completely non-responsive. The algorithm used to
adjust the quota can be configured via the
<code class="option">fetch-quota-params</code> option.
</p></li>
<li><p>
<code class="option">fetches-per-zone</code> limits the number of
simultaneous queries that can be sent for names within a
single domain. (Note: Unlike "fetches-per-server", this
value is not self-tuning.)
</p></li>
</ul></div>
<p>
Statistics counters have also been added to track the number
of queries affected by these quotas.
</p>
</li>
<li><p>
<span><strong class="command">dig +ednsflags</strong></span> can now be used to set
yet-to-be-defined EDNS flags in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
disable EDNS version negotiation.
</p></li>
<li><p>
An <span><strong class="command">--enable-querytrace</strong></span> configure switch is
now available to enable very verbose query tracelogging. This
option can only be set at compile time. This option has a
negative performance impact and should be used only for
debugging.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number
of signatures to be generated in each quantum is controlled
by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
[RT #37927]
</p></li>
<li><p>
The experimental SIT extension now uses the EDNS COOKIE
option code point (10) and is displayed as "COOKIE:
&lt;value&gt;". The existing named.conf directives;
"request-sit", "sit-secret" and "nosit-udp-size", are
still valid and will be replaced by "send-cookie",
"cookie-secret" and "nocookie-udp-size" in BIND 9.11.
The existing dig directive "+sit" is still valid and will
be replaced with "+cookie" in BIND 9.11.
</p></li>
<li><p>
When retrying a query via TCP due to the first answer being
truncated, <span><strong class="command">dig</strong></span> will now correctly send
the COOKIE value returned by the server in the prior
response. [RT #39047]
</p></li>
<li><p>
Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
Asynchronous zone loads were not handled correctly when the
zone load was already in progress; this could trigger a crash
in zt.c. [RT #37573]
</p></li>
<li><p>
A race during shutdown or reconfiguration could
cause an assertion failure in mem.c. [RT #38979]
</p></li>
<li><p>
Some answer formatting options didn't work correctly with
<span><strong class="command">dig +short</strong></span>. [RT #39291]
</p></li>
<li>
<p>
Several bugs have been fixed in the RPZ implementation:
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting
<span><strong class="command">qname-wait-recurse no;</strong></span> was
sometimes ineffective. This has been corrected.
In most configurations, behavioral changes due to this
fix will not be noticeable. [RT #39229]
</p></li>
<li><p>
The server could crash if policy zones were updated (e.g.
via <span><strong class="command">rndc reload</strong></span> or an incoming zone
transfer) while RPZ processing was still ongoing for an
active query. [RT #39415]
</p></li>
<li><p>
On servers with one or more policy zones configured as
slaves, if a policy zone updated during regular operation
(rather than at startup) using a full zone reload, such as
via AXFR, a bug could allow the RPZ summary data to fall out
of sync, potentially leading to an assertion failure in
rpz.c when further incremental updates were made to the
zone, such as via IXFR. [RT #39567]
</p></li>
<li><p>
The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an
unexpected action could be taken. This has been
corrected. [RT #39481]
</p></li>
<li><p>
The server could crash if a reload of an RPZ zone was
initiated while another reload of the same zone was
already in progress. [RT #39649]
</p></li>
</ul></div>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.10 is yet to be determined but
will not be before BIND 9.12.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div>
<font color="red">&lt;xi:include&gt;&lt;/xi:include&gt;</font>
</div>
<div class="navfooter">
<hr>

40
doc/arm/Bv9ARM.ch12.html
View File

@@ -47,13 +47,13 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613518">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612709">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612733">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612764">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612978">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613004">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614045">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612451">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612460">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612485">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612516">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612593">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612619">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613660">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -89,7 +89,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613518"></a>Prerequisite</h3></div></div></div>
<a name="id2612451"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2612709"></a>Compilation</h3></div></div></div>
<a name="id2612460"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -113,7 +113,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2612733"></a>Installation</h3></div></div></div>
<a name="id2612485"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -135,7 +135,7 @@ $ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2612764"></a>Known Defects/Restrictions</h3></div></div></div>
<a name="id2612516"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2612978"></a>The dns.conf File</h3></div></div></div>
<a name="id2612593"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -193,14 +193,14 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2613004"></a>Sample Applications</h3></div></div></div>
<a name="id2612619"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613013"></a>sample: a simple stub resolver utility</h4></div></div></div>
<a name="id2612628"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613104"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<a name="id2612855"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613157"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<a name="id2612908"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613221"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<a name="id2612972"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613236"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<a name="id2612987"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
<a name="id2613913"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<a name="id2613596"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="id2614045"></a>Library References</h3></div></div></div>
<a name="id2613660"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application

27
doc/arm/Bv9ARM.html
View File

@@ -239,19 +239,6 @@
<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2607207">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2611259">Release Notes for BIND Version 9.10.3b1</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#end_of_life">End of Life</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_thanks">Thank You</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch10.html">B. A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt>
<dd><dl><dt><span class="sect1"><a href="Bv9ARM.ch10.html#historical_dns_information"></a></span></dt></dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch11.html">C. General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
@@ -268,13 +255,13 @@
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613518">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612709">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612733">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612764">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612978">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613004">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614045">Library References</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612451">Prerequisite</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612460">Compilation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612485">Installation</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612516">Known Defects/Restrictions</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612593">The dns.conf File</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2612619">Sample Applications</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613660">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>

6
doc/arm/man.arpaname.html
View File

@@ -50,20 +50,20 @@
<div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623203"></a><h2>DESCRIPTION</h2>
<a name="id2622272"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666021"></a><h2>SEE ALSO</h2>
<a name="id2622286"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666035"></a><h2>AUTHOR</h2>
<a name="id2622300"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.ddns-confgen.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661840"></a><h2>DESCRIPTION</h2>
<a name="id2662888"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
are invocation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663172"></a><h2>OPTIONS</h2>
<a name="id2662992"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
@@ -159,7 +159,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2663593"></a><h2>SEE ALSO</h2>
<a name="id2663345"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -167,7 +167,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2663632"></a><h2>AUTHOR</h2>
<a name="id2663383"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.delv.html
View File

@@ -53,7 +53,7 @@
<div class="cmdsynopsis"><p><code class="command">delv</code> [queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2615698"></a><h2>DESCRIPTION</h2>
<a name="id2615517"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">delv</strong></span>
(Domain Entity Lookup &amp; Validation) is a tool for sending
DNS queries and validating the results, using the the same internal
@@ -96,7 +96,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615975"></a><h2>SIMPLE USAGE</h2>
<a name="id2616477"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">delv</strong></span> looks like:
</p>
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2616106"></a><h2>OPTIONS</h2>
<a name="id2616609"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
<dd>
@@ -285,7 +285,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2672293"></a><h2>QUERY OPTIONS</h2>
<a name="id2671840"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">delv</strong></span>
provides a number of query options which affect the way results are
displayed, and in some cases the way lookups are performed.
@@ -465,12 +465,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2672877"></a><h2>FILES</h2>
<a name="id2672288"></a><h2>FILES</h2>
<p><code class="filename">/etc/bind.keys</code></p>
<p><code class="filename">/etc/resolv.conf</code></p>
</div>
<div class="refsect1" lang="en">
<a name="id2672897"></a><h2>SEE ALSO</h2>
<a name="id2672307"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">RFC4034</em>,

18
doc/arm/man.dig.html
View File

@@ -52,7 +52,7 @@
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614167"></a><h2>DESCRIPTION</h2>
<a name="id2613850"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -99,7 +99,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614269"></a><h2>SIMPLE USAGE</h2>
<a name="id2614157"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -152,7 +152,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2614600"></a><h2>OPTIONS</h2>
<a name="id2614283"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -280,7 +280,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2666930"></a><h2>QUERY OPTIONS</h2>
<a name="id2667022"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -701,7 +701,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668277"></a><h2>MULTIPLE QUERIES</h2>
<a name="id2668370"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -747,7 +747,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668362"></a><h2>IDN SUPPORT</h2>
<a name="id2668455"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -761,14 +761,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668391"></a><h2>FILES</h2>
<a name="id2670668"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668481"></a><h2>SEE ALSO</h2>
<a name="id2670690"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -776,7 +776,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668518"></a><h2>BUGS</h2>
<a name="id2670727"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>

8
doc/arm/man.dnssec-checkds.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617678"></a><h2>DESCRIPTION</h2>
<a name="id2617498"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-checkds</strong></span>
verifies the correctness of Delegation Signer (DS) or DNSSEC
Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617692"></a><h2>OPTIONS</h2>
<a name="id2617512"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd><p>
@@ -88,14 +88,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2617795"></a><h2>SEE ALSO</h2>
<a name="id2617614"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2617897"></a><h2>AUTHOR</h2>
<a name="id2617649"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-coverage.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618313"></a><h2>DESCRIPTION</h2>
<a name="id2617860"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-coverage</strong></span>
verifies that the DNSSEC keys for a given zone or a set of zones
have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618340"></a><h2>OPTIONS</h2>
<a name="id2617886"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -192,7 +192,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618717"></a><h2>SEE ALSO</h2>
<a name="id2618537"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@@ -201,7 +201,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2618761"></a><h2>AUTHOR</h2>
<a name="id2618581"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-dsfromkey.html
View File

@@ -52,14 +52,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619394"></a><h2>DESCRIPTION</h2>
<a name="id2619282"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619408"></a><h2>OPTIONS</h2>
<a name="id2619296"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
@@ -150,7 +150,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2619751"></a><h2>EXAMPLE</h2>
<a name="id2619776"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -165,7 +165,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619787"></a><h2>FILES</h2>
<a name="id2619812"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -179,13 +179,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619829"></a><h2>CAVEAT</h2>
<a name="id2619853"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2619838"></a><h2>SEE ALSO</h2>
<a name="id2619863"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -195,7 +195,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620765"></a><h2>AUTHOR</h2>
<a name="id2620858"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-importkey.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620018"></a><h2>DESCRIPTION</h2>
<a name="id2620042"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-importkey</strong></span>
reads a public DNSKEY record and generates a pair of
.key/.private files. The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620045"></a><h2>OPTIONS</h2>
<a name="id2620070"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
@@ -114,7 +114,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620183"></a><h2>TIMING OPTIONS</h2>
<a name="id2620276"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -142,7 +142,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620298"></a><h2>FILES</h2>
<a name="id2620323"></a><h2>FILES</h2>
<p>
A keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -151,7 +151,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620324"></a><h2>SEE ALSO</h2>
<a name="id2620348"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -159,7 +159,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620357"></a><h2>AUTHOR</h2>
<a name="id2620381"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-keyfromlabel.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2620893"></a><h2>DESCRIPTION</h2>
<a name="id2620918"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
generates a key pair of files that referencing a key object stored
in a cryptographic hardware service module (HSM). The private key
@@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2620919"></a><h2>OPTIONS</h2>
<a name="id2620944"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -243,7 +243,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673133"></a><h2>TIMING OPTIONS</h2>
<a name="id2672612"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -315,7 +315,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2673528"></a><h2>GENERATED KEY FILES</h2>
<a name="id2672733"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
@@ -354,7 +354,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673622"></a><h2>SEE ALSO</h2>
<a name="id2672827"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -363,7 +363,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2673659"></a><h2>AUTHOR</h2>
<a name="id2672865"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.dnssec-keygen.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2621944"></a><h2>DESCRIPTION</h2>
<a name="id2621900"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -64,7 +64,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2621964"></a><h2>OPTIONS</h2>
<a name="id2621921"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -287,7 +287,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674190"></a><h2>TIMING OPTIONS</h2>
<a name="id2673396"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -361,7 +361,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2674312"></a><h2>GENERATED KEYS</h2>
<a name="id2673517"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -407,7 +407,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674488"></a><h2>EXAMPLE</h2>
<a name="id2673693"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -428,7 +428,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674545"></a><h2>SEE ALSO</h2>
<a name="id2673750"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2539</em>,
@@ -437,7 +437,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2674576"></a><h2>AUTHOR</h2>
<a name="id2673781"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-revoke.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623353"></a><h2>DESCRIPTION</h2>
<a name="id2631024"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-revoke</strong></span>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623367"></a><h2>OPTIONS</h2>
<a name="id2631037"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -109,14 +109,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623505"></a><h2>SEE ALSO</h2>
<a name="id2631175"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5011</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623529"></a><h2>AUTHOR</h2>
<a name="id2631200"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.dnssec-settime.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2625832"></a><h2>DESCRIPTION</h2>
<a name="id2637121"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2625891"></a><h2>OPTIONS</h2>
<a name="id2638545"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -133,7 +133,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2626099"></a><h2>TIMING OPTIONS</h2>
<a name="id2640186"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -212,7 +212,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2633064"></a><h2>PRINTING OPTIONS</h2>
<a name="id2640325"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -238,7 +238,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2633144"></a><h2>SEE ALSO</h2>
<a name="id2643272"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -246,7 +246,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2633177"></a><h2>AUTHOR</h2>
<a name="id2643305"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.dnssec-signzone.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2643581"></a><h2>DESCRIPTION</h2>
<a name="id2642992"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2643601"></a><h2>OPTIONS</h2>
<a name="id2643011"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -509,7 +509,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2675912"></a><h2>EXAMPLE</h2>
<a name="id2682285"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -539,14 +539,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2676059"></a><h2>SEE ALSO</h2>
<a name="id2682364"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2676087"></a><h2>AUTHOR</h2>
<a name="id2682392"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.dnssec-verify.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644091"></a><h2>DESCRIPTION</h2>
<a name="id2643433"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-verify</strong></span>
verifies that a zone is fully signed for each algorithm found
in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644105"></a><h2>OPTIONS</h2>
<a name="id2643447"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
@@ -138,7 +138,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644289"></a><h2>SEE ALSO</h2>
<a name="id2644040"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -146,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644314"></a><h2>AUTHOR</h2>
<a name="id2644066"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.genrandom.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2623602"></a><h2>DESCRIPTION</h2>
<a name="id2663562"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2623617"></a><h2>ARGUMENTS</h2>
<a name="id2663577"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@@ -77,14 +77,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2666139"></a><h2>SEE ALSO</h2>
<a name="id2663638"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2666166"></a><h2>AUTHOR</h2>
<a name="id2663665"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.host.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2614877"></a><h2>DESCRIPTION</h2>
<a name="id2614697"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -206,7 +206,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615268"></a><h2>IDN SUPPORT</h2>
<a name="id2615224"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -220,12 +220,12 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615365"></a><h2>FILES</h2>
<a name="id2615253"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2615379"></a><h2>SEE ALSO</h2>
<a name="id2615267"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>

8
doc/arm/man.isc-hmac-fixup.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2668612"></a><h2>DESCRIPTION</h2>
<a name="id2622693"></a><h2>DESCRIPTION</h2>
<p>
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668640"></a><h2>SECURITY CONSIDERATIONS</h2>
<a name="id2622721"></a><h2>SECURITY CONSIDERATIONS</h2>
<p>
Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668656"></a><h2>SEE ALSO</h2>
<a name="id2664448"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 2104</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2668673"></a><h2>AUTHOR</h2>
<a name="id2664465"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkconf.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644482"></a><h2>DESCRIPTION</h2>
<a name="id2644165"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkconf</strong></span>
checks the syntax, but not the semantics, of a
<span><strong class="command">named</strong></span> configuration file. The file is parsed
@@ -70,7 +70,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644552"></a><h2>OPTIONS</h2>
<a name="id2644235"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-h</span></dt>
<dd><p>
@@ -119,21 +119,21 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2644776"></a><h2>RETURN VALUES</h2>
<a name="id2644596"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644790"></a><h2>SEE ALSO</h2>
<a name="id2644610"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2644820"></a><h2>AUTHOR</h2>
<a name="id2644640"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.named-checkzone.html
View File

@@ -51,7 +51,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2677913"></a><h2>DESCRIPTION</h2>
<a name="id2684833"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -71,7 +71,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2677963"></a><h2>OPTIONS</h2>
<a name="id2684883"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -305,14 +305,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2678865"></a><h2>RETURN VALUES</h2>
<a name="id2685852"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678878"></a><h2>SEE ALSO</h2>
<a name="id2685866"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
@@ -320,7 +320,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2678912"></a><h2>AUTHOR</h2>
<a name="id2685899"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

6
doc/arm/man.named-journalprint.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2618949"></a><h2>DESCRIPTION</h2>
<a name="id2618427"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">named-journalprint</strong></span>
prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652787"></a><h2>SEE ALSO</h2>
<a name="id2653562"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -84,7 +84,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2652818"></a><h2>AUTHOR</h2>
<a name="id2653593"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

4
doc/arm/man.named-rrchecker.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named-rrchecker</code> [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2653563"></a><h2>DESCRIPTION</h2>
<a name="id2618704"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-rrchecker</strong></span>
read a individual DNS resource record from standard input and checks if it
is syntactically correct.
@@ -78,7 +78,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2653620"></a><h2>SEE ALSO</h2>
<a name="id2653713"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,

14
doc/arm/man.named.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2647494"></a><h2>DESCRIPTION</h2>
<a name="id2653048"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -65,7 +65,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2647525"></a><h2>OPTIONS</h2>
<a name="id2653079"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -284,7 +284,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2680521"></a><h2>SIGNALS</h2>
<a name="id2686075"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -305,7 +305,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680571"></a><h2>CONFIGURATION</h2>
<a name="id2686125"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -322,7 +322,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680620"></a><h2>FILES</h2>
<a name="id2686174"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -335,7 +335,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2680664"></a><h2>SEE ALSO</h2>
<a name="id2686218"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -348,7 +348,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2680734"></a><h2>AUTHOR</h2>
<a name="id2686289"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

8
doc/arm/man.nsec3hash.html
View File

@@ -48,7 +48,7 @@
<div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2668990"></a><h2>DESCRIPTION</h2>
<a name="id2622798"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669005"></a><h2>ARGUMENTS</h2>
<a name="id2664729"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">salt</span></dt>
<dd><p>
@@ -80,14 +80,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2669067"></a><h2>SEE ALSO</h2>
<a name="id2664859"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 5155</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2669084"></a><h2>AUTHOR</h2>
<a name="id2664876"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

14
doc/arm/man.nsupdate.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2653840"></a><h2>DESCRIPTION</h2>
<a name="id2654069"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -108,7 +108,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2653928"></a><h2>OPTIONS</h2>
<a name="id2654362"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
@@ -242,7 +242,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2680858"></a><h2>INPUT FORMAT</h2>
<a name="id2686685"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@@ -544,7 +544,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2682041"></a><h2>EXAMPLES</h2>
<a name="id2687868"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -598,7 +598,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2682160"></a><h2>FILES</h2>
<a name="id2687918"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -621,7 +621,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2682246"></a><h2>SEE ALSO</h2>
<a name="id2688005"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">RFC 2136</em>,
<em class="citetitle">RFC 3007</em>,
@@ -636,7 +636,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2682304"></a><h2>BUGS</h2>
<a name="id2688062"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library

10
doc/arm/man.rndc-confgen.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2660386"></a><h2>DESCRIPTION</h2>
<a name="id2661434"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc-confgen</strong></span>
generates configuration files
for <span><strong class="command">rndc</strong></span>. It can be used as a
@@ -66,7 +66,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660452"></a><h2>OPTIONS</h2>
<a name="id2661773"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd>
@@ -180,7 +180,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2661674"></a><h2>EXAMPLES</h2>
<a name="id2662586"></a><h2>EXAMPLES</h2>
<p>
To allow <span><strong class="command">rndc</strong></span> to be used with
no manual configuration, run
@@ -197,7 +197,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665895"></a><h2>SEE ALSO</h2>
<a name="id2663940"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -205,7 +205,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2665933"></a><h2>AUTHOR</h2>
<a name="id2664183"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

10
doc/arm/man.rndc.conf.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2622371"></a><h2>DESCRIPTION</h2>
<a name="id2660556"></a><h2>DESCRIPTION</h2>
<p><code class="filename">rndc.conf</code> is the configuration file
for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659611"></a><h2>EXAMPLE</h2>
<a name="id2660728"></a><h2>EXAMPLE</h2>
<pre class="programlisting">
options {
default-server localhost;
@@ -210,7 +210,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2659733"></a><h2>NAME SERVER CONFIGURATION</h2>
<a name="id2661123"></a><h2>NAME SERVER CONFIGURATION</h2>
<p>
The name server must be configured to accept rndc connections and
to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -220,7 +220,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660032"></a><h2>SEE ALSO</h2>
<a name="id2661148"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -228,7 +228,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2660070"></a><h2>AUTHOR</h2>
<a name="id2661187"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

12
doc/arm/man.rndc.html
View File

@@ -50,7 +50,7 @@
<div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2657982"></a><h2>DESCRIPTION</h2>
<a name="id2657256"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">rndc</strong></span>
controls the operation of a name
server. It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -81,7 +81,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2658033"></a><h2>OPTIONS</h2>
<a name="id2657306"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
<dd><p>
@@ -152,7 +152,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2658466"></a><h2>COMMANDS</h2>
<a name="id2660333"></a><h2>COMMANDS</h2>
<p>
A list of commands supported by <span><strong class="command">rndc</strong></span> can
be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@@ -583,7 +583,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2685563"></a><h2>LIMITATIONS</h2>
<a name="id2689684"></a><h2>LIMITATIONS</h2>
<p>
There is currently no way to provide the shared secret for a
<code class="option">key_id</code> without using the configuration file.
@@ -593,7 +593,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2685581"></a><h2>SEE ALSO</h2>
<a name="id2689702"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -603,7 +603,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2685637"></a><h2>AUTHOR</h2>
<a name="id2689757"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>

221
doc/arm/notes.html
View File

@@ -19,224 +19,5 @@
<title></title>
<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id2542126"></a>Release Notes for BIND Version 9.10.3b1</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_intro"></a>Introduction</h3></div></div></div>
<p>
This document summarizes changes since the last production release
of BIND on the corresponding major release branch.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_download"></a>Download</h3></div></div></div>
<p>
The latest versions of BIND 9 software can always be found at
<a href="http://www.isc.org/downloads/" target="_top">http://www.isc.org/downloads/</a>.
There you will find additional information about each release,
source code, and pre-compiled versions for Microsoft Windows
operating systems.
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
A specially crafted query could trigger an assertion failure
in message.c
</p>
<p>
This flaw was discovered by Jonathan Foote, and is disclosed
in CVE-2015-5477. [RT #39795]
</p>
</li>
<li>
<p>
On servers configured to perform DNSSEC validation, an
assertion failure could be triggered on answers from
a specially configured server.
</p>
<p>
This flaw was discovered by Breno Silveira Soares, and is
disclosed in CVE-2015-4620. [RT #39795]
</p>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_features"></a>New Features</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li>
<p>
New quotas have been added to limit the queries that are
sent by recursive resolvers to authoritative servers
experiencing denial-of-service attacks. When configured,
these options can both reduce the harm done to authoritative
servers and also avoid the resource exhaustion that can be
experienced by recursives when they are being used as a
vehicle for such an attack.
</p>
<p>
NOTE: These options are not available by default; use
<span><strong class="command">configure --enable-fetchlimit</strong></span> to include
them in the build.
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
<code class="option">fetches-per-server</code> limits the number of
simultaneous queries that can be sent to any single
authoritative server. The configured value is a starting
point; it is automatically adjusted downward if the server is
partially or completely non-responsive. The algorithm used to
adjust the quota can be configured via the
<code class="option">fetch-quota-params</code> option.
</p></li>
<li><p>
<code class="option">fetches-per-zone</code> limits the number of
simultaneous queries that can be sent for names within a
single domain. (Note: Unlike "fetches-per-server", this
value is not self-tuning.)
</p></li>
</ul></div>
<p>
Statistics counters have also been added to track the number
of queries affected by these quotas.
</p>
</li>
<li><p>
<span><strong class="command">dig +ednsflags</strong></span> can now be used to set
yet-to-be-defined EDNS flags in DNS requests.
</p></li>
<li><p>
<span><strong class="command">dig +[no]ednsnegotiation</strong></span> can now be used enable /
disable EDNS version negotiation.
</p></li>
<li><p>
An <span><strong class="command">--enable-querytrace</strong></span> configure switch is
now available to enable very verbose query tracelogging. This
option can only be set at compile time. This option has a
negative performance impact and should be used only for
debugging.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
Large inline-signing changes should be less disruptive.
Signature generation is now done incrementally; the number
of signatures to be generated in each quantum is controlled
by "sig-signing-signatures <em class="replaceable"><code>number</code></em>;".
[RT #37927]
</p></li>
<li><p>
The experimental SIT extension now uses the EDNS COOKIE
option code point (10) and is displayed as "COOKIE:
&lt;value&gt;". The existing named.conf directives;
"request-sit", "sit-secret" and "nosit-udp-size", are
still valid and will be replaced by "send-cookie",
"cookie-secret" and "nocookie-udp-size" in BIND 9.11.
The existing dig directive "+sit" is still valid and will
be replaced with "+cookie" in BIND 9.11.
</p></li>
<li><p>
When retrying a query via TCP due to the first answer being
truncated, <span><strong class="command">dig</strong></span> will now correctly send
the COOKIE value returned by the server in the prior
response. [RT #39047]
</p></li>
<li><p>
Retrieving the local port range from net.ipv4.ip_local_port_range
on Linux is now supported.
</p></li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>
Asynchronous zone loads were not handled correctly when the
zone load was already in progress; this could trigger a crash
in zt.c. [RT #37573]
</p></li>
<li><p>
A race during shutdown or reconfiguration could
cause an assertion failure in mem.c. [RT #38979]
</p></li>
<li><p>
Some answer formatting options didn't work correctly with
<span><strong class="command">dig +short</strong></span>. [RT #39291]
</p></li>
<li>
<p>
Several bugs have been fixed in the RPZ implementation:
</p>
<div class="itemizedlist"><ul type="circle">
<li><p>
Policy zones that did not specifically require recursion
could be treated as if they did; consequently, setting
<span><strong class="command">qname-wait-recurse no;</strong></span> was
sometimes ineffective. This has been corrected.
In most configurations, behavioral changes due to this
fix will not be noticeable. [RT #39229]
</p></li>
<li><p>
The server could crash if policy zones were updated (e.g.
via <span><strong class="command">rndc reload</strong></span> or an incoming zone
transfer) while RPZ processing was still ongoing for an
active query. [RT #39415]
</p></li>
<li><p>
On servers with one or more policy zones configured as
slaves, if a policy zone updated during regular operation
(rather than at startup) using a full zone reload, such as
via AXFR, a bug could allow the RPZ summary data to fall out
of sync, potentially leading to an assertion failure in
rpz.c when further incremental updates were made to the
zone, such as via IXFR. [RT #39567]
</p></li>
<li><p>
The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an
unexpected action could be taken. This has been
corrected. [RT #39481]
</p></li>
<li><p>
The server could crash if a reload of an RPZ zone was
initiated while another reload of the same zone was
already in progress. [RT #39649]
</p></li>
</ul></div>
</li>
</ul></div>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="end_of_life"></a>End of Life</h3></div></div></div>
<p>
The end of life for BIND 9.10 is yet to be determined but
will not be before BIND 9.12.0 has been released for 6 months.
<a href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
</p>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_thanks"></a>Thank You</h3></div></div></div>
<p>
Thank you to everyone who assisted us in making this release possible.
If you would like to contribute to ISC to assist us in continuing to
make quality open source software, please visit our donations page at
<a href="http://www.isc.org/donate/" target="_top">http://www.isc.org/donate/</a>.
</p>
</div>
</div></div></body>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><font color="red">&lt;xi:include&gt;&lt;/xi:include&gt;</font></div></body>
</html>