It is possible to set per-user defaults for dig via
- ${HOME}/.digrc. This file is read and
- any options in it
- are applied before the command line arguments.
+ ${HOME}/.digrc. This file is read and any
+ options in it are applied before the command line arguments.
+ The -r option disables this feature, for
+ scripts that need predictable behaviour.
@@ -227,14 +228,6 @@ dig using the command-line interface.
-- Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT - domain, which is no longer in use. Obsolete bit string - label queries (RFC 2874) are not attempted. -
-keyfile
@@ -274,6 +267,13 @@
the name from other arguments.
+ Do not read options from ${HOME}/.digrc.
+ This is useful for scripts that need predictable behaviour.
+
type
@@ -324,8 +324,7 @@
94.2.0.192.in-addr.arpa and sets the
query type and class to PTR and IN respectively. IPv6
addresses are looked up using nibble format under the
- IP6.ARPA domain (but see also the -i
- option).
+ IP6.ARPA domain.
[hmac:]keyname:secretProcess [do not process] IDN domain names on input. This requires IDN SUPPORT to have been enabled at - compile time. The default is to process IDN input. + compile time. +
++ The default is to process IDN input when standard output + is a tty. The IDN processing on input is disabled when + dig output is redirected to files, pipes, and other + non-tty file descriptors.
+[no]idnoutConvert [do not convert] puny code on output. This requires IDN SUPPORT to have been enabled at - compile time. The default is to convert output. + compile time. +
++ The default is to process puny code on output when + standard output is a tty. The puny code processing on + output is disabled when dig output is redirected to + files, pipes, and other non-tty file descriptors.
+[no]ignore+noidnin and
- +noidnout.
+ +noidnout or define
+ the IDN_DISABLE environment variable.
+
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index 0bd8ff1b98..f4e00aca6c 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -112,11 +112,6 @@ Print debugging traces\&. Equivalent to the
verbose option\&.
.RE
.PP
-\-i
-.RS 4
-Obsolete\&. Use the IP6\&.INT domain for reverse lookups of IPv6 addresses as defined in RFC1886 and deprecated in RFC4159\&. The default is to use IP6\&.ARPA as specified in RFC3596\&.
-.RE
-.PP
\-l
.RS 4
List zone: The
@@ -257,7 +252,7 @@ If
\fBhost\fR
has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
\fBhost\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
\fBIDN_DISABLE\fR
environment variable\&. The IDN support is disabled if the variable is set when
\fBhost\fR
diff --git a/bin/dig/host.html b/bin/dig/host.html
index c8a9a3fa5d..1e06cb05fb 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -138,15 +138,6 @@
Equivalent to the -v verbose option.
-- Obsolete. - Use the IP6.INT domain for reverse lookups of IPv6 - addresses as defined in RFC1886 and deprecated in RFC4159. - The default is to use IP6.ARPA as specified in RFC3596. -
-
@@ -311,7 +302,7 @@
host appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
- If you'd like to turn off the IDN support for some reason, defines
+ If you'd like to turn off the IDN support for some reason, define
the IDN_DISABLE environment variable.
The IDN support is disabled if the variable is set when
host runs.
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index e95e3aa0b5..873da4b68b 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -277,6 +277,17 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
.PP
\fBnslookup\fR
returns with an exit status of 1 if any query failed, and 0 otherwise\&.
+.SH "IDN SUPPORT"
+.PP
+If
+\fBnslookup\fR
+has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
+\fBnslookup\fR
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
+\fBIDN_DISABLE\fR
+environment variable\&. The IDN support is disabled if the variable is set when
+\fBnslookup\fR
+runs or when the standard output is not a tty\&.
.SH "FILES"
.PP
/etc/resolv\&.conf
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index 1ce24f5d52..ad6fb80d10 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -362,14 +362,31 @@ nslookup -query=hinfo -timeout=10
+ If nslookup has been built with IDN (internationalized
+ domain name) support, it can accept and display non-ASCII domain names.
+ nslookup appropriately converts character encoding of
+ domain name before sending a request to DNS server or displaying a
+ reply from the server.
+ If you'd like to turn off the IDN support for some reason, define
+ the IDN_DISABLE environment variable.
+ The IDN support is disabled if the variable is set when
+ nslookup runs or when the standard output is not
+ a tty.
+
dig(1)
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
index ebc20c17f9..f0a261c3df 100644
--- a/bin/dnssec/dnssec-keyfromlabel.8
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -55,7 +55,7 @@ of the key is specified on the command line\&. This must match the name of the z
.RS 4
Selects the cryptographic algorithm\&. The value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
+must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
@@ -63,9 +63,9 @@ option is specified, in which case NSEC3RSASHA1 will be used instead\&. (If
\fB\-3\fR
is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3\&.)
.sp
-These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
+These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 is specified along with the
\fB\-3\fR
-option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
+option, then NSEC3RSASHA1 will be used instead\&.
.sp
As of BIND 9\&.12\&.0, this option is mandatory except when using the
\fB\-S\fR
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
index d25dcebd62..83e066686a 100644
--- a/bin/dnssec/dnssec-keyfromlabel.html
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -90,7 +90,7 @@
Selects the cryptographic algorithm. The value of
@@ -103,9 +103,9 @@
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
- ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
+ ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the
As of BIND 9.12.0, this option is mandatory except when using
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 5300ed81a1..c0885df7b3 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -62,13 +62,13 @@ may be preferable to direct use of
.RS 4
Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
+must be one of RSAMD5, RSASHA1, NSEC3RSASHA1, RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448\&. For TKEY, the value must be DH (Diffie Hellman); specifying his value will automatically set the
\fB\-T KEY\fR
option as well\&.
.sp
-These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
+These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 is specified along with the
\fB\-3\fR
-option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
+option, then NSEC3RSASHA1 will be used instead\&.
.sp
This parameter
\fImust\fR
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index fe28bb439e..d817ce79bc 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -100,7 +100,7 @@
Selects the cryptographic algorithm. For DNSSEC keys, the value
of
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
- ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
+ ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the
This parameter must be specified except
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 8d109a00b9..655c1637e1 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -10,12 +10,12 @@
.\" Title: named.conf
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 algorithm must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
+ NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
-3 option, then NSEC3RSASHA1
- or NSEC3DSA will be used instead.
+ will be used instead.
algorithm must be one of RSAMD5, RSASHA1,
- DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
+ NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the -T KEY
@@ -109,9 +109,9 @@
-3 option, then NSEC3RSASHA1
- or NSEC3DSA will be used instead.
+ will be used instead.
integer ];
alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
* ) ] [ dscp integer ];
+ answer-cookie boolean;
attach-cache string;
auth-nxdomain boolean; // default changed
auto-dnssec ( allow | maintain | off );
@@ -245,8 +246,8 @@ options
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver ) [ ( query |
- response ) ]; ... };
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
dnstap-identity ( quoted_string | none | hostname );
dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
size ) ] [ versions ( unlimited | integer ) ] [ suffix (
@@ -324,6 +325,8 @@ options
memstatistics boolean;
memstatistics-file quoted_string;
message-compression boolean;
+ min-cache-ttl ttlval;
+ min-ncache-ttl ttlval;
min-refresh-time integer;
min-retry-time integer;
minimal-any boolean;
@@ -601,8 +604,8 @@ view
dnssec-secure-to-insecure boolean;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
- dnstap { ( all | auth | client | forwarder | resolver ) [ ( query |
- response ) ]; ... };
+ dnstap { ( all | auth | client | forwarder | resolver | update ) [
+ ( query | response ) ]; ... };
dual-stack-servers [ port integer ] { ( quoted_string [ port
integer ] [ dscp integer ] | ipv4_address [ port
integer ] [ dscp integer ] | ipv6_address [ port
@@ -883,10 +886,10 @@ view
static-stub | stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string (
- 6to4-self | external | krb5-self | krb5-subdomain |
- ms-self | ms-subdomain | name | self | selfsub |
- selfwild | subdomain | tcp-self | wildcard | zonesub )
- [ string ] rrtypelist; ... };
+ 6to4-self | external | krb5-self | krb5-selfsub |
+ krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
+ name | self | selfsub | selfwild | subdomain | tcp-self
+ | wildcard | zonesub ) [ string ] rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
@@ -986,9 +989,10 @@ zone
stub );
update-check-ksk boolean;
update-policy ( local | { ( deny | grant ) string ( 6to4-self |
- external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
- | name | self | selfsub | selfwild | subdomain | tcp-self |
- wildcard | zonesub ) [ string ] rrtypelist; ... };
+ external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
+ | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
+ | subdomain | tcp-self | wildcard | zonesub ) [ string ]
+ rrtypelist; ... };
use-alt-transfer-source boolean;
zero-no-soa-ttl boolean;
zone-statistics ( full | terse | none | boolean );
diff --git a/bin/python/dnssec-keymgr.8 b/bin/python/dnssec-keymgr.8
index 45bd51061e..413fa1584b 100644
--- a/bin/python/dnssec-keymgr.8
+++ b/bin/python/dnssec-keymgr.8
@@ -215,7 +215,7 @@ Specifies the directory in which keys should be stored\&.
.PP
\fBkey\-size\fR
.RS 4
-Specifies the number of bits to use in creating keys\&. Takes two arguments: keytype (eihter "zsk" or "ksk") and size\&. A default value for this option can be set in algorithm policies as well as in policy classes or zone policies\&. If no policy is configured, the default is 1024 bits for DSA keys and 2048 for RSA\&.
+Specifies the number of bits to use in creating keys\&. Takes two arguments: keytype (eihter "zsk" or "ksk") and size\&. A default value for this option can be set in algorithm policies as well as in policy classes or zone policies\&. If no policy is configured, the default is 2048 bits for RSA keys\&.
.RE
.PP
\fBkeyttl\fR
diff --git a/bin/python/dnssec-keymgr.html b/bin/python/dnssec-keymgr.html
index 726c22c1ac..ce0cb6700f 100644
--- a/bin/python/dnssec-keymgr.html
+++ b/bin/python/dnssec-keymgr.html
@@ -258,8 +258,7 @@
Takes two arguments: keytype (eihter "zsk" or "ksk") and size.
A default value for this option can be set in algorithm policies
as well as in policy classes or zone policies. If no policy is
- configured, the default is 1024 bits for DSA keys and 2048 for
- RSA.
+ configured, the default is 2048 bits for RSA keys.
nta
- [( -d | -f | -r | -l duration)]
+ [( -class class | -dump | -force | -remove | -lifetime duration)]
domain
[view]
-remove.
- If -dump is used, any other arguments
+ If the -dump is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
@@ -549,10 +549,21 @@
lifetime, regardless of whether data could be
validated if the NTA were not present.
+ The view class can be specified with -class.
+ The default is class IN, which is
+ the only class for which DNSSEC is currently supported.
+
All of these options can be shortened, i.e., to
-l, -r, -d,
- and -f.
+ -f, and -c.
+
+ Unrecognized options are treated as errors. To reference + a domain or view name that begins with a hyphen, + use a double-hyphen on the command line to indicate the + end of options.
querylog [ on | off ]
Enable, disable, or check the current status of
- DNSSEC validation.
- Note dnssec-enable also needs to be
- set to yes or
- auto to be effective.
- It defaults to enabled.
+ DNSSEC validation. By default, validation is enabled.
+ (Note that dnssec-enable must also be
+ yes (the default value) for signatures
+ to be returned along with validated data. If validation is
+ enabled while dnssec-enable is set to
+ no, the server will validate internally,
+ but will not supply clients with the necessary records to allow
+ validity to be confirmed.)
zonestatus zone [class [view]]
- The -i option sets the reverse domain for
- IPv6 addresses to IP6.INT.
-
Reverse lookups — mapping addresses to names — are
simplified by the -x option.
@@ -371,8 +366,7 @@
query name like 11.12.13.10.in-addr.arpa and
sets the query type and class to PTR and IN respectively.
By default, IPv6 addresses are looked up using nibble format
- under the IP6.ARPA domain. To use the older RFC1886 method
- using the IP6.INT domain specify the -i option.
+ under the IP6.ARPA domain.
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html index e7913fceb4..2051a9536b 100644 --- a/doc/arm/Bv9ARM.ch01.html +++ b/doc/arm/Bv9ARM.ch01.html @@ -614,6 +614,6 @@
BIND 9.13.3 (Development Release)
+BIND 9.13.4 (Development Release)