Commit 33682c92 authored by Andreas Gustafsson's avatar Andreas Gustafsson

regenerated docs

parent f4909f01
......@@ -19,7 +19,7 @@
rndc \- name server control utility
.SH SYNOPSIS
.sp
\fBrndc\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-s \fIserver\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-V\fR ] [ \fB-y \fIkey_id\fB\fR ] \fBcommand\fR
\fBrndc\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-k \fIkey-file\fB\fR ] [ \fB-s \fIserver\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-V\fR ] [ \fB-y \fIkey_id\fB\fR ] \fBcommand\fR
.SH "DESCRIPTION"
.PP
\fBrndc\fR controls the operation of a name
......@@ -51,6 +51,14 @@ Use \fIconfig-file\fR
as the configuration file instead of the default,
\fI/etc/rndc.conf\fR.
.TP
\fB-k \fIkey-file\fB\fR
Use \fIkey-file\fR
as the key file instead of the default,
\fI/etc/rndc.key\fR. The key in
\fI/etc/rndc.key\fR will be used to authenticate
commands sent to the server if the \fIconfig-file\fR
does not exist.
.TP
\fB-s \fIserver\fB\fR
\fIserver\fR is
the name or address of the server which matches a
......
......@@ -69,6 +69,14 @@ CLASS="REPLACEABLE"
></TT
>] [<TT
CLASS="OPTION"
>-k <TT
CLASS="REPLACEABLE"
><I
>key-file</I
></TT
></TT
>] [<TT
CLASS="OPTION"
>-s <TT
CLASS="REPLACEABLE"
><I
......@@ -99,7 +107,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN31"
NAME="AEN34"
></A
><H2
>DESCRIPTION</H2
......@@ -154,7 +162,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN43"
NAME="AEN46"
></A
><H2
>OPTIONS</H2
......@@ -186,6 +194,39 @@ CLASS="FILENAME"
</P
></DD
><DT
>-k <TT
CLASS="REPLACEABLE"
><I
>key-file</I
></TT
></DT
><DD
><P
> Use <TT
CLASS="REPLACEABLE"
><I
>key-file</I
></TT
>
as the key file instead of the default,
<TT
CLASS="FILENAME"
>/etc/rndc.key</TT
>. The key in
<TT
CLASS="FILENAME"
>/etc/rndc.key</TT
> will be used to authenticate
commands sent to the server if the <TT
CLASS="REPLACEABLE"
><I
>config-file</I
></TT
>
does not exist.
</P
></DD
><DT
>-s <TT
CLASS="REPLACEABLE"
><I
......@@ -297,7 +338,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN82"
NAME="AEN94"
></A
><H2
>LIMITATIONS</H2
......@@ -325,7 +366,7 @@ CLASS="OPTION"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN90"
NAME="AEN102"
></A
><H2
>SEE ALSO</H2
......@@ -367,7 +408,7 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
NAME="AEN106"
NAME="AEN118"
></A
><H2
>AUTHOR</H2
......
......@@ -1133,11 +1133,11 @@ CLASS="command"
> will also look in
<TT
CLASS="filename"
>/var/run/named.key</TT
> (or wherever
>/etc/rndc.key</TT
> (or whatever
<TT
CLASS="varname"
>localstatedir</TT
>sysconfdir</TT
> was defined when
the <SPAN
CLASS="acronym"
......@@ -1145,11 +1145,11 @@ CLASS="acronym"
> build was configured).
The <TT
CLASS="filename"
>named.key</TT
>rndc.key</TT
> file is generated by
<B
running <B
CLASS="command"
>named</B
>rndc-confgen -a</B
> as described in
<A
HREF="Bv9ARM.ch06.html#controls_statement_definition_and_usage"
......@@ -1329,7 +1329,7 @@ following controls statements:</P
><PRE
CLASS="programlisting"
>&#13;controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
</PRE
><P
......@@ -1338,6 +1338,37 @@ CLASS="programlisting"
CLASS="literal"
>rndc_key</TT
>.</P
><P
>Running the <B
CLASS="command"
>rndc-confgen</B
> program will
conveniently create a <TT
CLASS="filename"
>rndc.conf</TT
>
file for you, and also display the
corresponding <B
CLASS="command"
>controls</B
> statement that you need to
add to <TT
CLASS="filename"
>named.conf</TT
>. Alternatively,
you can run <B
CLASS="command"
>rndc-confgen -a</B
> to set up
a <TT
CLASS="filename"
>rndc.key</TT
> file and not modify
<TT
CLASS="filename"
>named.conf</TT
> at all.
</P
></DD
></DL
></DIV
......@@ -1348,7 +1379,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN650"
NAME="AEN658"
>3.4.2. Signals</A
></H2
><P
......@@ -1361,7 +1392,7 @@ CLASS="command"
><DIV
CLASS="informaltable"
><A
NAME="AEN654"
NAME="AEN662"
></A
><P
></P
......
......@@ -88,7 +88,7 @@ HREF="Bv9ARM.ch04.html#incremental_zone_transfers"
></DT
><DT
>4.3. <A
HREF="Bv9ARM.ch04.html#AEN714"
HREF="Bv9ARM.ch04.html#AEN722"
>Split DNS</A
></DT
><DT
......@@ -98,12 +98,12 @@ HREF="Bv9ARM.ch04.html#tsig"
></DT
><DT
>4.5. <A
HREF="Bv9ARM.ch04.html#AEN874"
HREF="Bv9ARM.ch04.html#AEN882"
>TKEY</A
></DT
><DT
>4.6. <A
HREF="Bv9ARM.ch04.html#AEN889"
HREF="Bv9ARM.ch04.html#AEN897"
>SIG(0)</A
></DT
><DT
......@@ -113,7 +113,7 @@ HREF="Bv9ARM.ch04.html#DNSSEC"
></DT
><DT
>4.8. <A
HREF="Bv9ARM.ch04.html#AEN974"
HREF="Bv9ARM.ch04.html#AEN982"
>IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
......@@ -274,7 +274,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN714"
NAME="AEN722"
>4.3. Split DNS</A
></H1
><P
......@@ -672,7 +672,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN805"
NAME="AEN813"
>4.4.1. Generate Shared Keys for Each Pair of Hosts</A
></H2
><P
......@@ -690,7 +690,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN810"
NAME="AEN818"
>4.4.1.1. Automatic Generation</A
></H3
><P
......@@ -732,7 +732,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN821"
NAME="AEN829"
>4.4.1.2. Manual Generation</A
></H3
><P
......@@ -753,7 +753,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN826"
NAME="AEN834"
>4.4.2. Copying the Shared Secret to Both Machines</A
></H2
><P
......@@ -765,7 +765,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN829"
NAME="AEN837"
>4.4.3. Informing the Servers of the Key's Existence</A
></H2
><P
......@@ -813,7 +813,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN841"
NAME="AEN849"
>4.4.4. Instructing the Server to Use the Key</A
></H2
><P
......@@ -873,7 +873,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN857"
NAME="AEN865"
>4.4.5. TSIG Key Based Access Control</A
></H2
><P
......@@ -919,7 +919,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN870"
NAME="AEN878"
>4.4.6. Errors</A
></H2
><P
......@@ -948,7 +948,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN874"
NAME="AEN882"
>4.5. TKEY</A
></H1
><P
......@@ -1014,7 +1014,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN889"
NAME="AEN897"
>4.6. SIG(0)</A
></H1
><P
......@@ -1086,7 +1086,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN906"
NAME="AEN914"
>4.7.1. Generating Keys</A
></H2
><P
......@@ -1165,7 +1165,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN926"
NAME="AEN934"
>4.7.2. Creating a Keyset</A
></H2
><P
......@@ -1218,7 +1218,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN938"
NAME="AEN946"
>4.7.3. Signing the Child's Keyset</A
></H2
><P
......@@ -1268,7 +1268,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN951"
NAME="AEN959"
>4.7.4. Signing the Zone</A
></H2
><P
......@@ -1330,7 +1330,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN967"
NAME="AEN975"
>4.7.5. Configuring Servers</A
></H2
><P
......@@ -1358,7 +1358,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN974"
NAME="AEN982"
>4.8. IPv6 Support in <SPAN
CLASS="acronym"
>BIND</SPAN
......@@ -1418,7 +1418,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN990"
NAME="AEN998"
>4.8.1. Address Lookups Using AAAA Records</A
></H2
><P
......@@ -1440,7 +1440,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN995"
NAME="AEN1003"
>4.8.2. Address Lookups Using A6 Records</A
></H2
><P
......@@ -1460,7 +1460,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN999"
NAME="AEN1007"
>4.8.2.1. A6 Chains</A
></H3
><P
......@@ -1506,7 +1506,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1010"
NAME="AEN1018"
>4.8.2.2. A6 Records for DNS Servers</A
></H3
><P
......@@ -1536,7 +1536,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1016"
NAME="AEN1024"
>4.8.3. Address to Name Lookups Using Nibble Format</A
></H2
><P
......@@ -1567,7 +1567,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1023"
NAME="AEN1031"
>4.8.4. Address to Name Lookups Using Bitstring Format</A
></H2
><P
......@@ -1594,7 +1594,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1030"
NAME="AEN1038"
>4.8.5. Using DNAME for Delegation of IPv6 Reverse Addresses</A
></H2
><P
......
......@@ -81,7 +81,7 @@ CLASS="TOC"
></DT
><DT
>5.1. <A
HREF="Bv9ARM.ch05.html#AEN1050"
HREF="Bv9ARM.ch05.html#AEN1058"
>The Lightweight Resolver Library</A
></DT
><DT
......@@ -96,7 +96,7 @@ CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN1050"
NAME="AEN1058"
>5.1. The Lightweight Resolver Library</A
></H1
><P
......
......@@ -91,7 +91,7 @@ HREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
></DT
><DT
>6.3. <A
HREF="Bv9ARM.ch06.html#AEN3490"
HREF="Bv9ARM.ch06.html#AEN3499"
>Zone File</A
></DT
></DL
......@@ -145,7 +145,7 @@ file documentation:</P
><DIV
CLASS="informaltable"
><A
NAME="AEN1092"
NAME="AEN1100"
></A
><P
></P
......@@ -740,7 +740,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1255"
NAME="AEN1263"
>6.1.1.1. Syntax</A
></H3
><PRE
......@@ -771,7 +771,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1263"
NAME="AEN1271"
>6.1.1.2. Definition and Usage</A
></H3
><P
......@@ -882,7 +882,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1292"
NAME="AEN1300"
>6.1.2. Comment Syntax</A
></H2
><P
......@@ -901,7 +901,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1297"
NAME="AEN1305"
>6.1.2.1. Syntax</A
></H3
><P
......@@ -933,7 +933,7 @@ CLASS="sect3"
><H3
CLASS="sect3"
><A
NAME="AEN1306"
NAME="AEN1314"
>6.1.2.2. Definition and Usage</A
></H3
><P
......@@ -1043,7 +1043,7 @@ CLASS="acronym"
><DIV
CLASS="informaltable"
><A
NAME="AEN1330"
NAME="AEN1338"
></A
><P
></P
......@@ -1271,7 +1271,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1399"
NAME="AEN1407"
>6.2.1. <B
CLASS="command"
>acl</B
......@@ -1318,7 +1318,7 @@ CLASS="command"
><DIV
CLASS="informaltable"
><A
NAME="AEN1412"
NAME="AEN1420"
></A
><P
></P
......@@ -1416,7 +1416,7 @@ CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN1441"
NAME="AEN1449"
>6.2.3. <B
CLASS="command"
>controls</B
......@@ -1539,76 +1539,59 @@ HREF="Bv9ARM.ch03.html#admin_tools"
must be signed by one of its specified keys to
be honored.</P
><P
>The <B
>&#13;If no <B
CLASS="command"
>controls</B
> statement is present,
<B
CLASS="command"
>named</B
> will set up a default
control channel listening on the loopback address 127.0.0.1
and its IPv6 counterpart ::1.
In this case, and also when the <B
CLASS="command"
>controls</B
> statement
is present but does not have a <B
CLASS="command"
>keys</B
> clause is not strictly required.
If it is not present, then a random key will be generated automatically
and placed in a file named <TT
> clause,
<B
CLASS="command"
>named</B
> will attempt to load the command channel key
from the file <TT
CLASS="filename"
>named.key</TT
>, which is
usually in <TT
>rndc.key</TT
> in
<TT
CLASS="filename"
>/var/run</TT
> but will be wherever
<TT
>/etc</TT
> (or whatever <TT
CLASS="varname"
>localstatedir</TT
> was specified as when
<SPAN
>sysconfdir</TT
>
was specified as when <SPAN
CLASS="acronym"
>BIND</SPAN
> was built. <TT
CLASS="filename"
>named.key</TT
>
contains a complete <TT
CLASS="filename"
>rndc.conf</TT
>-compatible
configuration and is used by <B
CLASS="command"
>rndc</B
> when it
cannot find its primary configuration file.</P
><P
>Similarly, <TT
CLASS="filename"
>named.key</TT
> is generated when
no <B
CLASS="command"
>controls</B
> statement is present at all. In
that situation it will configure a control channel to run on
127.0.0.1.</P
><P
>There are two ways to disable the creation of
<TT
> was built).
To create a <TT
CLASS="filename"
>named.key</TT
>. One is to ensure that all of your
<B
CLASS="command"
>inet</B
> control channels have a <B
CLASS="command"
>keys</B
>
clause. The other is to have a <B
CLASS="command"
>controls</B
> statement
with no <B
CLASS="command"
>inet</B
> phrases it all. The latter will
prevent the creation of any control channel.</P
>rndc.key</TT
> file, run
<TT
CLASS="userinput"
><B
>rndc-confgen -a</B
></TT
>.
</P
><P
>The <TT
CLASS="filename"
>named.key</TT
>rndc.key</TT
> feature was created to
ease the transition of systems from <SPAN
CLASS="acronym"
......@@ -1618,8 +1601,38 @@ CLASS="acronym"
and thus did not have a <B
CLASS="command"
>keys</B
> clause. Since
it is only intended to allow the backward-compatible usage of
> clause.