Commit 630d1a9b authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent 19b7c049
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -66,19 +66,19 @@ must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA51
\fB\-T KEY\fR
option as well\&.
.sp
TSIG keys can also be generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
\fB\-T KEY\fR\&. Note, however, that
\fBtsig\-keygen\fR
produces TSIG keys in a more useful format\&. These algorithms have been deprecated in
\fBdnssec\-keygen\fR, and will be removed in a future release\&.
.sp
These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
\fB\-3\fR
option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
.sp
As of BIND 9\&.12\&.0, this option is mandatory except when using the
This parameter
\fImust\fR
be specified except when using the
\fB\-S\fR
option, which copies the algorithm from the predecessor key\&. Previously, the default for newly generated keys was RSASHA1\&.
option, which copies the algorithm from the predecessor key\&.
.sp
In prior releases, HMAC algorithms could be generated for use as TSIG keys, but that feature has been removed as of BIND 9\&.13\&.0\&. Use
\fBtsig\-keygen\fR
to generate TSIG keys\&.
.RE
.PP
\-b \fIkeysize\fR
......@@ -369,5 +369,5 @@ RFC 4034\&.
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
......@@ -107,16 +107,6 @@
his value will automatically set the <code class="option">-T KEY</code>
option as well.
</p>
<p>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <code class="option">-T KEY</code>. Note,
however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
future release.
</p>
<p>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
......@@ -125,10 +115,15 @@
or NSEC3DSA will be used instead.
</p>
<p>
As of BIND 9.12.0, this option is mandatory except when using
the <code class="option">-S</code> option, which copies the algorithm from
the predecessor key. Previously, the default for newly
generated keys was RSASHA1.
This parameter <span class="emphasis"><em>must</em></span> be specified except
when using the <code class="option">-S</code> option, which copies the
algorithm from the predecessor key.
</p>
<p>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
TSIG keys.
</p>
</dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
......
......@@ -42,6 +42,7 @@
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>
......@@ -104,6 +105,18 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
......
......@@ -242,6 +242,7 @@
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>
......
......@@ -125,16 +125,6 @@
his value will automatically set the <code class="option">-T KEY</code>
option as well.
</p>
<p>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <code class="option">-T KEY</code>. Note,
however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
future release.
</p>
<p>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
......@@ -143,10 +133,15 @@
or NSEC3DSA will be used instead.
</p>
<p>
As of BIND 9.12.0, this option is mandatory except when using
the <code class="option">-S</code> option, which copies the algorithm from
the predecessor key. Previously, the default for newly
generated keys was RSASHA1.
This parameter <span class="emphasis"><em>must</em></span> be specified except
when using the <code class="option">-S</code> option, which copies the
algorithm from the predecessor key.
</p>
<p>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
TSIG keys.
</p>
</dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
......
......@@ -67,6 +67,18 @@
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment