Commit 630d1a9b authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent 19b7c049
.\" Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.\" .\"
.\" This Source Code Form is subject to the terms of the Mozilla Public .\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this .\" License, v. 2.0. If a copy of the MPL was not distributed with this
...@@ -66,19 +66,19 @@ must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA51 ...@@ -66,19 +66,19 @@ must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA51
\fB\-T KEY\fR \fB\-T KEY\fR
option as well\&. option as well\&.
.sp .sp
TSIG keys can also be generated by setting the value to one of HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512\&. As with DH, specifying these values will automatically set
\fB\-T KEY\fR\&. Note, however, that
\fBtsig\-keygen\fR
produces TSIG keys in a more useful format\&. These algorithms have been deprecated in
\fBdnssec\-keygen\fR, and will be removed in a future release\&.
.sp
These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the These values are case insensitive\&. In some cases, abbreviations are supported, such as ECDSA256 for ECDSAP256SHA256 and ECDSA384 for ECDSAP384SHA384\&. If RSASHA1 or DSA is specified along with the
\fB\-3\fR \fB\-3\fR
option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&. option, then NSEC3RSASHA1 or NSEC3DSA will be used instead\&.
.sp .sp
As of BIND 9\&.12\&.0, this option is mandatory except when using the This parameter
\fImust\fR
be specified except when using the
\fB\-S\fR \fB\-S\fR
option, which copies the algorithm from the predecessor key\&. Previously, the default for newly generated keys was RSASHA1\&. option, which copies the algorithm from the predecessor key\&.
.sp
In prior releases, HMAC algorithms could be generated for use as TSIG keys, but that feature has been removed as of BIND 9\&.13\&.0\&. Use
\fBtsig\-keygen\fR
to generate TSIG keys\&.
.RE .RE
.PP .PP
\-b \fIkeysize\fR \-b \fIkeysize\fR
...@@ -369,5 +369,5 @@ RFC 4034\&. ...@@ -369,5 +369,5 @@ RFC 4034\&.
\fBInternet Systems Consortium, Inc\&.\fR \fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT" .SH "COPYRIGHT"
.br .br
Copyright \(co 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC") Copyright \(co 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
.br .br
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- <!--
- Copyright (C) 2000-2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2005, 2007-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- -
- This Source Code Form is subject to the terms of the Mozilla Public - This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this - License, v. 2.0. If a copy of the MPL was not distributed with this
...@@ -107,16 +107,6 @@ ...@@ -107,16 +107,6 @@
his value will automatically set the <code class="option">-T KEY</code> his value will automatically set the <code class="option">-T KEY</code>
option as well. option as well.
</p> </p>
<p>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <code class="option">-T KEY</code>. Note,
however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
future release.
</p>
<p> <p>
These values are case insensitive. In some cases, abbreviations These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and are supported, such as ECDSA256 for ECDSAP256SHA256 and
...@@ -125,10 +115,15 @@ ...@@ -125,10 +115,15 @@
or NSEC3DSA will be used instead. or NSEC3DSA will be used instead.
</p> </p>
<p> <p>
As of BIND 9.12.0, this option is mandatory except when using This parameter <span class="emphasis"><em>must</em></span> be specified except
the <code class="option">-S</code> option, which copies the algorithm from when using the <code class="option">-S</code> option, which copies the
the predecessor key. Previously, the default for newly algorithm from the predecessor key.
generated keys was RSASHA1. </p>
<p>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
TSIG keys.
</p> </p>
</dd> </dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt> <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
......
...@@ -42,6 +42,7 @@ ...@@ -42,6 +42,7 @@
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>
...@@ -104,6 +105,18 @@ ...@@ -104,6 +105,18 @@
<div class="section"> <div class="section">
<div class="titlepage"><div><div><h3 class="title"> <div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div> <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p> <p>
......
...@@ -242,6 +242,7 @@ ...@@ -242,6 +242,7 @@
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_security">Security Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_features">New Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_removed">Removed Features</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_changes">Feature Changes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_bugs">Bug Fixes</a></span></dt>
<dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt> <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_license">License</a></span></dt>
......
...@@ -125,16 +125,6 @@ ...@@ -125,16 +125,6 @@
his value will automatically set the <code class="option">-T KEY</code> his value will automatically set the <code class="option">-T KEY</code>
option as well. option as well.
</p> </p>
<p>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <code class="option">-T KEY</code>. Note,
however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
future release.
</p>
<p> <p>
These values are case insensitive. In some cases, abbreviations These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and are supported, such as ECDSA256 for ECDSAP256SHA256 and
...@@ -143,10 +133,15 @@ ...@@ -143,10 +133,15 @@
or NSEC3DSA will be used instead. or NSEC3DSA will be used instead.
</p> </p>
<p> <p>
As of BIND 9.12.0, this option is mandatory except when using This parameter <span class="emphasis"><em>must</em></span> be specified except
the <code class="option">-S</code> option, which copies the algorithm from when using the <code class="option">-S</code> option, which copies the
the predecessor key. Previously, the default for newly algorithm from the predecessor key.
generated keys was RSASHA1. </p>
<p>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
TSIG keys.
</p> </p>
</dd> </dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt> <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
......
...@@ -67,6 +67,18 @@ ...@@ -67,6 +67,18 @@
<div class="section"> <div class="section">
<div class="titlepage"><div><div><h3 class="title"> <div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p>
<span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
to generate these keys. [RT #46404]
</p>
</li></ul></div>
</div>
<div class="section">
<div class="titlepage"><div><div><h3 class="title">
<a name="relnotes_changes"></a>Feature Changes</h3></div></div></div> <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"> <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
<p> <p>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment