Commit c247e3f2 authored by Mark Andrews's avatar Mark Andrews
Browse files

regen

parent 122c58bd
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: rndc.8,v 1.39 2007/05/09 03:33:51 marka Exp $
.\" $Id: rndc.8,v 1.40 2007/05/31 23:28:55 marka Exp $
.\"
.hy 0
.ad l
......@@ -47,8 +47,7 @@ is invoked with no command line options or arguments, it prints a short summary
communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of
\fBrndc\fR
and
\fBnamed\fR
named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.
.PP
\fBrndc\fR
reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use.
......@@ -100,14 +99,14 @@ instead of BIND 9's default control channel port, 953.
Enable verbose logging.
.RE
.PP
\-y \fIkeyid\fR
\-y \fIkey_id\fR
.RS 4
Use the key
\fIkeyid\fR
\fIkey_id\fR
from the configuration file.
\fIkeyid\fR
\fIkey_id\fR
must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no
\fIkeyid\fR
\fIkey_id\fR
is specified,
\fBrndc\fR
will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access.
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: rndc.html,v 1.28 2007/05/09 03:33:51 marka Exp $ -->
<!-- $Id: rndc.html,v 1.29 2007/05/31 23:28:55 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -46,7 +46,7 @@
communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
<span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
<span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
......@@ -107,15 +107,15 @@
<dd><p>
Enable verbose logging.
</p></dd>
<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
Use the key <em class="replaceable"><code>keyid</code></em>
Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
<em class="replaceable"><code>keyid</code></em>
<em class="replaceable"><code>key_id</code></em>
must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>keyid</code></em>
If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: man.rndc.html,v 1.52 2007/05/30 02:30:15 marka Exp $ -->
<!-- $Id: man.rndc.html,v 1.53 2007/05/31 23:28:55 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -64,7 +64,7 @@
communicates with the name server
over a TCP connection, sending commands authenticated with
digital signatures. In the current versions of
<span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named
<span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>,
the only supported authentication algorithm is HMAC-MD5,
which uses a shared secret on each end of the connection.
This provides TSIG-style authentication for the command
......@@ -125,15 +125,15 @@
<dd><p>
Enable verbose logging.
</p></dd>
<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt>
<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt>
<dd><p>
Use the key <em class="replaceable"><code>keyid</code></em>
Use the key <em class="replaceable"><code>key_id</code></em>
from the configuration file.
<em class="replaceable"><code>keyid</code></em>
<em class="replaceable"><code>key_id</code></em>
must be
known by named with the same algorithm and secret string
in order for control message validation to succeed.
If no <em class="replaceable"><code>keyid</code></em>
If no <em class="replaceable"><code>key_id</code></em>
is specified, <span><strong class="command">rndc</strong></span> will first look
for a key clause in the server statement of the server
being used, or if no server statement is present for that
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment