Commit d71e2e0c authored by Mark Andrews's avatar Mark Andrews

regen

parent 561a29af
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkconf.8,v 1.27 2007/01/30 00:24:59 marka Exp $
.\" $Id: named-checkconf.8,v 1.28 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -42,7 +42,7 @@ checks the syntax, but not the semantics, of a named configuration file.
.PP
\-t \fIdirectory\fR
.RS 4
chroot to
Chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.RE
......@@ -56,7 +56,7 @@ program and exit.
.PP
\-z
.RS 4
Perform a check load the master zonefiles found in
Perform a test load of all master zones found in
\fInamed.conf\fR.
.RE
.PP
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkconf.html,v 1.27 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: named-checkconf.html,v 1.28 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -43,7 +43,7 @@
<div class="variablelist"><dl>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
chroot to <code class="filename">directory</code> so that
Chroot to <code class="filename">directory</code> so that
include
directives in the configuration file are processed as if
run by a similarly chrooted named.
......@@ -55,8 +55,8 @@
</p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
Perform a check load the master zonefiles found in
<code class="filename">named.conf</code>.
Perform a test load of all master zones found in
<code class="filename">named.conf</code>.
</p></dd>
<dt><span class="term">-j</span></dt>
<dd><p>
......@@ -70,20 +70,20 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543488"></a><h2>RETURN VALUES</h2>
<a name="id2543489"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkconf</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543499"></a><h2>SEE ALSO</h2>
<a name="id2543500"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543521"></a><h2>AUTHOR</h2>
<a name="id2543522"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkzone.8,v 1.38 2007/01/30 00:24:59 marka Exp $
.\" $Id: named-checkzone.8,v 1.39 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -82,7 +82,7 @@ Specify the class of the zone. If not specified "IN" is assumed.
.PP
\-i \fImode\fR
.RS 4
Perform post load zone integrity checks. Possible modes are
Perform post\-load zone integrity checks. Possible modes are
\fB"full"\fR
(default),
\fB"full\-sibling"\fR,
......@@ -105,7 +105,7 @@ only checks SRV records which refer to in\-zone hostnames.
.sp
Mode
\fB"full"\fR
checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue addresses records in the zone match those advertised by the child. Mode
checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
\fB"local"\fR
only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
.sp
......@@ -213,7 +213,7 @@ Check if a SRV record refers to a CNAME. Possible modes are
.PP
\-t \fIdirectory\fR
.RS 4
chroot to
Chroot to
\fIdirectory\fR
so that include directives in the configuration file are processed as if run by a similarly chrooted named.
.RE
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.html,v 1.38 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: named-checkzone.html,v 1.39 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -79,7 +79,7 @@
<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
<dd>
<p>
Perform post load zone integrity checks. Possible modes are
Perform post-load zone integrity checks. Possible modes are
<span><strong class="command">"full"</strong></span> (default),
<span><strong class="command">"full-sibling"</strong></span>,
<span><strong class="command">"local"</strong></span>,
......@@ -101,7 +101,7 @@
<p>
Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
records refer to A or AAAA record (both in-zone and out-of-zone
hostnames). It also checks that glue addresses records
hostnames). It also checks that glue address records
in the zone match those advertised by the child.
Mode <span><strong class="command">"local"</strong></span> only checks NS records which
refer to in-zone hostnames or that some required glue exists,
......@@ -195,7 +195,7 @@
</p></dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
chroot to <code class="filename">directory</code> so that
Chroot to <code class="filename">directory</code> so that
include
directives in the configuration file are processed as if
run by a similarly chrooted named.
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dig.1,v 1.42 2007/01/30 00:24:59 marka Exp $
.\" $Id: dig.1,v 1.43 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -50,7 +50,7 @@ Although
\fBdig\fR
is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
\fB\-h\fR
option is given. Unlike earlier versions, the BIND9 implementation of
option is given. Unlike earlier versions, the BIND 9 implementation of
\fBdig\fR
allows multiple lookups to be issued from the command line.
.PP
......@@ -135,7 +135,7 @@ The
option makes
\fBdig \fR
operate in batch mode by reading a list of lookup requests to process from the file
\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
\fBdig\fR
using the command\-line interface.
.PP
......@@ -160,7 +160,7 @@ to only use IPv6 query transport.
The
\fB\-t\fR
option sets the query type to
\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type "A", unless the
\fB\-x\fR
option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
\fItype\fR
......@@ -171,11 +171,11 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone
The
\fB\-q\fR
option sets the query name to
\fIname\fR. This useful do distingish the
\fIname\fR. This useful do distinguish the
\fIname\fR
from other arguments.
.PP
Reverse lookups \- mapping addresses to names \- are simplified by the
Reverse lookups \(em mapping addresses to names \(em are simplified by the
\fB\-x\fR
option.
\fIaddr\fR
......@@ -228,7 +228,7 @@ to negate the meaning of that keyword. Other keywords assign values to options l
.PP
\fB+[no]tcp\fR
.RS 4
Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
.RE
.PP
\fB+[no]vc\fR
......@@ -354,7 +354,7 @@ Toggle the display of comment lines in the output. The default is to print comme
.PP
\fB+[no]stats\fR
.RS 4
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
.RE
.PP
\fB+[no]qr\fR
......@@ -391,7 +391,7 @@ Set or clear all display flags.
.RS 4
Sets the timeout for a query to
\fIT\fR
seconds. The default time out is 5 seconds. An attempt to set
seconds. The default timeout is 5 seconds. An attempt to set
\fIT\fR
to less than 1 will result in a query timeout of 1 second being applied.
.RE
......@@ -451,7 +451,7 @@ output.
.PP
\fB+[no]fail\fR
.RS 4
Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
.RE
.PP
\fB+[no]besteffort\fR
......@@ -487,7 +487,7 @@ Requires dig be compiled with \-DDIG_SIGCHASE.
.PP
\fB+[no]topdown\fR
.RS 4
When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
.RE
.SH "MULTIPLE QUERIES"
.PP
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.html,v 1.38 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: dig.html,v 1.39 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -50,7 +50,7 @@
arguments, it also has a batch mode of operation for reading lookup
requests from a file. A brief summary of its command-line arguments
and options is printed when the <code class="option">-h</code> option is given.
Unlike earlier versions, the BIND9 implementation of
Unlike earlier versions, the BIND 9 implementation of
<span><strong class="command">dig</strong></span> allows multiple lookups to be issued
from the
command line.
......@@ -147,7 +147,7 @@
in batch mode by reading a list of lookup requests to process from the
file <em class="parameter"><code>filename</code></em>. The file contains a
number of
queries, one per line. Each entry in the file should be organised in
queries, one per line. Each entry in the file should be organized in
the same way they would be presented as queries to
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
......@@ -170,7 +170,7 @@
The <code class="option">-t</code> option sets the query type to
<em class="parameter"><code>type</code></em>. It can be any valid query type
which is
supported in BIND9. The default query type "A", unless the
supported in BIND 9. The default query type "A", unless the
<code class="option">-x</code> option is supplied to indicate a reverse lookup.
A zone transfer can be requested by specifying a type of AXFR. When
an incremental zone transfer (IXFR) is required,
......@@ -181,11 +181,11 @@
</p>
<p>
The <code class="option">-q</code> option sets the query name to
<em class="parameter"><code>name</code></em>. This useful do distingish the
<em class="parameter"><code>name</code></em>. This useful do distinguish the
<em class="parameter"><code>name</code></em> from other arguments.
</p>
<p>
Reverse lookups - mapping addresses to names - are simplified by the
Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
<code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is
an IPv4
address in dotted-decimal notation, or a colon-delimited IPv6 address.
......@@ -249,7 +249,7 @@
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd><p>
Use [do not use] TCP when querying name servers. The default
behaviour is to use UDP unless an AXFR or IXFR query is
behavior is to use UDP unless an AXFR or IXFR query is
requested, in
which case a TCP connection is used.
</p></dd>
......@@ -394,7 +394,7 @@
This query option toggles the printing of statistics: when the
query
was made, the size of the reply and so on. The default
behaviour is
behavior is
to print the query statistics.
</p></dd>
<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
......@@ -433,8 +433,8 @@
<dd><p>
Sets the timeout for a query to
<em class="parameter"><code>T</code></em> seconds. The default time
out is 5 seconds.
<em class="parameter"><code>T</code></em> seconds. The default
timeout is 5 seconds.
An attempt to set <em class="parameter"><code>T</code></em> to less
than 1 will result
in a query timeout of 1 second being applied.
......@@ -499,7 +499,7 @@
default is
to not try the next server which is the reverse of normal stub
resolver
behaviour.
behavior.
</p></dd>
<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
<dd><p>
......@@ -535,7 +535,7 @@
</dd>
<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
<dd><p>
When chasing DNSSEC signature chains perform a top down
When chasing DNSSEC signature chains perform a top-down
validation.
Requires dig be compiled with -DDIG_SIGCHASE.
</p></dd>
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: host.1,v 1.27 2007/01/30 00:24:59 marka Exp $
.\" $Id: host.1,v 1.28 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -130,7 +130,7 @@ makes. This should mean that the name server receiving the query will not attemp
\fB\-r\fR
option enables
\fBhost\fR
to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
.PP
By default
\fBhost\fR
......@@ -152,7 +152,7 @@ The
\fB\-t\fR
option is used to select the query type.
\fItype\fR
can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
\fBhost\fR
automatically selects an appropriate query type. By default it looks for A records, but if the
\fB\-C\fR
......@@ -185,7 +185,7 @@ The
option tells
\fBhost\fR
\fInot\fR
to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behaviour.
to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
.PP
The
\fB\-m\fR
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: host.html,v 1.26 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: host.html,v 1.27 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -125,7 +125,7 @@
attempt to resolve <em class="parameter"><code>name</code></em>. The
<code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
to mimic
the behaviour of a name server by making non-recursive queries and
the behavior of a name server by making non-recursive queries and
expecting to receive answers to those queries that are usually
referrals to other name servers.
</p>
......@@ -143,7 +143,7 @@
</p>
<p>
The <code class="option">-t</code> option is used to select the query type.
<em class="parameter"><code>type</code></em> can be any recognised query
<em class="parameter"><code>type</code></em> can be any recognized query
type: CNAME,
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate
......@@ -174,7 +174,7 @@
The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span>
<span class="emphasis"><em>not</em></span> to send the query to the next nameserver
if any server responds with a SERVFAIL response, which is the
reverse of normal stub resolver behaviour.
reverse of normal stub resolver behavior.
</p>
<p>
The <code class="option">-m</code> can be used to set the memory usage debugging
......
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: nslookup.1,v 1.12 2007/01/30 00:24:59 marka Exp $
.\" $Id: nslookup.1,v 1.13 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -158,7 +158,7 @@ The class specifies the protocol group of the information.
.PP
\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
.RS 4
Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
Turn on or off the display of the full response packet and any intermediate response packets when searching.
.sp
(Default = nodebug; abbreviation =
[no]deb)
......@@ -166,7 +166,7 @@ Turn debugging mode on. A lot more information is printed about the packet sent
.PP
\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
.RS 4
Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
Turn debugging mode on or off. This displays more about about what nslookup is doing.
.sp
(Default = nod2)
.RE
......
......@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: nslookup.html,v 1.19 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: nslookup.html,v 1.20 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -180,9 +180,8 @@ nslookup -query=hinfo -timeout=10
<em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
<dd>
<p>
Turn debugging mode on. A lot more information is
printed about the packet sent to the server and the
resulting answer.
Turn on or off the display of the full response packet and
any intermediate response packets when searching.
</p>
<p>
(Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
......@@ -192,9 +191,8 @@ nslookup -query=hinfo -timeout=10
<em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
<dd>
<p>
Turn debugging mode on. A lot more information is
printed about the packet sent to the server and the
resulting answer.
Turn debugging mode on or off. This displays more about
about what nslookup is doing.
</p>
<p>
(Default = nod2)
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keygen.8,v 1.36 2007/01/30 00:24:59 marka Exp $
.\" $Id: dnssec-keygen.8,v 1.37 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -37,7 +37,7 @@ dnssec\-keygen \- DNSSEC key generation tool
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
.SH "OPTIONS"
.PP
\-a \fIalgorithm\fR
......@@ -147,7 +147,7 @@ is the numeric representation of the algorithm.
is the key identifier (or footprint).
.PP
\fBdnssec\-keygen\fR
creates two file, with names based on the printed string.
creates two files, with names based on the printed string.
\fIKnnnn.+aaa+iiiii.key\fR
contains the public key, and
\fIKnnnn.+aaa+iiiii.private\fR
......@@ -159,13 +159,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
.PP
The
\fI.private\fR
file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
.PP
Both
\fI.key\fR
and
\fI.private\fR
files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
.SH "EXAMPLE"
.PP
To generate a 768\-bit DSA key for the domain
......@@ -182,7 +182,7 @@ In this example,
creates the files
\fIKexample.com.+003+26160.key\fR
and
\fIKexample.com.+003+26160.private\fR
\fIKexample.com.+003+26160.private\fR.
.SH "SEE ALSO"
.PP
\fBdnssec\-signzone\fR(8),
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.html,v 1.28 2007/01/30 00:24:59 marka Exp $ -->
<!-- $Id: dnssec-keygen.html,v 1.29 2007/05/09 03:33:50 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -35,7 +35,7 @@
<a name="id2543474"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC &lt;TBA\&gt;. It can also generate keys for use with
and RFC 4034. It can also generate keys for use with
TSIG (Transaction Signatures), as defined in RFC 2845.
</p>
</div>
......@@ -168,7 +168,7 @@
</p></li>
</ul></div>
<p><span><strong class="command">dnssec-keygen</strong></span>
creates two file, with names based
creates two files, with names based
on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
contains the public key, and
<code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
......@@ -182,14 +182,14 @@
statement).
</p>
<p>
The <code class="filename">.private</code> file contains algorithm
specific
The <code class="filename">.private</code> file contains
algorithm-specific
fields. For obvious security reasons, this file does not have
general read permission.
</p>
<p>
Both <code class="filename">.key</code> and <code class="filename">.private</code>
files are generated for symmetric encryption algorithm such as
files are generated for symmetric encryption algorithms such as
HMAC-MD5, even though the public and private key are equivalent.
</p>
</div>
......@@ -211,7 +211,7 @@
In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code>
and
<code class="filename">Kexample.com.+003+26160.private</code>
<code class="filename">Kexample.com.+003+26160.private</code>.
</p>
</div>
<div class="refsect1" lang="en">
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-signzone.8,v 1.44 2007/01/30 00:24:59 marka Exp $
.\" $Id: dnssec-signzone.8,v 1.45 2007/05/09 03:33:50 marka Exp $
.\"
.hy 0
.ad l
......@@ -95,7 +95,7 @@ is specified, 30 days from the start time is used as a default.
.RS 4
The name of the output file containing the signed zone. The default is to append
\fI.signed\fR
to the input file.
to the input filename.
.RE
.PP
\-h
......@@ -106,7 +106,7 @@ Prints a short summary of the options and arguments to
.PP
\-i \fIinterval\fR
.RS 4
When a previously signed zone is passed as input, records may be resigned. The
When a previously\-signed zone is passed as input, records may be resigned. The
\fBinterval\fR
option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
.sp
......@@ -129,7 +129,7 @@ The format of the input zone file. Possible formats are
.PP
\-j \fIjitter\fR
.RS 4
When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously signed zone is passed as input to the signer, all expired signatures has to be regenerated at about the same time. The
When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
\fBjitter\fR
option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
.sp
......@@ -219,29 +219,44 @@ The file containing the zone to be signed.
.PP
key
.RS 4
The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
.RE
.SH "EXAMPLE"
.PP
The following command signs the
\fBexample.com\fR
zone with the DSA key generated in the
zone with the DSA key generated by
\fBdnssec\-keygen\fR
man page. The zone's keys must be in the zone. If there are
(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
\fIkeyset\fR
files associated with child zones, they must be in the current directory.
\fBexample.com\fR, the following command would be issued:
.PP
\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
.PP
The command would print a string of the form:
files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
.sp
.RS 4
.nf
% dnssec\-signzone \-g \-o example.com db.example.com \\
Kexample.com.+003+17247
db.example.com.signed
%
.fi
.RE
.PP
In this example,
In the above example,
\fBdnssec\-signzone\fR
creates the file
\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
\fInamed.conf\fR
file.
.PP