Commit dba3c818 authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent 492c9311
.\" Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
......@@ -133,8 +133,9 @@ disables the checks.
.RS 4
Specify the format of the zone file. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR.
(default),
\fB"raw"\fR, and
\fB"fast"\fR.
.RE
.PP
\-F \fIformat\fR
......@@ -144,14 +145,14 @@ Specify the format of the output file specified. For
.sp
Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR
or
(default), which is the standard textual representation of the zone, and
\fB"fast"\fR,
\fB"raw"\fR, and
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher; the default is 1.
.RE
.PP
\-k \fImode\fR
......@@ -170,7 +171,7 @@ checks with the specified failure mode. Possible modes are
.PP
\-L \fIserial\fR
.RS 4
When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
When compiling a zone to "raw" or "fast" format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-m \fImode\fR
......@@ -294,7 +295,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2007, 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2007, 2009\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
<!--
- Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
......@@ -33,7 +33,7 @@
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543716"></a><h2>DESCRIPTION</h2>
<a name="id2543719"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
......@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543751"></a><h2>OPTIONS</h2>
<a name="id2543754"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
......@@ -124,8 +124,8 @@
<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
<dd><p>
Specify the format of the zone file.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
Possible formats are <span><strong class="command">"text"</strong></span> (default),
<span><strong class="command">"raw"</strong></span>, and <span><strong class="command">"fast"</strong></span>.
</p></dd>
<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
<dd>
......@@ -136,14 +136,15 @@
contents.
</p>
<p>
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be read
by release 9.9.0 or higher. The default is 1.
Possible formats are <span><strong class="command">"text"</strong></span> (default),
which is the standard textual representation of the zone,
and <span><strong class="command">"fast"</strong></span>, <span><strong class="command">"raw"</strong></span>,
and <span><strong class="command">"raw=N"</strong></span>, which store the zone in a
binary format for rapid loading by <span><strong class="command">named</strong></span>.
<span><strong class="command">"raw=N"</strong></span> specifies the format version of
the raw zone file: if N is 0, the raw file can be read by
any version of <span><strong class="command">named</strong></span>; if N is 1, the file
can be read by release 9.9.0 or higher; the default is 1.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
......@@ -158,9 +159,10 @@
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When compiling a zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
When compiling a zone to "raw" or "fast" format, set the
"source serial" value in the header to the specified serial
number. (This is expected to be used primarily for testing
purposes.)
</p></dd>
<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
<dd><p>
......@@ -263,14 +265,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544568"></a><h2>RETURN VALUES</h2>
<a name="id2544578"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544580"></a><h2>SEE ALSO</h2>
<a name="id2544589"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
......@@ -278,7 +280,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544613"></a><h2>AUTHOR</h2>
<a name="id2544622"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
......@@ -77,8 +77,8 @@ files in
Output only those record types automatically managed by
\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
\fB$INCLUDE\fR. This option cannot be combined with
\fB\-O raw\fR
or serial number updating.
\fB\-O raw\fR,
\fB\-O fast\fR, or serial number updating.
.RE
.PP
\-E \fIengine\fR
......@@ -178,8 +178,9 @@ generates signatures that are valid for 30 days, with a cycle interval of 7.5 da
.RS 4
The format of the input zone file. Possible formats are
\fB"text"\fR
(default) and
\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
(default),
\fB"raw"\fR, and
\fB"fast"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
.RE
.PP
\-j \fIjitter\fR
......@@ -193,7 +194,7 @@ Signature lifetime jitter also to some extent benefits validators and servers by
.PP
\-L \fIserial\fR
.RS 4
When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
When writing a signed zone to "raw" or "fast" format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
.RE
.PP
\-n \fIncpus\fR
......@@ -237,15 +238,15 @@ The zone origin. If not specified, the name of the zone file is assumed to be th
.RS 4
The format of the output file containing the signed zone. Possible formats are
\fB"text"\fR
(default)
\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
\fB"raw"\fR
or
\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
(default), which is the standard textual representation of the zone;
\fB"full"\fR, which is text output in a format suitable for processing by external scripts; and
\fB"fast"\fR,
\fB"raw"\fR, and
\fB"raw=N"\fR, which store the zone in binary formats for rapid loading by
\fBnamed\fR.
\fB"raw=N"\fR
specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher; the default is 1.
.RE
.PP
\-p
......@@ -428,7 +429,7 @@ RFC 4033.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
<!--
- Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
......@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543626"></a><h2>DESCRIPTION</h2>
<a name="id2543629"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
......@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543641"></a><h2>OPTIONS</h2>
<a name="id2543644"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
......@@ -75,8 +75,8 @@
(<code class="option">-S</code>) is used, DNSKEY records are also
included. The resulting file can be included in the original
zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
cannot be combined with <code class="option">-O raw</code> or serial
number updating.
cannot be combined with <code class="option">-O raw</code>,
<code class="option">-O fast</code>, or serial number updating.
</p></dd>
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
<dd><p>
......@@ -190,8 +190,8 @@
<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
<dd><p>
The format of the input zone file.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
and <span><strong class="command">"raw"</strong></span>.
Possible formats are <span><strong class="command">"text"</strong></span> (default),
<span><strong class="command">"raw"</strong></span>, and <span><strong class="command">"fast"</strong></span>.
This option is primarily intended to be used for dynamic
signed zones so that the dumped zone file in a non-text
format containing updates can be signed directly.
......@@ -221,9 +221,10 @@
</dd>
<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
<dd><p>
When writing a signed zone to 'raw' format, set the "source serial"
value in the header to the specified serial number. (This is
expected to be used primarily for testing purposes.)
When writing a signed zone to "raw" or "fast" format, set the
"source serial" value in the header to the specified serial
number. (This is expected to be used primarily for testing
purposes.)
</p></dd>
<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
<dd><p>
......@@ -257,16 +258,17 @@
<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
<dd><p>
The format of the output file containing the signed zone.
Possible formats are <span><strong class="command">"text"</strong></span> (default)
Possible formats are <span><strong class="command">"text"</strong></span> (default),
which is the standard textual representation of the zone;
<span><strong class="command">"full"</strong></span>, which is text output in a
format suitable for processing by external scripts,
and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
which store the zone in a binary format for rapid loading
by <span><strong class="command">named</strong></span>. <span><strong class="command">"raw=N"</strong></span>
specifies the format version of the raw zone file: if N
is 0, the raw file can be read by any version of
<span><strong class="command">named</strong></span>; if N is 1, the file can be
read by release 9.9.0 or higher. The default is 1.
format suitable for processing by external scripts;
and <span><strong class="command">"fast"</strong></span>, <span><strong class="command">"raw"</strong></span>,
and <span><strong class="command">"raw=N"</strong></span>, which store the zone in
binary formats for rapid loading by <span><strong class="command">named</strong></span>.
<span><strong class="command">"raw=N"</strong></span> specifies the format version of
the raw zone file: if N is 0, the raw file can be read by
any version of <span><strong class="command">named</strong></span>; if N is 1, the file
can be read by release 9.9.0 or higher; the default is 1.
</p></dd>
<dt><span class="term">-p</span></dt>
<dd><p>
......@@ -446,7 +448,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545127"></a><h2>EXAMPLE</h2>
<a name="id2545140"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
......@@ -476,14 +478,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
<a name="id2545182"></a><h2>SEE ALSO</h2>
<a name="id2545195"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
<em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545207"></a><h2>AUTHOR</h2>
<a name="id2545220"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
......@@ -282,7 +282,7 @@ options {
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
masterfile\-format ( text | raw | fast );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
......@@ -452,7 +452,7 @@ view \fIstring\fR \fIoptional_class\fR {
allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
masterfile\-format ( text | raw | fast );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
......@@ -539,7 +539,7 @@ zone \fIstring\fR \fIoptional_class\fR {
}\fR;
update\-check\-ksk \fIboolean\fR;
dnssec\-dnskey\-kskonly \fIboolean\fR;
masterfile\-format ( text | raw );
masterfile\-format ( text | raw | fast );
notify \fInotifytype\fR;
notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
......@@ -596,5 +596,5 @@ zone \fIstring\fR \fIoptional_class\fR {
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2004\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
<!--
- Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543354"></a><h2>DESCRIPTION</h2>
<a name="id2543357"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
......@@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543382"></a><h2>ACL</h2>
<a name="id2543385"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543398"></a><h2>KEY</h2>
<a name="id2543401"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key<em class="replaceable"><code>domain_name</code></em>{<br>
algorithm<em class="replaceable"><code>string</code></em>;<br>
......@@ -66,7 +66,7 @@ key
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543417"></a><h2>MASTERS</h2>
<a name="id2543420"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters<em class="replaceable"><code>string</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
(<em class="replaceable"><code>masters</code></em>|<em class="replaceable"><code>ipv4_address</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]|<br>
......@@ -75,7 +75,7 @@ masters
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543463"></a><h2>SERVER</h2>
<a name="id2543466"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server(<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>|<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>){<br>
bogus<em class="replaceable"><code>boolean</code></em>;<br>
......@@ -97,7 +97,7 @@ server
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543531"></a><h2>TRUSTED-KEYS</h2>
<a name="id2543534"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys{<br>
<em class="replaceable"><code>domain_name</code></em><em class="replaceable"><code>flags</code></em><em class="replaceable"><code>protocol</code></em><em class="replaceable"><code>algorithm</code></em><em class="replaceable"><code>key</code></em>;...<br>
......@@ -105,7 +105,7 @@ trusted-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543557"></a><h2>MANAGED-KEYS</h2>
<a name="id2543560"></a><h2>MANAGED-KEYS</h2>
<div class="literallayout"><p><br>
managed-keys{<br>
<em class="replaceable"><code>domain_name</code></em><code class="constant">initial-key</code><em class="replaceable"><code>flags</code></em><em class="replaceable"><code>protocol</code></em><em class="replaceable"><code>algorithm</code></em><em class="replaceable"><code>key</code></em>;...<br>
......@@ -113,7 +113,7 @@ managed-keys
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543586"></a><h2>CONTROLS</h2>
<a name="id2543589"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|*)<br>
......@@ -125,7 +125,7 @@ controls
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543621"></a><h2>LOGGING</h2>
<a name="id2543624"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging{<br>
channel<em class="replaceable"><code>string</code></em>{<br>
......@@ -143,7 +143,7 @@ logging
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543659"></a><h2>LWRES</h2>
<a name="id2543662"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres{<br>
listen-on[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
......@@ -156,7 +156,7 @@ lwres
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543701"></a><h2>OPTIONS</h2>
<a name="id2543704"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options{<br>
avoid-v4-udp-ports{<em class="replaceable"><code>port</code></em>;...};<br>
......@@ -284,7 +284,7 @@ options
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
<br>
masterfile-format(text|raw);<br>
masterfile-format(text|raw|fast);<br>
notify<em class="replaceable"><code>notifytype</code></em>;<br>
notify-source(<em class="replaceable"><code>ipv4_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
notify-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
......@@ -361,7 +361,7 @@ options
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544582"></a><h2>VIEW</h2>
<a name="id2544585"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
......@@ -471,7 +471,7 @@ view
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
<br>
masterfile-format(text|raw);<br>
masterfile-format(text|raw|fast);<br>
notify<em class="replaceable"><code>notifytype</code></em>;<br>
notify-source(<em class="replaceable"><code>ipv4_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
notify-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
......@@ -525,7 +525,7 @@ view
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545298"></a><h2>ZONE</h2>
<a name="id2545301"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
type(master|slave|stub|hint|redirect|<br>
......@@ -567,7 +567,7 @@ zone
update-check-ksk<em class="replaceable"><code>boolean</code></em>;<br>
dnssec-dnskey-kskonly<em class="replaceable"><code>boolean</code></em>;<br>
<br>
masterfile-format(text|raw);<br>
masterfile-format(text|raw|fast);<br>
notify<em class="replaceable"><code>notifytype</code></em>;<br>
notify-source(<em class="replaceable"><code>ipv4_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
notify-source-v6(<em class="replaceable"><code>ipv6_address</code></em>|*)[<span class="optional">port(<em class="replaceable"><code>integer</code></em>|*)</span>];<br>
......@@ -622,12 +622,12 @@ zone
</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2545687"></a><h2>FILES</h2>
<a name="id2545690"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2545699"></a><h2>SEE ALSO</h2>
<a name="id2545702"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
......
......@@ -70,33 +70,33 @@
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608842">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563550">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563587">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563758">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563796">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563809">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563910">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563937">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563946">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583425">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583462">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583472">NSEC3 and OPTOUT</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608908">Converting from insecure to secure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608946">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563585">Fully automatic zone signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563756">Private-type records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563794">DNSKEY rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563806">Dynamic DNS update method</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563908">Automatic key rollovers</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563934">NSEC3PARAM rollovers via UPDATE</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563944">Converting from NSEC to NSEC3</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563954">Converting from NSEC3 to NSEC</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582672">Converting from secure to insecure</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582709">Periodic re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2582718">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583709">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2583732">Authoritative Server</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608352">Validating Resolver</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608374">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2653331">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609392">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636004">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636035">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636301">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636347">Running named with automatic zone re-signing</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608546">Prerequisites</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609594">Building BIND 9 with PKCS#11</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636138">PKCS #11 Tools</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636169">Using the HSM</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636368">Specifying the engine on the command line</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2636413">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572696">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
......@@ -1065,7 +1065,7 @@ options {
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2608842"></a>Converting from insecure to secure</h3></div></div></div></div>
<a name="id2608908"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
......@@ -1091,7 +1091,7 @@ options {
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563550"></a>Dynamic DNS update method</h3></div></div></div></div>
<a name="id2608946"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
......@@ -1127,7 +1127,7 @@ options {
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
<a name="id2563587"></a>Fully automatic zone signing</h3></div></div></div></div>
<a name="id2563585"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
......@@ -1183,7 +1183,7 @@ options {
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">