Commit e62b9c9c authored by Tinderbox User's avatar Tinderbox User
Browse files

regen master

parent e74212eb
......@@ -43,52 +43,52 @@
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd><p>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).
</p></dd>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).
</p></dd>
<dt><span class="term">-2</span></dt>
<dd><p>
Use SHA-256 as the digest algorithm.
</p></dd>
Use SHA-256 as the digest algorithm.
</p></dd>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd><p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
<dt><span class="term">-C</span></dt>
<dd><p>
Generate CDS records rather than DS records. This is mutually
Generate CDS records rather than DS records. This is mutually
exclusive with generating lookaside records.
</p></dd>
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd><p>
Specifies the TTL of the DS records.
</p></dd>
Specifies the TTL of the DS records.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Look for key files (or, in keyset mode,
<code class="filename">keyset-</code> files) in
<code class="option">directory</code>.
</p></dd>
Look for key files (or, in keyset mode,
<code class="filename">keyset-</code> files) in
<code class="option">directory</code>.
</p></dd>
<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
<dd>
<p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
Zone file mode: in place of the keyfile name, the argument is
the DNS domain name of a zone master file, which can be read
from <code class="option">file</code>. If the zone name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
</p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input. This makes it
possible to use the output of the <span class="command"><strong>dig</strong></span>
command as input, as in:
</p>
<p>
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
<strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
</p>
</dd>
<dt><span class="term">-A</span></dt>
<dd><p>
......@@ -98,35 +98,35 @@
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
<dd><p>
Generate a DLV set instead of a DS set. The specified
<code class="option">domain</code> is appended to the name for each
record in the set.
The DNSSEC Lookaside Validation (DLV) RR is described
in RFC 4431. This is mutually exclusive with generating
Generate a DLV set instead of a DS set. The specified
<code class="option">domain</code> is appended to the name for each
record in the set.
The DNSSEC Lookaside Validation (DLV) RR is described
in RFC 4431. This is mutually exclusive with generating
CDS records.
</p></dd>
</p></dd>
<dt><span class="term">-s</span></dt>
<dd><p>
Keyset mode: in place of the keyfile name, the argument is
the DNS domain name of a keyset file.
</p></dd>
Keyset mode: in place of the keyfile name, the argument is
the DNS domain name of a keyset file.
</p></dd>
<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
<dd><p>
Specifies the DNS class (default is IN). Useful only
in keyset or zone file mode.
</p></dd>
Specifies the DNS class (default is IN). Useful only
in keyset or zone file mode.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
Sets the debugging level.
</p></dd>
Sets the debugging level.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Prints usage information.
</p></dd>
Prints usage information.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Prints version information.
</p></dd>
Prints version information.
</p></dd>
</dl></div>
</div>
<div class="refsection">
......
......@@ -18,12 +18,12 @@
.\" Title: dnssec-importkey
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-20
.\" Date: August 21, 2015
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "DNSSEC\-IMPORTKEY" "8" "2014\-02\-20" "ISC" "BIND9"
.TH "DNSSEC\-IMPORTKEY" "8" "August 21, 2015" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -47,9 +47,9 @@
dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&.
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-importkey\fR\ 'u
\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
.HP \w'\fBdnssec\-importkey\fR\ 'u
\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
.SH "DESCRIPTION"
.PP
\fBdnssec\-importkey\fR
......@@ -109,10 +109,20 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
.RE
.PP
\-P sync \fIdate/offset\fR
.RS 4
Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
.RE
.PP
\-D \fIdate/offset\fR
.RS 4
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-D sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
.RE
.SH "FILES"
.PP
A keyfile can be designed by the key identification
......
......@@ -28,8 +28,8 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
......@@ -57,37 +57,37 @@
<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
<dd>
<p>
Zone file mode: instead of a public keyfile name, the argument
Zone file mode: instead of a public keyfile name, the argument
is the DNS domain name of a zone master file, which can be read
from <code class="option">file</code>. If the domain name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
from <code class="option">file</code>. If the domain name is the same as
<code class="option">file</code>, then it may be omitted.
</p>
<p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input.
</p>
If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
the zone data is read from the standard input.
</p>
</dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Sets the directory in which the key files are to reside.
</p></dd>
Sets the directory in which the key files are to reside.
</p></dd>
<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
<dd><p>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
Sets the default TTL to use for this key when it is converted
into a DNSKEY RR. If the key is imported into a zone,
this is the TTL that will be used for it, unless there was
already a DNSKEY RRset in place, in which case the existing TTL
would take precedence. Setting the default TTL to
<code class="literal">0</code> or <code class="literal">none</code> removes it.
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
Sets the debugging level.
</p></dd>
Sets the debugging level.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Prints version information.
......@@ -110,16 +110,26 @@
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which a key is to be published to the zone.
After that date, the key will be included in the zone but will
not be used to sign it.
</p></dd>
Sets the date on which a key is to be published to the zone.
After that date, the key will be included in the zone but will
not be used to sign it.
</p></dd>
<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which CDS and CDNSKEY records that match this
key are to be published to the zone.
</p></dd>
<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which the key is to be deleted. After that
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p></dd>
Sets the date on which the key is to be deleted. After that
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p></dd>
<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which the CDS and CDNSKEY records that match
this key are to be deleted.
</p></dd>
</dl></div>
</div>
<div class="refsection">
......
......@@ -18,12 +18,12 @@
.\" Title: dnssec-keyfromlabel
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-27
.\" Date: August 27, 2015
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "DNSSEC\-KEYFROMLABEL" "8" "2014\-02\-27" "ISC" "BIND9"
.TH "DNSSEC\-KEYFROMLABEL" "8" "August 27, 2015" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -47,7 +47,7 @@
dnssec-keyfromlabel \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-keyfromlabel\fR\ 'u
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keyfromlabel\fR
......@@ -201,6 +201,11 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
.RE
.PP
\-P sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records which match this key are to be published to the zone\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
......@@ -221,6 +226,11 @@ Sets the date on which the key is to be retired\&. After that date, the key will
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-D sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records which match this key are to be deleted\&.
.RE
.PP
\-i \fIinterval\fR
.RS 4
Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
......
This diff is collapsed.
......@@ -19,12 +19,12 @@
.\" Title: dnssec-keygen
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-06
.\" Date: August 21, 2015
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "DNSSEC\-KEYGEN" "8" "2014\-02\-06" "ISC" "BIND9"
.TH "DNSSEC\-KEYGEN" "8" "August 21, 2015" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -48,7 +48,7 @@
dnssec-keygen \- DNSSEC key generation tool
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-keygen\fR\ 'u
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-z\fR] {name}
\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
.SH "DESCRIPTION"
.PP
\fBdnssec\-keygen\fR
......@@ -228,6 +228,11 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
.RE
.PP
\-P sync \fIdate/offset\fR
.RS 4
Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&. If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval\&.
......@@ -248,6 +253,11 @@ Sets the date on which the key is to be retired\&. After that date, the key will
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-D sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
.RE
.PP
\-i \fIinterval\fR
.RS 4
Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
......
This diff is collapsed.
......@@ -18,12 +18,12 @@
.\" Title: dnssec-settime
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2014-02-06
.\" Date: 2015-08-21
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "DNSSEC\-SETTIME" "8" "2014\-02\-06" "ISC" "BIND9"
.TH "DNSSEC\-SETTIME" "8" "2015\-08\-21" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
......@@ -47,7 +47,7 @@
dnssec-settime \- Set the key timing metadata for a DNSSEC key
.SH "SYNOPSIS"
.HP \w'\fBdnssec\-settime\fR\ 'u
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
.SH "DESCRIPTION"
.PP
\fBdnssec\-settime\fR
......@@ -121,6 +121,11 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
.RE
.PP
\-P sync \fIdate/offset\fR
.RS 4
Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
.RE
.PP
\-A \fIdate/offset\fR
.RS 4
Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&.
......@@ -141,6 +146,11 @@ Sets the date on which the key is to be retired\&. After that date, the key will
Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
.RE
.PP
\-D sync \fIdate/offset\fR
.RS 4
Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
.RE
.PP
\-S \fIpredecessor key\fR
.RS 4
Select a key for which the key being modified will be an explicit successor\&. The name, algorithm, size, and type of the predecessor key must exactly match those of the key being modified\&. The activation date of the successor key will be set to the inactivation date of the predecessor\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
......@@ -164,23 +174,27 @@ can also be used to print the timing metadata associated with a key\&.
Print times in UNIX epoch format\&.
.RE
.PP
\-p \fIC/P/A/R/I/D/all\fR
\-p \fIC/P/Psync/A/R/I/D/Dsync/all\fR
.RS 4
Print a specific metadata value or set of metadata values\&. The
\fB\-p\fR
option may be followed by one or more of the following letters to indicate which value or values to print:
option may be followed by one or more of the following letters or strings to indicate which value or values to print:
\fBC\fR
for the creation date,
\fBP\fR
for the publication date,
\fBPsync\fR
for the CDS and CDNSKEY publication date,
\fBA\fR
for the activation date,
\fBR\fR
for the revocation date,
\fBI\fR
for the inactivation date, or
for the inactivation date,
\fBD\fR
for the deletion date\&. To print all of the metadata, use
for the deletion date, and
\fBDsync\fR
for the CDS and CDNSKEY deletion date To print all of the metadata, use
\fB\-p all\fR\&.
.RE
.SH "SEE ALSO"
......
......@@ -27,7 +27,7 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
......@@ -60,7 +60,7 @@
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-f</span></dt>
<dd><p>
Force an update of an old-format key with no metadata fields.
Force an update of an old-format key with no metadata fields.
Without this option, <span class="command"><strong>dnssec-settime</strong></span> will
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
......@@ -68,7 +68,7 @@
set to the present time. If no other values are specified,
then the key's publication and activation dates will also
be set to the present time.
</p></dd>
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
Sets the directory in which the key files are to reside.
......@@ -86,12 +86,12 @@
</p></dd>
<dt><span class="term">-h</span></dt>
<dd><p>
Emit usage message and exit.
</p></dd>
Emit usage message and exit.
</p></dd>
<dt><span class="term">-V</span></dt>
<dd><p>
Prints version information.
</p></dd>
Prints version information.
</p></dd>
<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
<dd><p>
Sets the debugging level.
......@@ -131,6 +131,11 @@
After that date, the key will be included in the zone but will
not be used to sign it.
</p></dd>
<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which CDS and CDNSKEY records that match this
key are to be published to the zone.
</p></dd>
<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which the key is to be activated. After that
......@@ -155,6 +160,11 @@
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</p></dd>
<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>
<dd><p>
Sets the date on which the CDS and CDNSKEY records that match this
key are to be deleted.
</p></dd>
<dt><span class="term">-S <em class="replaceable"><code>predecessor key</code></em></span></dt>
<dd><p>
Select a key for which the key being modified will be an
......@@ -200,21 +210,24 @@
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-u</span></dt>
<dd><p>
Print times in UNIX epoch format.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>C/P/A/R/I/D/all</code></em></span></dt>
Print times in UNIX epoch format.
</p></dd>
<dt><span class="term">-p <em class="replaceable"><code>C/P/Psync/A/R/I/D/Dsync/all</code></em></span></dt>
<dd><p>
Print a specific metadata value or set of metadata values.
Print a specific metadata value or set of metadata values.
The <code class="option">-p</code> option may be followed by one or more
of the following letters to indicate which value or values to print:
of the following letters or strings to indicate which value
or values to print:
<code class="option">C</code> for the creation date,
<code class="option">P</code> for the publication date,
<code class="option">Psync</code> for the CDS and CDNSKEY publication date,
<code class="option">A</code> for the activation date,
<code class="option">R</code> for the revocation date,
<code class="option">I</code> for the inactivation date, or
<code class="option">D</code> for the deletion date.
<code class="option">I</code> for the inactivation date,
<code class="option">D</code> for the deletion date, and
<code class="option">Dsync</code> for the CDS and CDNSKEY deletion date
To print all of the metadata, use <code class="option">-p all</code>.
</p></dd>
</p></dd>
</dl></div>
</div>
<div class="refsection">
......
......@@ -2366,6 +2366,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
[<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> keep-response-order { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> no-case-compress { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> message-compression <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
......@@ -3774,6 +3775,15 @@ options {
incremental zone
transfers, use <span class="command"><strong>provide-ixfr</strong></span> <strong class="userinput"><code>no</code></strong>.
</p></dd>
<dt><span class="term"><span class="command"><strong>message-compression</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, DNS name compression will
be used for responses to regular queries (not including
AXFR or IXFR, which always uses compression). Setting
this option to <strong class="userinput"><code>no</code></strong> can result in
larger responses, but will reduce CPU usage on servers.
The default is <strong class="userinput"><code>yes</code></strong>.
</p></dd>
<dt><span class="term"><span class="command"><strong>minimal-responses</strong></span></span></dt>
<dd><p>
If <strong class="userinput"><code>yes</code></strong>, then when generating
......
......@@ -478,6 +478,13 @@
The following types have been implemented: CSYNC, NINFO, RKEY,
SINK, TA, TALINK.
</p></li>
<li class="listitem"><p>
A new <span class="command"><strong>message-compression</strong></span> option can be
used to specify whether or not to use name compression when
answering queries. Setting this to <strong class="userinput"><code>no</code></strong>
results in larger responses, but reduces CPU consumption and
may improve throughput. The default is <strong class="userinput"><code>yes</code></strong>.
</p></li>
</ul></div>
</div>
<div class="section">
......
......@@ -62,52 +62,52 @@
<div class="variablelist"><dl class="variablelist">
<dt><span class="term">-1</span></dt>
<dd><p>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).
</p></dd>
Use SHA-1 as the digest algorithm (the default is to use
both SHA-1 and SHA-256).