diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index 0de66ed9d5..7ab3f12238 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -20,11 +20,11 @@
.\" Title: nsupdate
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.71.1
-.\" Date: March 10, 2012
+.\" Date: April 18, 2014
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NSUPDATE" "1" "March 10, 2012" "BIND9" "BIND9"
+.TH "NSUPDATE" "1" "April 18, 2014" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -97,7 +97,18 @@ option is used, a signature is generated from
\fIkeyname\fR
is the name of the key, and
\fIsecret\fR
-is the base64 encoded shared secret. Use of the
+is the base64 encoded shared secret.
+\fIhmac\fR
+is the name of the key algorithm; valid choices are
+hmac\-md5,
+hmac\-sha1,
+hmac\-sha224,
+hmac\-sha256,
+hmac\-sha384, or
+hmac\-sha512. If
+\fIhmac\fR
+is not specified, the default is
+hmac\-md5. NOTE: Use of the
\fB\-y\fR
option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
\fBps\fR(1)
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 0d6f04e53e..bfb00f9063 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -113,7 +113,13 @@
[hmac:]keyname:secret.
keyname is the name of the key, and
secret is the base64 encoded shared secret.
- Use of the -y option is discouraged because the
+ hmac is the name of the key algorithm;
+ valid choices are hmac-md5,
+ hmac-sha1, hmac-sha224,
+ hmac-sha256, hmac-sha384, or
+ hmac-sha512. If hmac
+ is not specified, the default is hmac-md5.
+ NOTE: Use of the -y option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
ps(1)
@@ -212,7 +218,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -512,7 +518,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -566,7 +572,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -589,7 +595,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -604,7 +610,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index b4f93aa9f9..5f0e38c83b 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
-
DESCRIPTION
+
DESCRIPTION
arpaname translates IP addresses (IPv4 and
IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]
-
DESCRIPTION
+
DESCRIPTION
tsig-keygen and ddns-confgen
are invokation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
-
OPTIONS
+
OPTIONS
- -a
algorithm
@@ -159,7 +159,7 @@
-
SEE ALSO
+
SEE ALSO
nsupdate(1),
named.conf(5),
named(8),
@@ -167,7 +167,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
genrandom [-n number] {size} {filename}
-
DESCRIPTION
+
DESCRIPTION
genrandom
generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
-
ARGUMENTS
+
ARGUMENTS
- -n
number
@@ -77,14 +77,14 @@
-
SEE ALSO
+
SEE ALSO
rand(3),
arc4random(3)
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
isc-hmac-fixup {algorithm} {secret}
-
DESCRIPTION
+
DESCRIPTION
Versions of BIND 9 up to and including BIND 9.6 had a bug causing
HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
-
SECURITY CONSIDERATIONS
+
SECURITY CONSIDERATIONS
Secrets that have been converted by isc-hmac-fixup
are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 2104.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsec3hash {salt} {algorithm} {iterations} {domain}
-
DESCRIPTION
+
DESCRIPTION
nsec3hash generates an NSEC3 hash based on
a set of NSEC3 parameters. This can be used to check the validity
@@ -56,7 +56,7 @@
-
SEE ALSO
+
SEE ALSO
BIND 9 Administrator Reference Manual,
RFC 5155.
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]
-
DESCRIPTION
+
DESCRIPTION
nsupdate
is used to submit Dynamic DNS Update requests as defined in RFC 2136
to a name server.
@@ -131,7 +131,13 @@
[hmac:]keyname:secret.
keyname is the name of the key, and
secret is the base64 encoded shared secret.
- Use of the -y option is discouraged because the
+ hmac is the name of the key algorithm;
+ valid choices are hmac-md5,
+ hmac-sha1, hmac-sha224,
+ hmac-sha256, hmac-sha384, or
+ hmac-sha512. If hmac
+ is not specified, the default is hmac-md5.
+ NOTE: Use of the -y option is discouraged because the
shared secret is supplied as a command line argument in clear text.
This may be visible in the output from
ps(1)
@@ -230,7 +236,7 @@
-
INPUT FORMAT
+
INPUT FORMAT
nsupdate
reads input from
filename
@@ -530,7 +536,7 @@
-
EXAMPLES
+
EXAMPLES
The examples below show how
nsupdate
@@ -584,7 +590,7 @@
-
FILES
+
FILES
/etc/resolv.conf
@@ -607,7 +613,7 @@
-
SEE ALSO
+
SEE ALSO
RFC 2136,
RFC 3007,
@@ -622,7 +628,7 @@
-
BUGS
+
BUGS
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 72ee4fb36a..8787b8a07b 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
-
DESCRIPTION
+
DESCRIPTION
rndc-confgen
generates configuration files
for rndc. It can be used as a
@@ -66,7 +66,7 @@
-
EXAMPLES
+
EXAMPLES
To allow rndc to be used with
no manual configuration, run
@@ -197,7 +197,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc.conf(5),
named(8),
@@ -205,7 +205,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
-
DESCRIPTION
+
DESCRIPTION
rndc.conf is the configuration file
for rndc, the BIND 9 name server control
utility. This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
-
EXAMPLE
+
EXAMPLE
options {
default-server localhost;
@@ -210,7 +210,7 @@
-
NAME SERVER CONFIGURATION
+
NAME SERVER CONFIGURATION
The name server must be configured to accept rndc connections and
to recognize the key specified in the rndc.conf
@@ -220,7 +220,7 @@
-
SEE ALSO
+
SEE ALSO
rndc(8),
rndc-confgen(8),
mmencode(1),
@@ -228,7 +228,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium
rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}
-
DESCRIPTION
+
DESCRIPTION
rndc
controls the operation of a name
server. It supersedes the ndc utility
@@ -81,7 +81,7 @@
-
OPTIONS
+
OPTIONS
- -b
source-address
@@ -152,7 +152,7 @@
-
COMMANDS
+
COMMANDS
A list of commands supported by rndc can
be seen by running rndc without arguments.
@@ -537,7 +537,7 @@
-
LIMITATIONS
+
LIMITATIONS
There is currently no way to provide the shared secret for a
key_id without using the configuration file.
@@ -547,7 +547,7 @@
-
SEE ALSO
+
SEE ALSO
rndc.conf(5),
rndc-confgen(8),
named(8),
@@ -557,7 +557,7 @@
-
AUTHOR
+
AUTHOR
Internet Systems Consortium