diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1 index 0de66ed9d5..7ab3f12238 100644 --- a/bin/nsupdate/nsupdate.1 +++ b/bin/nsupdate/nsupdate.1 @@ -20,11 +20,11 @@ .\" Title: nsupdate .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 -.\" Date: March 10, 2012 +.\" Date: April 18, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSUPDATE" "1" "March 10, 2012" "BIND9" "BIND9" +.TH "NSUPDATE" "1" "April 18, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -97,7 +97,18 @@ option is used, a signature is generated from \fIkeyname\fR is the name of the key, and \fIsecret\fR -is the base64 encoded shared secret. Use of the +is the base64 encoded shared secret. +\fIhmac\fR +is the name of the key algorithm; valid choices are +hmac\-md5, +hmac\-sha1, +hmac\-sha224, +hmac\-sha256, +hmac\-sha384, or +hmac\-sha512. If +\fIhmac\fR +is not specified, the default is +hmac\-md5. NOTE: Use of the \fB\-y\fR option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from \fBps\fR(1) diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 0d6f04e53e..bfb00f9063 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -113,7 +113,13 @@ [hmac:]keyname:secret. keyname is the name of the key, and secret is the base64 encoded shared secret. - Use of the -y option is discouraged because the + hmac is the name of the key algorithm; + valid choices are hmac-md5, + hmac-sha1, hmac-sha224, + hmac-sha256, hmac-sha384, or + hmac-sha512. If hmac + is not specified, the default is hmac-md5. + NOTE: Use of the -y option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from ps(1) @@ -212,7 +218,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -512,7 +518,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -566,7 +572,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -589,7 +595,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -604,7 +610,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html index b4f93aa9f9..5f0e38c83b 100644 --- a/doc/arm/man.arpaname.html +++ b/doc/arm/man.arpaname.html @@ -50,20 +50,20 @@

arpaname {ipaddress ...}

-

DESCRIPTION

+

DESCRIPTION

arpaname translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html index c9963c7f3a..1bfb089e02 100644 --- a/doc/arm/man.ddns-confgen.html +++ b/doc/arm/man.ddns-confgen.html @@ -51,7 +51,7 @@

ddns-confgen [-a algorithm] [-h] [-k keyname] [-q] [-r randomfile] [ -s name | -z zone ]

-

DESCRIPTION

+

DESCRIPTION

tsig-keygen and ddns-confgen are invokation methods for a utility that generates keys for use @@ -87,7 +87,7 @@

-

OPTIONS

+

OPTIONS

-a algorithm

@@ -159,7 +159,7 @@

-

SEE ALSO

+

SEE ALSO

nsupdate(1), named.conf(5), named(8), @@ -167,7 +167,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html index 30a845df26..a2f2e7d686 100644 --- a/doc/arm/man.genrandom.html +++ b/doc/arm/man.genrandom.html @@ -50,7 +50,7 @@

genrandom [-n number] {size} {filename}

-

DESCRIPTION

+

DESCRIPTION

genrandom generates a file or a set of files containing a specified quantity @@ -59,7 +59,7 @@

-

ARGUMENTS

+

ARGUMENTS

-n number

@@ -77,14 +77,14 @@

-

SEE ALSO

+

SEE ALSO

rand(3), arc4random(3)

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html index 129116f0f3..c614a70ac8 100644 --- a/doc/arm/man.isc-hmac-fixup.html +++ b/doc/arm/man.isc-hmac-fixup.html @@ -50,7 +50,7 @@

isc-hmac-fixup {algorithm} {secret}

-

DESCRIPTION

+

DESCRIPTION

Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -76,7 +76,7 @@

-

SECURITY CONSIDERATIONS

+

SECURITY CONSIDERATIONS

Secrets that have been converted by isc-hmac-fixup are shortened, but as this is how the HMAC protocol works in @@ -87,14 +87,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 2104.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html index cb5b81edc5..dce9995c7d 100644 --- a/doc/arm/man.nsec3hash.html +++ b/doc/arm/man.nsec3hash.html @@ -48,7 +48,7 @@

nsec3hash {salt} {algorithm} {iterations} {domain}

-

DESCRIPTION

+

DESCRIPTION

nsec3hash generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -56,7 +56,7 @@

-

ARGUMENTS

+

ARGUMENTS

salt

@@ -80,14 +80,14 @@

-

SEE ALSO

+

SEE ALSO

BIND 9 Administrator Reference Manual, RFC 5155.

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html index 88dcf2f743..3deb69bbcf 100644 --- a/doc/arm/man.nsupdate.html +++ b/doc/arm/man.nsupdate.html @@ -50,7 +50,7 @@

nsupdate [-d] [-D] [[-g] | [-o] | [-l] | [-y [hmac:]keyname:secret] | [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [-T] [-P] [-V] [filename]

-

DESCRIPTION

+

DESCRIPTION

nsupdate is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -131,7 +131,13 @@ [hmac:]keyname:secret. keyname is the name of the key, and secret is the base64 encoded shared secret. - Use of the -y option is discouraged because the + hmac is the name of the key algorithm; + valid choices are hmac-md5, + hmac-sha1, hmac-sha224, + hmac-sha256, hmac-sha384, or + hmac-sha512. If hmac + is not specified, the default is hmac-md5. + NOTE: Use of the -y option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from ps(1) @@ -230,7 +236,7 @@

-

INPUT FORMAT

+

INPUT FORMAT

nsupdate reads input from filename @@ -530,7 +536,7 @@

-

EXAMPLES

+

EXAMPLES

The examples below show how nsupdate @@ -584,7 +590,7 @@

-

FILES

+

FILES

/etc/resolv.conf

@@ -607,7 +613,7 @@

-

SEE ALSO

+

SEE ALSO

RFC 2136, RFC 3007, @@ -622,7 +628,7 @@

-

BUGS

+

BUGS

The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html index 72ee4fb36a..8787b8a07b 100644 --- a/doc/arm/man.rndc-confgen.html +++ b/doc/arm/man.rndc-confgen.html @@ -50,7 +50,7 @@

rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

-

DESCRIPTION

+

DESCRIPTION

rndc-confgen generates configuration files for rndc. It can be used as a @@ -66,7 +66,7 @@

-

OPTIONS

+

OPTIONS

-a
@@ -180,7 +180,7 @@
-

EXAMPLES

+

EXAMPLES

To allow rndc to be used with no manual configuration, run @@ -197,7 +197,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc.conf(5), named(8), @@ -205,7 +205,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html index 925d7cb579..68d89100bd 100644 --- a/doc/arm/man.rndc.conf.html +++ b/doc/arm/man.rndc.conf.html @@ -50,7 +50,7 @@

rndc.conf

-

DESCRIPTION

+

DESCRIPTION

rndc.conf is the configuration file for rndc, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -136,7 +136,7 @@

-

EXAMPLE

+

EXAMPLE

       options {
         default-server  localhost;
@@ -210,7 +210,7 @@
     

-

NAME SERVER CONFIGURATION

+

NAME SERVER CONFIGURATION

The name server must be configured to accept rndc connections and to recognize the key specified in the rndc.conf @@ -220,7 +220,7 @@

-

SEE ALSO

+

SEE ALSO

rndc(8), rndc-confgen(8), mmencode(1), @@ -228,7 +228,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html index fe96cf6e22..9c9680ee87 100644 --- a/doc/arm/man.rndc.html +++ b/doc/arm/man.rndc.html @@ -50,7 +50,7 @@

rndc [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-q] [-V] [-y key_id] {command}

-

DESCRIPTION

+

DESCRIPTION

rndc controls the operation of a name server. It supersedes the ndc utility @@ -81,7 +81,7 @@

-

OPTIONS

+

OPTIONS

-b source-address

@@ -152,7 +152,7 @@

-

COMMANDS

+

COMMANDS

A list of commands supported by rndc can be seen by running rndc without arguments. @@ -537,7 +537,7 @@

-

LIMITATIONS

+

LIMITATIONS

There is currently no way to provide the shared secret for a key_id without using the configuration file. @@ -547,7 +547,7 @@

-

SEE ALSO

+

SEE ALSO

rndc.conf(5), rndc-confgen(8), named(8), @@ -557,7 +557,7 @@

-

AUTHOR

+

AUTHOR

Internet Systems Consortium