diff --git a/doc/man/ddns-confgen.8in b/doc/man/ddns-confgen.8in index 0549db6389..c5973050fe 100644 --- a/doc/man/ddns-confgen.8in +++ b/doc/man/ddns-confgen.8in @@ -37,19 +37,19 @@ ddns-confgen \- ddns key generation tool .sp \fBddns\-confgen\fP is an utility that generates keys for use in TSIG signing. The resulting keys can be used, for example, to secure dynamic DNS updates -to a zone, or for the \fBrndc\fP command channel. +to a zone, or for the \fI\%rndc\fP command channel. .sp The key name can specified using \fI\%\-k\fP parameter and defaults to \fBddns\-key\fP\&. The generated key is accompanied by configuration text and instructions that -can be used with \fBnsupdate\fP and \fBnamed\fP when setting up dynamic DNS, +can be used with \fI\%nsupdate\fP and \fI\%named\fP when setting up dynamic DNS, including an example \fBupdate\-policy\fP statement. -(This usage is similar to the \fBrndc\-confgen\fP command for setting up +(This usage is similar to the \fI\%rndc\-confgen\fP command for setting up command\-channel security.) .sp -Note that \fBnamed\fP itself can configure a local DDNS key for use with -\fBnsupdate \-l\fP; it does this when a zone is configured with +Note that \fI\%named\fP itself can configure a local DDNS key for use with +\fI\%nsupdate \-l\fP; it does this when a zone is configured with \fBupdate\-policy local;\fP\&. \fBddns\-confgen\fP is only needed when a more -elaborate configuration is required: for instance, if \fBnsupdate\fP is to +elaborate configuration is required: for instance, if \fI\%nsupdate\fP is to be used from a remote system. .SH OPTIONS .INDENT 0.0 @@ -80,13 +80,13 @@ letters, digits, hyphens, and periods. .B \-q This option enables quiet mode, which prints only the key, with no explanatory text or usage examples. This is essentially identical to -\fBtsig\-keygen\fP\&. +\fI\%tsig\-keygen\fP\&. .UNINDENT .INDENT 0.0 .TP .B \-s name This option generates a configuration example to allow dynamic updates -of a single hostname. The example \fBnamed.conf\fP text shows how to set +of a single hostname. The example \fI\%named.conf\fP text shows how to set an update policy for the specified name using the "name" nametype. The default key name is \fBddns\-key.name\fP\&. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key @@ -96,14 +96,14 @@ name. This option cannot be used with the \fI\%\-z\fP option. .TP .B \-z zone This option generates a configuration example to allow -dynamic updates of a zone. The example \fBnamed.conf\fP text shows how +dynamic updates of a zone. The example \fI\%named.conf\fP text shows how to set an update policy for the specified zone using the "zonesub" nametype, allowing updates to all subdomain names within that zone. This option cannot be used with the \fI\%\-s\fP option. .UNINDENT .SH SEE ALSO .sp -\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%nsupdate(1)\fP, \fI\%named.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/delv.1in b/doc/man/delv.1in index cc662b9d23..5164901f76 100644 --- a/doc/man/delv.1in +++ b/doc/man/delv.1in @@ -42,7 +42,7 @@ delv \- DNS lookup and validation utility .SH DESCRIPTION .sp \fBdelv\fP is a tool for sending DNS queries and validating the results, -using the same internal resolver and validator logic as \fBnamed\fP\&. +using the same internal resolver and validator logic as \fI\%named\fP\&. .sp \fBdelv\fP sends to a specified name server all queries needed to fetch and validate the requested data; this includes the original @@ -127,7 +127,7 @@ Note: When reading the trust anchor file, \fBdelv\fP treats \fBtrust\-anchors\fP \fBinitial\-key\fP, and \fBstatic\-key\fP identically. That is, for a managed key, it is the \fIinitial\fP key that is trusted; \fI\%RFC 5011\fP key management is not supported. \fBdelv\fP does not consult the managed\-keys database maintained by -\fBnamed\fP, which means that if either of the keys in \fB@sysconfdir@/bind.keys\fP is +\fI\%named\fP, which means that if either of the keys in \fB@sysconfdir@/bind.keys\fP is revoked and rolled over, \fB@sysconfdir@/bind.keys\fP must be updated to use DNSSEC validation in \fBdelv\fP\&. .UNINDENT @@ -362,7 +362,7 @@ parsing of the \fBdelv\fP output. .TP .B +[no]dnssec This option indicates whether to display RRSIG records in the \fBdelv\fP output. -The default is to do so. Note that (unlike in \fBdig\fP) this does +The default is to do so. Note that (unlike in \fI\%dig\fP) this does \fInot\fP control whether to request DNSSEC records or to validate them. DNSSEC records are always requested, and validation always occurs unless suppressed by the use of \fI\%\-i\fP or @@ -402,7 +402,7 @@ This option prints response data in YAML format. \fB/etc/resolv.conf\fP .SH SEE ALSO .sp -\fBdig(1)\fP, \fBnamed(8)\fP, \fI\%RFC 4034\fP, \fI\%RFC 4035\fP, \fI\%RFC 4431\fP, \fI\%RFC 5074\fP, \fI\%RFC 5155\fP\&. +\fI\%dig(1)\fP, \fI\%named(8)\fP, \fI\%RFC 4034\fP, \fI\%RFC 4035\fP, \fI\%RFC 4431\fP, \fI\%RFC 5074\fP, \fI\%RFC 5155\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/dig.1in b/doc/man/dig.1in index ae3aee6db2..f88c16b66f 100644 --- a/doc/man/dig.1in +++ b/doc/man/dig.1in @@ -153,12 +153,12 @@ Print a usage summary. .INDENT 0.0 .TP .B \-k keyfile -This option tells \fBnamed\fP to sign queries using TSIG using a key read from the given file. Key -files can be generated using \fBtsig\-keygen\fP\&. When using TSIG +This option tells \fI\%named\fP to sign queries using TSIG using a key read from the given file. Key +files can be generated using \fI\%tsig\-keygen\fP\&. When using TSIG authentication with \fBdig\fP, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate \fBkey\fP and \fBserver\fP statements in -\fBnamed.conf\fP\&. +\fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -441,7 +441,7 @@ This option sends an EDNS Expire option. .INDENT 0.0 .TP .B +[no]fail -This option indicates that \fBnamed\fP should try [or not try] the next server if a SERVFAIL is received. The default is +This option indicates that \fI\%named\fP should try [or not try] the next server if a SERVFAIL is received. The default is to not try the next server, which is the reverse of normal stub resolver behavior. .UNINDENT @@ -675,7 +675,7 @@ This option performs [or does not perform] a search showing intermediate results .INDENT 0.0 .TP .B +[no]sigchase -This feature is now obsolete and has been removed; use \fBdelv\fP +This feature is now obsolete and has been removed; use \fI\%delv\fP instead. .UNINDENT .INDENT 0.0 @@ -756,7 +756,7 @@ is used. This option has no effect if \fB+tls\-ca\fP is not specified. .TP .B +[no]topdown This feature is related to \fBdig +sigchase\fP, which is obsolete and -has been removed. Use \fBdelv\fP instead. +has been removed. Use \fI\%delv\fP instead. .UNINDENT .INDENT 0.0 .TP @@ -785,7 +785,7 @@ the number of tries is silently rounded up to 1. .TP .B +trusted\-key=#### This option formerly specified trusted keys for use with \fBdig +sigchase\fP\&. This -feature is now obsolete and has been removed; use \fBdelv\fP instead. +feature is now obsolete and has been removed; use \fI\%delv\fP instead. .UNINDENT .INDENT 0.0 .TP @@ -898,7 +898,7 @@ Internal error \fB${HOME}/.digrc\fP .SH SEE ALSO .sp -\fBdelv(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&. +\fI\%delv(1)\fP, \fI\%host(1)\fP, \fI\%named(8)\fP, \fI\%dnssec\-keygen(8)\fP, \fI\%RFC 1035\fP\&. .SH BUGS .sp There are probably too many query options. diff --git a/doc/man/dnssec-cds.1in b/doc/man/dnssec-cds.1in index 215fce457a..305ef60899 100644 --- a/doc/man/dnssec-cds.1in +++ b/doc/man/dnssec-cds.1in @@ -48,7 +48,7 @@ file containing the child\(aqs CDS and/or CDNSKEY records, plus RRSIG and DNSKEY records so that they can be authenticated. The \fI\%\-d path\fP option specifies the location of a file containing the current DS records. For example, this could be a \fBdsset\-\fP file generated by -\fBdnssec\-signzone\fP, or the output of \fBdnssec\-dsfromkey\fP, or the +\fI\%dnssec\-signzone\fP, or the output of \fI\%dnssec\-dsfromkey\fP, or the output of a previous run of \fBdnssec\-cds\fP\&. .sp The \fBdnssec\-cds\fP command uses special DNSSEC validation logic @@ -79,9 +79,9 @@ Be careful not to delete the DS records when \fBdnssec\-cds\fP fails! .UNINDENT .UNINDENT .sp -Alternatively, :option\(gadnssec\-cds \-u\(ga writes an \fBnsupdate\fP script to the +Alternatively, :option\(gadnssec\-cds \-u\(ga writes an \fI\%nsupdate\fP script to the standard output. The \fI\%\-u\fP and \fI\%\-i\fP options can be used together to -maintain a \fBdsset\-\fP file as well as emit an \fBnsupdate\fP script. +maintain a \fBdsset\-\fP file as well as emit an \fI\%nsupdate\fP script. .SH OPTIONS .INDENT 0.0 .TP @@ -172,13 +172,13 @@ the new DS records also have no explicit TTL. .INDENT 0.0 .TP .B \-u -This option writes an \fBnsupdate\fP script to the standard output, instead of +This option writes an \fI\%nsupdate\fP script to the standard output, instead of printing the new DS reords. The output is empty if no change is needed. .sp Note: The TTL of new records needs to be specified: it can be done in the original \fBdsset\-\fP file, with the \fI\%\-T\fP option, or using the -\fBnsupdate\fP \fBttl\fP command. +\fI\%nsupdate\fP \fBttl\fP command. .UNINDENT .INDENT 0.0 .TP @@ -205,11 +205,11 @@ If successful, the DS records may or may not need to be changed. .SH EXAMPLES .sp -Before running \fBdnssec\-signzone\fP, ensure that the delegations +Before running \fI\%dnssec\-signzone\fP, ensure that the delegations are up\-to\-date by running \fBdnssec\-cds\fP on every \fBdsset\-\fP file. .sp To fetch the child records required by \fBdnssec\-cds\fP, invoke -\fBdig\fP as in the script below. It is acceptable if the \fBdig\fP fails, since +\fI\%dig\fP as in the script below. It is acceptable if the \fI\%dig\fP fails, since \fBdnssec\-cds\fP performs all the necessary checking. .INDENT 0.0 .INDENT 3.5 @@ -227,8 +227,8 @@ done .UNINDENT .UNINDENT .sp -When the parent zone is automatically signed by \fBnamed\fP, -\fBdnssec\-cds\fP can be used with \fBnsupdate\fP to maintain a delegation as follows. +When the parent zone is automatically signed by \fI\%named\fP, +\fBdnssec\-cds\fP can be used with \fI\%nsupdate\fP to maintain a delegation as follows. The \fBdsset\-\fP file allows the script to avoid having to fetch and validate the parent DS records, and it maintains the replay attack protection time. @@ -246,7 +246,7 @@ nsupdate \-l .UNINDENT .SH SEE ALSO .sp -\fBdig(1)\fP, \fBdnssec\-settime(8)\fP, \fBdnssec\-signzone(8)\fP, \fBnsupdate(1)\fP, BIND 9 Administrator +\fI\%dig(1)\fP, \fI\%dnssec\-settime(8)\fP, \fI\%dnssec\-signzone(8)\fP, \fI\%nsupdate(1)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 7344\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-dsfromkey.1in b/doc/man/dnssec-dsfromkey.1in index 8ec700a523..f2f369bd5e 100644 --- a/doc/man/dnssec-dsfromkey.1in +++ b/doc/man/dnssec-dsfromkey.1in @@ -51,13 +51,13 @@ included. The input keys can be specified in a number of ways: .sp By default, \fBdnssec\-dsfromkey\fP reads a key file named in the format -\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fBdnssec\-keygen\fP\&. +\fBKnnnn.+aaa+iiiii.key\fP, as generated by \fI\%dnssec\-keygen\fP\&. .sp With the \fI\%\-f file\fP option, \fBdnssec\-dsfromkey\fP reads keys from a zone file or partial zone file (which can contain just the DNSKEY records). .sp With the \fI\%\-s\fP option, \fBdnssec\-dsfromkey\fP reads a \fBkeyset\-\fP file, -as generated by \fBdnssec\-keygen\fP \fI\%\-C\fP\&. +as generated by \fI\%dnssec\-keygen\fP \fI\%\-C\fP\&. .SH OPTIONS .INDENT 0.0 .TP @@ -107,7 +107,7 @@ DNS domain name of a zone whose master file can be read from omitted. .sp If \fBfile\fP is \fB\-\fP, then the zone data is read from the standard -input. This makes it possible to use the output of the \fBdig\fP +input. This makes it possible to use the output of the \fI\%dig\fP command as input, as in: .sp \fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fP @@ -157,7 +157,7 @@ The command returns something similar to: .sp The keyfile can be designated by the key identification \fBKnnnn.+aaa+iiiii\fP or the full file name \fBKnnnn.+aaa+iiiii.key\fP, as -generated by \fBdnssec\-keygen\fP\&. +generated by \fI\%dnssec\-keygen\fP\&. .sp The keyset file name is built from the \fBdirectory\fP, the string \fBkeyset\-\fP, and the \fBdnsname\fP\&. @@ -166,7 +166,7 @@ The keyset file name is built from the \fBdirectory\fP, the string A keyfile error may return "file not found," even if the file exists. .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, +\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 3658\fP (DS RRs), \fI\%RFC 4509\fP (SHA\-256 for DS RRs), \fI\%RFC 6605\fP (SHA\-384 for DS RRs), \fI\%RFC 7344\fP (CDS and CDNSKEY RRs). .SH AUTHOR diff --git a/doc/man/dnssec-importkey.1in b/doc/man/dnssec-importkey.1in index 3c38ccf998..b751c2bb05 100644 --- a/doc/man/dnssec-importkey.1in +++ b/doc/man/dnssec-importkey.1in @@ -129,10 +129,10 @@ key are to be deleted. .sp A keyfile can be designed by the key identification \fBKnnnn.+aaa+iiiii\fP or the full file name \fBKnnnn.+aaa+iiiii.key\fP, as generated by -\fBdnssec\-keygen\fP\&. +\fI\%dnssec\-keygen\fP\&. .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, +\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-keyfromlabel.1in b/doc/man/dnssec-keyfromlabel.1in index 63dfd774ab..fb0b2f6891 100644 --- a/doc/man/dnssec-keyfromlabel.1in +++ b/doc/man/dnssec-keyfromlabel.1in @@ -38,7 +38,7 @@ dnssec-keyfromlabel \- DNSSEC key generation tool \fBdnssec\-keyfromlabel\fP generates a pair of key files that reference a key object stored in a cryptographic hardware service module (HSM). The private key file can be used for DNSSEC signing of zone data as if it -were a conventional signing key created by \fBdnssec\-keygen\fP, but the +were a conventional signing key created by \fI\%dnssec\-keygen\fP, but the key material is stored within the HSM and the actual signing takes place there. .sp @@ -303,7 +303,7 @@ The \fB\&.private\fP file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission. .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, +\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4034\fP, \fI\%RFC 7512\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-keygen.1in b/doc/man/dnssec-keygen.1in index a2e9158955..d516f8ee33 100644 --- a/doc/man/dnssec-keygen.1in +++ b/doc/man/dnssec-keygen.1in @@ -71,7 +71,7 @@ option, which copies the algorithm from the predecessor key. .sp In prior releases, HMAC algorithms could be generated for use as TSIG keys, but that feature was removed in BIND 9.13.0. Use -\fBtsig\-keygen\fP to generate TSIG keys. +\fI\%tsig\-keygen\fP to generate TSIG keys. .UNINDENT .INDENT 0.0 .TP @@ -354,7 +354,7 @@ string. \fBKnnnn.+aaa+iiiii.key\fP contains the public key, and \fBKnnnn.+aaa+iiiii.private\fP contains the private key. .sp The \fB\&.key\fP file contains a DNSKEY or KEY record. When a zone is being -signed by \fBnamed\fP or \fBdnssec\-signzone \-S\fP, DNSKEY records are +signed by \fI\%named\fP or \fI\%dnssec\-signzone \-S\fP, DNSKEY records are included automatically. In other cases, the \fB\&.key\fP file can be inserted into a zone file manually or with an \fB$INCLUDE\fP statement. .sp @@ -379,7 +379,7 @@ To generate a matching key\-signing key, issue the command: \fBdnssec\-keygen \-a ECDSAP256SHA256 \-f KSK example.com\fP .SH SEE ALSO .sp -\fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 2539\fP, +\fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 2539\fP, \fI\%RFC 2845\fP, \fI\%RFC 4034\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-revoke.1in b/doc/man/dnssec-revoke.1in index 65bf06a4e0..29884dbe44 100644 --- a/doc/man/dnssec-revoke.1in +++ b/doc/man/dnssec-revoke.1in @@ -88,7 +88,7 @@ revoke the key. .UNINDENT .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&. +\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/dnssec-settime.1in b/doc/man/dnssec-settime.1in index 66313765d1..8adf975458 100644 --- a/doc/man/dnssec-settime.1in +++ b/doc/man/dnssec-settime.1in @@ -38,7 +38,7 @@ dnssec-settime \- set the key timing metadata for a DNSSEC key \fBdnssec\-settime\fP reads a DNSSEC private key file and sets the key timing metadata as specified by the \fI\%\-P\fP, \fI\%\-A\fP, \fI\%\-R\fP, \fI\%\-I\fP, and \fI\%\-D\fP options. The metadata can then be used by -\fBdnssec\-signzone\fP or other signing software to determine when a key is +\fI\%dnssec\-signzone\fP or other signing software to determine when a key is to be published, whether it should be used for signing a zone, etc. .sp If none of these options is set on the command line, @@ -284,7 +284,7 @@ metadata, use \fBall\fP\&. .UNINDENT .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, \fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, +\fI\%dnssec\-keygen(8)\fP, \fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-signzone.1in b/doc/man/dnssec-signzone.1in index f59f6b2aac..ffc5278ea0 100644 --- a/doc/man/dnssec-signzone.1in +++ b/doc/man/dnssec-signzone.1in @@ -111,7 +111,7 @@ which is useful to know when rolling keys. The maxttl is the longest possible time before signatures that have been retrieved by resolvers expire from resolver caches. Zones that are signed with this option should be configured to use a matching \fBmax\-zone\-ttl\fP in -\fBnamed.conf\fP\&. (Note: This option is incompatible with \fI\%\-D\fP, +\fI\%named.conf\fP\&. (Note: This option is incompatible with \fI\%\-D\fP, because it modifies non\-DNSSEC data in the output zone.) .UNINDENT .INDENT 0.0 @@ -268,8 +268,8 @@ zone. Possible formats are \fBtext\fP (the default), which is the standard textual representation of the zone; \fBfull\fP, which is text output in a format suitable for processing by external scripts; and \fBraw\fP and \fBraw=N\fP, which store the zone in binary formats for rapid loading by -\fBnamed\fP\&. \fBraw=N\fP specifies the format version of the raw zone file: -if N is 0, the raw file can be read by any version of \fBnamed\fP; if N is +\fI\%named\fP\&. \fBraw=N\fP specifies the format version of the raw zone file: +if N is 0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1. .UNINDENT .INDENT 0.0 @@ -392,7 +392,7 @@ This option sets the debugging level. .B \-x This option indicates that BIND 9 should only sign the DNSKEY, CDNSKEY, and CDS RRsets with key\-signing keys, and should omit signatures from zone\-signing keys. (This is similar to the -\fBdnssec\-dnskey\-kskonly yes;\fP zone option in \fBnamed\fP\&.) +\fBdnssec\-dnskey\-kskonly yes;\fP zone option in \fI\%named\fP\&.) .UNINDENT .INDENT 0.0 .TP @@ -400,7 +400,7 @@ and should omit signatures from zone\-signing keys. (This is similar to the This option indicates that BIND 9 should ignore the KSK flag on keys when determining what to sign. This causes KSK\-flagged keys to sign all records, not just the DNSKEY RRset. (This is similar to the \fBupdate\-check\-ksk no;\fP zone option in -\fBnamed\fP\&.) +\fI\%named\fP\&.) .UNINDENT .INDENT 0.0 .TP @@ -444,7 +444,7 @@ the current directory, they are used for signing. .SH EXAMPLE .sp The following command signs the \fBexample.com\fP zone with the -ECDSAP256SHA256 key generated by \fBdnssec\-keygen\fP +ECDSAP256SHA256 key generated by \fI\%dnssec\-keygen\fP (Kexample.com.+013+17247). Because the \fI\%\-S\fP option is not being used, the zone\(aqs keys must be in the master file (\fBdb.example.com\fP). This invocation looks for \fBdsset\fP files in the current directory, so that @@ -465,7 +465,7 @@ db.example.com.signed .sp In the above example, \fBdnssec\-signzone\fP creates the file \fBdb.example.com.signed\fP\&. This file should be referenced in a zone -statement in the \fBnamed.conf\fP file. +statement in the \fI\%named.conf\fP file. .sp This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory. @@ -484,7 +484,7 @@ db.example.com.signed .UNINDENT .SH SEE ALSO .sp -\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP, +\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP, \fI\%RFC 4641\fP\&. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/dnssec-verify.1in b/doc/man/dnssec-verify.1in index ad6930df4e..9fbd84ea3f 100644 --- a/doc/man/dnssec-verify.1in +++ b/doc/man/dnssec-verify.1in @@ -94,7 +94,7 @@ This option verifies only that the DNSKEY RRset is signed with key\-signing keys Without this flag, it is assumed that the DNSKEY RRset is signed by all active keys. When this flag is set, it is not an error if the DNSKEY RRset is not signed by zone\-signing keys. This corresponds -to the \fB\-x option in dnssec\-signzone\fP\&. +to the \fI\%\-x option in dnssec\-signzone\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -110,7 +110,7 @@ be at least one non\-revoked, self\-signed DNSKEY, regardless of the KSK flag state, and that other RRsets be signed by a non\-revoked key for the same algorithm that includes the self\-signed key; the same key may be used for both purposes. This corresponds to -the \fB\-z option in dnssec\-signzone\fP\&. +the \fI\%\-z option in dnssec\-signzone\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -119,7 +119,7 @@ This option indicates the file containing the zone to be signed. .UNINDENT .SH SEE ALSO .sp -\fBdnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP\&. +\fI\%dnssec\-signzone(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 4033\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/dnstap-read.1in b/doc/man/dnstap-read.1in index 8b09290419..df76e6f798 100644 --- a/doc/man/dnstap-read.1in +++ b/doc/man/dnstap-read.1in @@ -64,7 +64,7 @@ This option prints \fBdnstap\fP data in a detailed YAML format. .UNINDENT .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBrndc(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%named(8)\fP, \fI\%rndc(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/filter-a.8in b/doc/man/filter-a.8in index 723585fe85..35956cb51e 100644 --- a/doc/man/filter-a.8in +++ b/doc/man/filter-a.8in @@ -35,8 +35,8 @@ filter-a \- filter A in DNS responses when AAAA is present \fBplugin query\fP "filter\-a.so" [{ parameters }]; .SH DESCRIPTION .sp -\fBfilter\-a.so\fP is a query plugin module for \fBnamed\fP, enabling -\fBnamed\fP to omit some IPv4 addresses when responding to clients. +\fBfilter\-a.so\fP is a query plugin module for \fI\%named\fP, enabling +\fI\%named\fP to omit some IPv4 addresses when responding to clients. .sp For example: .INDENT 0.0 diff --git a/doc/man/filter-aaaa.8in b/doc/man/filter-aaaa.8in index 93ee7426dc..3340408db2 100644 --- a/doc/man/filter-aaaa.8in +++ b/doc/man/filter-aaaa.8in @@ -35,13 +35,13 @@ filter-aaaa \- filter AAAA in DNS responses when A is present \fBplugin query\fP "filter\-aaaa.so" [{ parameters }]; .SH DESCRIPTION .sp -\fBfilter\-aaaa.so\fP is a query plugin module for \fBnamed\fP, enabling -\fBnamed\fP to omit some IPv6 addresses when responding to clients. +\fBfilter\-aaaa.so\fP is a query plugin module for \fI\%named\fP, enabling +\fI\%named\fP to omit some IPv6 addresses when responding to clients. .sp -Until BIND 9.12, this feature was implemented natively in \fBnamed\fP and +Until BIND 9.12, this feature was implemented natively in \fI\%named\fP and enabled with the \fBfilter\-aaaa\fP ACL and the \fBfilter\-aaaa\-on\-v4\fP and \fBfilter\-aaaa\-on\-v6\fP options. These options are now deprecated in -\fBnamed.conf\fP but can be passed as parameters to the +\fI\%named.conf\fP but can be passed as parameters to the \fBfilter\-aaaa.so\fP plugin, for example: .INDENT 0.0 .INDENT 3.5 diff --git a/doc/man/host.1in b/doc/man/host.1in index 4e54442347..5fbe7ef156 100644 --- a/doc/man/host.1in +++ b/doc/man/host.1in @@ -78,7 +78,7 @@ class resource records. The default class is IN (Internet). .INDENT 0.0 .TP .B \-C -This option indicates that \fBnamed\fP should check consistency, meaning that \fBhost\fP queries the SOA records for zone +This option indicates that \fI\%named\fP should check consistency, meaning that \fBhost\fP queries the SOA records for zone \fBname\fP from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone. @@ -91,7 +91,7 @@ This option prints debugging traces, and is equivalent to the \fI\%\-v\fP verbos .INDENT 0.0 .TP .B \-l -This option tells \fBnamed\fP to list the zone, meaning the \fBhost\fP command performs a zone transfer of zone +This option tells \fI\%named\fP to list the zone, meaning the \fBhost\fP command performs a zone transfer of zone \fBname\fP and prints out the NS, PTR, and address records (A/AAAA). .sp Together, the \fI\%\-l\fP \fI\%\-a\fP options print all records in the zone. @@ -131,7 +131,7 @@ the value of the \fBattempts\fP option in \fB/etc/resolv.conf\fP, if set. .INDENT 0.0 .TP .B \-s -This option tells \fBnamed\fP \fInot\fP to send the query to the next nameserver if any server responds +This option tells \fI\%named\fP \fInot\fP to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior. .UNINDENT @@ -188,7 +188,7 @@ also the \fI\%\-W\fP option. .INDENT 0.0 .TP .B \-W wait -This options sets the length of the wait timeout, indicating that \fBnamed\fP should wait for up to \fBwait\fP seconds for a reply. If \fBwait\fP is +This options sets the length of the wait timeout, indicating that \fI\%named\fP should wait for up to \fBwait\fP seconds for a reply. If \fBwait\fP is less than 1, the wait interval is set to 1 second. .sp By default, \fBhost\fP waits for 5 seconds for UDP responses and 10 @@ -211,7 +211,7 @@ when \fBhost\fP runs. \fB/etc/resolv.conf\fP .SH SEE ALSO .sp -\fBdig(1)\fP, \fBnamed(8)\fP\&. +\fI\%dig(1)\fP, \fI\%named(8)\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/mdig.1in b/doc/man/mdig.1in index 5794844555..df1dbf83a9 100644 --- a/doc/man/mdig.1in +++ b/doc/man/mdig.1in @@ -39,18 +39,18 @@ mdig \- DNS pipelined lookup utility \fBmdig\fP [@server] {global\-opt...} { {local\-opt...} {query} ...} .SH DESCRIPTION .sp -\fBmdig\fP is a multiple/pipelined query version of \fBdig\fP: instead of +\fBmdig\fP is a multiple/pipelined query version of \fI\%dig\fP: instead of waiting for a response after sending each query, it begins by sending all queries. Responses are displayed in the order in which they are received, not in the order the corresponding queries were sent. .sp -\fBmdig\fP options are a subset of the \fBdig\fP options, and are divided +\fBmdig\fP options are a subset of the \fI\%dig\fP options, and are divided into "anywhere options," which can occur anywhere, "global options," which must occur before the query name (or they are ignored with a warning), and "local options," which apply to the next query on the command line. .sp The \fB@server\fP option is a mandatory global option. It is the name or IP -address of the name server to query. (Unlike \fBdig\fP, this value is not +address of the name server to query. (Unlike \fI\%dig\fP, this value is not retrieved from \fB/etc/resolv.conf\fP\&.) It can be an IPv4 address in dotted\-decimal notation, an IPv6 address in colon\-delimited notation, or a hostname. When the supplied \fBserver\fP argument is a hostname, @@ -428,7 +428,7 @@ This flag is off by default. .UNINDENT .SH SEE ALSO .sp -\fBdig(1)\fP, \fI\%RFC 1035\fP\&. +\fI\%dig(1)\fP, \fI\%RFC 1035\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/named-checkconf.1in b/doc/man/named-checkconf.1in index 7e90403438..17ec517a63 100644 --- a/doc/man/named-checkconf.1in +++ b/doc/man/named-checkconf.1in @@ -36,14 +36,14 @@ named-checkconf \- named configuration file syntax checking tool .SH DESCRIPTION .sp \fBnamed\-checkconf\fP checks the syntax, but not the semantics, of a -\fBnamed\fP configuration file. The file, along with all files included by it, is parsed and checked for syntax +\fI\%named\fP configuration file. The file, along with all files included by it, is parsed and checked for syntax errors. If no file is specified, \fB@sysconfdir@/named.conf\fP is read by default. .sp -Note: files that \fBnamed\fP reads in separate parser contexts, such as +Note: files that \fI\%named\fP reads in separate parser contexts, such as \fBrndc.key\fP and \fBbind.keys\fP, are not automatically read by \fBnamed\-checkconf\fP\&. Configuration errors in these files may cause -\fBnamed\fP to fail to run, even if \fBnamed\-checkconf\fP was successful. +\fI\%named\fP to fail to run, even if \fBnamed\-checkconf\fP was successful. However, \fBnamed\-checkconf\fP can be run on these files explicitly. .SH OPTIONS .INDENT 0.0 @@ -54,7 +54,7 @@ This option prints the usage summary and exits. .INDENT 0.0 .TP .B \-j -When loading a zonefile, this option instructs \fBnamed\fP to read the journal if it exists. +When loading a zonefile, this option instructs \fI\%named\fP to read the journal if it exists. .UNINDENT .INDENT 0.0 .TP @@ -77,15 +77,15 @@ This option ignores warnings on deprecated options. .INDENT 0.0 .TP .B \-p -This option prints out the \fBnamed.conf\fP and included files in canonical form if +This option prints out the \fI\%named.conf\fP and included files in canonical form if no errors were detected. See also the \fI\%\-x\fP option. .UNINDENT .INDENT 0.0 .TP .B \-t directory -This option instructs \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the +This option instructs \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the configuration file are processed as if run by a similarly chrooted -\fBnamed\fP\&. +\fI\%named\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -97,7 +97,7 @@ This option prints the version of the \fBnamed\-checkconf\fP program and exits. .B \-x When printing the configuration files in canonical form, this option obscures shared secrets by replacing them with strings of question marks -(\fB?\fP). This allows the contents of \fBnamed.conf\fP and related files +(\fB?\fP). This allows the contents of \fI\%named.conf\fP and related files to be shared \- for example, when submitting bug reports \- without compromising private data. This option cannot be used without \fI\%\-p\fP\&. @@ -105,7 +105,7 @@ without compromising private data. This option cannot be used without .INDENT 0.0 .TP .B \-z -This option performs a test load of all zones of type \fBprimary\fP found in \fBnamed.conf\fP\&. +This option performs a test load of all zones of type \fBprimary\fP found in \fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -119,7 +119,7 @@ it defaults to \fB@sysconfdir@/named.conf\fP\&. and 0 otherwise. .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBnamed\-checkzone(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%named(8)\fP, \fI\%named\-checkzone(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/named-checkzone.1in b/doc/man/named-checkzone.1in index 4290c4760c..822295ff51 100644 --- a/doc/man/named-checkzone.1in +++ b/doc/man/named-checkzone.1in @@ -36,7 +36,7 @@ named-checkzone \- zone file validity checking or converting tool .SH DESCRIPTION .sp \fBnamed\-checkzone\fP checks the syntax and integrity of a zone file. It -performs the same checks as \fBnamed\fP does when loading a zone. This +performs the same checks as \fI\%named\fP does when loading a zone. This makes \fBnamed\-checkzone\fP useful for checking zone files before configuring them into a name server. .SH OPTIONS @@ -64,14 +64,14 @@ This option prints the version of the \fBnamed\-checkzone\fP program and exits. .INDENT 0.0 .TP .B \-j -When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal +When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal file name is assumed to be the zone file name with the string \fB\&.jnl\fP appended. .UNINDENT .INDENT 0.0 .TP .B \-J filename -When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if +When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if it exists. This implies \fI\%\-j\fP\&. .UNINDENT .INDENT 0.0 @@ -122,9 +122,9 @@ the zone contents. .sp Possible formats are \fBtext\fP (the default), which is the standard textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which -store the zone in a binary format for rapid loading by \fBnamed\fP\&. +store the zone in a binary format for rapid loading by \fI\%named\fP\&. \fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is -0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the +0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the file can only be read by release 9.9.0 or higher. The default is 1. .UNINDENT .INDENT 0.0 @@ -138,7 +138,7 @@ Possible modes are \fBfail\fP, \fBwarn\fP (the default), and \fBignore\fP\&. .B \-l ttl This option sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value causes the zone to be rejected. This -is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&. +is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -199,9 +199,9 @@ This option checks whether an SRV record refers to a CNAME. Possible modes are .INDENT 0.0 .TP .B \-t directory -This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the +This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the configuration file are processed as if run by a similarly chrooted -\fBnamed\fP\&. +\fI\%named\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -213,9 +213,9 @@ modes are \fBwarn\fP (the default) and \fBignore\fP\&. .INDENT 0.0 .TP .B \-w directory -This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file +This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file \fB$INCLUDE\fP directives work. This is similar to the directory clause in -\fBnamed.conf\fP\&. +\fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -246,7 +246,7 @@ This is the name of the zone file. and 0 otherwise. .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-compilezone(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference +\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-compilezone(8)\fP, \fI\%RFC 1035\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/named-compilezone.1in b/doc/man/named-compilezone.1in index 16872ec748..b4897f2ae2 100644 --- a/doc/man/named-compilezone.1in +++ b/doc/man/named-compilezone.1in @@ -38,9 +38,9 @@ named-compilezone \- zone file validity checking or converting tool \fBnamed\-compilezone\fP checks the syntax and integrity of a zone file, and dumps the zone contents to a specified file in a specified format. It applies strict check levels by default, since the -dump output is used as an actual zone file loaded by \fBnamed\fP\&. +dump output is used as an actual zone file loaded by \fI\%named\fP\&. When manually specified otherwise, the check levels must at least be as -strict as those specified in the \fBnamed\fP configuration file. +strict as those specified in the \fI\%named\fP configuration file. .SH OPTIONS .INDENT 0.0 .TP @@ -61,19 +61,19 @@ successful or failed completion. .INDENT 0.0 .TP .B \-v -This option prints the version of the \fBnamed\-checkzone\fP program and exits. +This option prints the version of the \fI\%named\-checkzone\fP program and exits. .UNINDENT .INDENT 0.0 .TP .B \-j -When loading a zone file, this option tells \fBnamed\fP to read the journal if it exists. The journal +When loading a zone file, this option tells \fI\%named\fP to read the journal if it exists. The journal file name is assumed to be the zone file name with the string \fB\&.jnl\fP appended. .UNINDENT .INDENT 0.0 .TP .B \-J filename -When loading the zone file, this option tells \fBnamed\fP to read the journal from the given file, if +When loading the zone file, this option tells \fI\%named\fP to read the journal from the given file, if it exists. This implies \fI\%\-j\fP\&. .UNINDENT .INDENT 0.0 @@ -119,14 +119,14 @@ This option specifies the format of the zone file. Possible formats are .TP .B \-F format This option specifies the format of the output file specified. For -\fBnamed\-checkzone\fP, this does not have any effect unless it dumps +\fI\%named\-checkzone\fP, this does not have any effect unless it dumps the zone contents. .sp Possible formats are \fBtext\fP (the default), which is the standard textual representation of the zone, and \fBraw\fP and \fBraw=N\fP, which -store the zone in a binary format for rapid loading by \fBnamed\fP\&. +store the zone in a binary format for rapid loading by \fI\%named\fP\&. \fBraw=N\fP specifies the format version of the raw zone file: if \fBN\fP is -0, the raw file can be read by any version of \fBnamed\fP; if N is 1, the +0, the raw file can be read by any version of \fI\%named\fP; if N is 1, the file can only be read by release 9.9.0 or higher. The default is 1. .UNINDENT .INDENT 0.0 @@ -140,7 +140,7 @@ Possible modes are \fBfail\fP (the default), \fBwarn\fP, and \fBignore\fP\&. .B \-l ttl This option sets a maximum permissible TTL for the input file. Any record with a TTL higher than this value causes the zone to be rejected. This -is similar to using the \fBmax\-zone\-ttl\fP option in \fBnamed.conf\fP\&. +is similar to using the \fBmax\-zone\-ttl\fP option in \fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -200,9 +200,9 @@ This option checks whether an SRV record refers to a CNAME. Possible modes are .INDENT 0.0 .TP .B \-t directory -This option tells \fBnamed\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the +This option tells \fI\%named\fP to chroot to \fBdirectory\fP, so that \fBinclude\fP directives in the configuration file are processed as if run by a similarly chrooted -\fBnamed\fP\&. +\fI\%named\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -214,9 +214,9 @@ modes are \fBwarn\fP (the default) and \fBignore\fP\&. .INDENT 0.0 .TP .B \-w directory -This option instructs \fBnamed\fP to chdir to \fBdirectory\fP, so that relative filenames in master file +This option instructs \fI\%named\fP to chdir to \fBdirectory\fP, so that relative filenames in master file \fB$INCLUDE\fP directives work. This is similar to the directory clause in -\fBnamed.conf\fP\&. +\fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -248,7 +248,7 @@ This is the name of the zone file. and 0 otherwise. .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP, \fI:rfc:\(ga1035\fP, +\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI:rfc:\(ga1035\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/named-journalprint.1in b/doc/man/named-journalprint.1in index b4d11fb1c9..f8eb858100 100644 --- a/doc/man/named-journalprint.1in +++ b/doc/man/named-journalprint.1in @@ -39,8 +39,8 @@ named-journalprint \- print zone journal in human-readable form printing it in a human\-readable form, or, optionally, converting it to a different journal file format. .sp -Journal files are automatically created by \fBnamed\fP when changes are -made to dynamic zones (e.g., by \fBnsupdate\fP). They record each addition +Journal files are automatically created by \fI\%named\fP when changes are +made to dynamic zones (e.g., by \fI\%nsupdate\fP). They record each addition or deletion of a resource record, in binary format, allowing the changes to be re\-applied to the zone when the server is restarted after a shutdown or crash. By default, the name of the journal file is formed by @@ -54,7 +54,7 @@ the resource record in master\-file format. .sp The \fB\-c\fP (compact) option provides a mechanism to reduce the size of a journal by removing (most/all) transactions prior to the specified -serial number. Note: this option \fImust not\fP be used while \fBnamed\fP is +serial number. Note: this option \fImust not\fP be used while \fI\%named\fP is running, and can cause data loss if the zone file has not been updated to contain the data being removed from the journal. Use with extreme caution. .sp @@ -67,10 +67,10 @@ replaced. \fB\-d\fP writes out the journal in the format used by versions of BIND up to 9.16.11; \fB\-u\fP writes it out in the format used by versions since 9.16.13. (9.16.12 is omitted due to a journal\-formatting bug in that release.) Note that these options \fImust not\fP be used while -\fBnamed\fP is running. +\fI\%named\fP is running. .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBnsupdate(1)\fP, BIND 9 Administrator Reference Manual. +\fI\%named(8)\fP, \fI\%nsupdate(1)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/named-nzd2nzf.1in b/doc/man/named-nzd2nzf.1in index fee8beec73..50c8b2475f 100644 --- a/doc/man/named-nzd2nzf.1in +++ b/doc/man/named-nzd2nzf.1in @@ -37,7 +37,7 @@ named-nzd2nzf \- convert an NZD database to NZF text format .sp \fBnamed\-nzd2nzf\fP converts an NZD database to NZF format and prints it to standard output. This can be used to review the configuration of -zones that were added to \fBnamed\fP via \fBrndc addzone\fP\&. It can also be +zones that were added to \fI\%named\fP via \fI\%rndc addzone\fP\&. It can also be used to restore the old file format when rolling back from a newer version of BIND to an older version. .SH ARGUMENTS diff --git a/doc/man/named-rrchecker.1in b/doc/man/named-rrchecker.1in index d51b24734f..7088b19420 100644 --- a/doc/man/named-rrchecker.1in +++ b/doc/man/named-rrchecker.1in @@ -69,7 +69,7 @@ and private type mnemonics, respectively. .UNINDENT .SH SEE ALSO .sp -\fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fBnamed(8)\fP\&. +\fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named(8)\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/named.8in b/doc/man/named.8in index 7395e3c866..0fd8c74f1d 100644 --- a/doc/man/named.8in +++ b/doc/man/named.8in @@ -237,12 +237,12 @@ This option reports the version number and build options, and exits. This option acquires a lock on the specified file at runtime; this helps to prevent duplicate \fBnamed\fP instances from running simultaneously. Use of this option overrides the \fBlock\-file\fP option in -\fBnamed.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled. +\fI\%named.conf\fP\&. If set to \fBnone\fP, the lock file check is disabled. .UNINDENT .SH SIGNALS .sp In routine operation, signals should not be used to control the -nameserver; \fBrndc\fP should be used instead. +nameserver; \fI\%rndc\fP should be used instead. .INDENT 0.0 .TP .B SIGHUP @@ -274,7 +274,7 @@ The default process\-id file. .UNINDENT .SH SEE ALSO .sp -\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fBnamed\-checkconf(8)\fP, \fBnamed\-checkzone(8)\fP, \fBrndc(8)\fP, \fBnamed.conf(5)\fP, BIND 9 Administrator Reference Manual. +\fI\%RFC 1033\fP, \fI\%RFC 1034\fP, \fI\%RFC 1035\fP, \fI\%named\-checkconf(8)\fP, \fI\%named\-checkzone(8)\fP, \fI\%rndc(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/named.conf.5in b/doc/man/named.conf.5in index 9b6f17eed9..0fec93081a 100644 --- a/doc/man/named.conf.5in +++ b/doc/man/named.conf.5in @@ -35,7 +35,7 @@ named.conf \- configuration file for **named** \fBnamed.conf\fP .SH DESCRIPTION .sp -\fBnamed.conf\fP is the configuration file for \fBnamed\fP\&. +\fBnamed.conf\fP is the configuration file for \fI\%named\fP\&. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: @@ -1312,7 +1312,7 @@ zone [ ] { \fB@sysconfdir@/named.conf\fP .SH SEE ALSO .sp -\fBnamed(8)\fP, \fBnamed\-checkconf(8)\fP, \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBtsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%named(8)\fP, \fI\%named\-checkconf(8)\fP, \fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fI\%tsig\-keygen(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/nslookup.1in b/doc/man/nslookup.1in index bf74d13589..e56cb0ef34 100644 --- a/doc/man/nslookup.1in +++ b/doc/man/nslookup.1in @@ -77,9 +77,9 @@ and immediately exit. .INDENT 0.0 .TP .B \fBhost [server]\fP -This command looks up information for \fBhost\fP using the current default server or -using \fBserver\fP, if specified. If \fBhost\fP is an Internet address and the -query type is A or PTR, the name of the host is returned. If \fBhost\fP is +This command looks up information for \fI\%host\fP using the current default server or +using \fBserver\fP, if specified. If \fI\%host\fP is an Internet address and the +query type is A or PTR, the name of the host is returned. If \fI\%host\fP is a name and does not have a trailing period (\fB\&.\fP), the search list is used to qualify the name. .sp @@ -216,7 +216,7 @@ when \fBnslookup\fP runs, or when the standard output is not a tty. \fB/etc/resolv.conf\fP .SH SEE ALSO .sp -\fBdig(1)\fP, \fBhost(1)\fP, \fBnamed(8)\fP\&. +\fI\%dig(1)\fP, \fI\%host(1)\fP, \fI\%named(8)\fP\&. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/nsupdate.1in b/doc/man/nsupdate.1in index 7e3a7ea8fd..4f4b4f8025 100644 --- a/doc/man/nsupdate.1in +++ b/doc/man/nsupdate.1in @@ -60,7 +60,7 @@ and the name server. For instance, suitable \fBkey\fP and \fBserver\fP statements are added to \fB@sysconfdir@/named.conf\fP so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that is using TSIG -authentication. \fBddns\-confgen\fP can generate suitable +authentication. \fI\%ddns\-confgen\fP can generate suitable configuration fragments. \fBnsupdate\fP uses the \fI\%\-y\fP or \fI\%\-k\fP options to provide the TSIG shared secret; these options are mutually exclusive. .sp @@ -111,12 +111,12 @@ This option forces interactive mode, even when standard input is not a terminal. .TP .B \-k keyfile This option indicates the file containing the TSIG authentication key. Keyfiles may be in -two formats: a single file containing a \fBnamed.conf\fP\-format \fBkey\fP -statement, which may be generated automatically by \fBddns\-confgen\fP; +two formats: a single file containing a \fI\%named.conf\fP\-format \fBkey\fP +statement, which may be generated automatically by \fI\%ddns\-confgen\fP; or a pair of files whose names are of the format \fBK{name}.+157.+{random}.key\fP and \fBK{name}.+157.+{random}.private\fP, which can be generated by -\fBdnssec\-keygen\fP\&. The \fI\%\-k\fP option can also be used to specify a SIG(0) +\fI\%dnssec\-keygen\fP\&. The \fI\%\-k\fP option can also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key. .UNINDENT @@ -127,7 +127,7 @@ This option sets local\-host only mode, which sets the server address to localho (disabling the \fBserver\fP so that the server address cannot be overridden). Connections to the local server use a TSIG key found in \fB@runstatedir@/session.key\fP, which is automatically -generated by \fBnamed\fP if any local \fBprimary\fP zone has set +generated by \fI\%named\fP if any local \fBprimary\fP zone has set \fBupdate\-policy\fP to \fBlocal\fP\&. The location of this key file can be overridden with the \fI\%\-k\fP option. .UNINDENT @@ -404,15 +404,15 @@ Used to identify the default name server Sets the default TSIG key for use in local\-only mode .TP .B \fBK{name}.+157.+{random}.key\fP -Base\-64 encoding of the HMAC\-MD5 key created by \fBdnssec\-keygen\fP\&. +Base\-64 encoding of the HMAC\-MD5 key created by \fI\%dnssec\-keygen\fP\&. .TP .B \fBK{name}.+157.+{random}.private\fP -Base\-64 encoding of the HMAC\-MD5 key created by \fBdnssec\-keygen\fP\&. +Base\-64 encoding of the HMAC\-MD5 key created by \fI\%dnssec\-keygen\fP\&. .UNINDENT .SH SEE ALSO .sp \fI\%RFC 2136\fP, \fI\%RFC 3007\fP, \fI\%RFC 2104\fP, \fI\%RFC 2845\fP, \fI\%RFC 1034\fP, \fI\%RFC 2535\fP, \fI\%RFC 2931\fP, -\fBnamed(8)\fP, \fBdnssec\-keygen(8)\fP, \fBtsig\-keygen(8)\fP\&. +\fI\%named(8)\fP, \fI\%dnssec\-keygen(8)\fP, \fI\%tsig\-keygen(8)\fP\&. .SH BUGS .sp The TSIG key is redundantly stored in two separate files. This is a diff --git a/doc/man/rndc-confgen.8in b/doc/man/rndc-confgen.8in index 9433875a43..02639916f7 100644 --- a/doc/man/rndc-confgen.8in +++ b/doc/man/rndc-confgen.8in @@ -35,26 +35,26 @@ rndc-confgen \- rndc key generation tool \fBrndc\-confgen\fP [\fB\-a\fP] [\fB\-A\fP algorithm] [\fB\-b\fP keysize] [\fB\-c\fP keyfile] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-p\fP port] [\fB\-s\fP address] [\fB\-t\fP chrootdir] [\fB\-u\fP user] .SH DESCRIPTION .sp -\fBrndc\-confgen\fP generates configuration files for \fBrndc\fP\&. It can be -used as a convenient alternative to writing the \fBrndc.conf\fP file and -the corresponding \fBcontrols\fP and \fBkey\fP statements in \fBnamed.conf\fP +\fBrndc\-confgen\fP generates configuration files for \fI\%rndc\fP\&. It can be +used as a convenient alternative to writing the \fI\%rndc.conf\fP file and +the corresponding \fBcontrols\fP and \fBkey\fP statements in \fI\%named.conf\fP by hand. Alternatively, it can be run with the \fI\%\-a\fP option to set up a -\fBrndc.key\fP file and avoid the need for a \fBrndc.conf\fP file and a +\fBrndc.key\fP file and avoid the need for a \fI\%rndc.conf\fP file and a \fBcontrols\fP statement altogether. .SH OPTIONS .INDENT 0.0 .TP .B \-a -This option sets automatic \fBrndc\fP configuration, which creates a file -\fB@sysconfdir@/rndc.key\fP that is read by both \fBrndc\fP and \fBnamed\fP on startup. +This option sets automatic \fI\%rndc\fP configuration, which creates a file +\fB@sysconfdir@/rndc.key\fP that is read by both \fI\%rndc\fP and \fI\%named\fP on startup. The \fBrndc.key\fP file defines a default command channel and -authentication key allowing \fBrndc\fP to communicate with \fBnamed\fP on +authentication key allowing \fI\%rndc\fP to communicate with \fI\%named\fP on the local host with no further configuration. .sp If a more elaborate configuration than that generated by \fI\%rndc\-confgen \-a\fP is required, for example if rndc is to be used remotely, run \fBrndc\-confgen\fP without the \fI\%\-a\fP option -and set up \fBrndc.conf\fP and \fBnamed.conf\fP as directed. +and set up \fI\%rndc.conf\fP and \fI\%named.conf\fP as directed. .UNINDENT .INDENT 0.0 .TP @@ -84,14 +84,14 @@ This option prints a short summary of the options and arguments to .INDENT 0.0 .TP .B \-k keyname -This option specifies the key name of the \fBrndc\fP authentication key. This must be a +This option specifies the key name of the \fI\%rndc\fP authentication key. This must be a valid domain name. The default is \fBrndc\-key\fP\&. .UNINDENT .INDENT 0.0 .TP .B \-p port -This option specifies the command channel port where \fBnamed\fP listens for -connections from \fBrndc\fP\&. The default is 953. +This option specifies the command channel port where \fI\%named\fP listens for +connections from \fI\%rndc\fP\&. The default is 953. .UNINDENT .INDENT 0.0 .TP @@ -101,17 +101,17 @@ This option prevets printing the written path in automatic configuration mode. .INDENT 0.0 .TP .B \-s address -This option specifies the IP address where \fBnamed\fP listens for command\-channel -connections from \fBrndc\fP\&. The default is the loopback address +This option specifies the IP address where \fI\%named\fP listens for command\-channel +connections from \fI\%rndc\fP\&. The default is the loopback address 127.0.0.1. .UNINDENT .INDENT 0.0 .TP .B \-t chrootdir -This option is used with the \fI\%\-a\fP option to specify a directory where \fBnamed\fP +This option is used with the \fI\%\-a\fP option to specify a directory where \fI\%named\fP runs chrooted. An additional copy of the \fBrndc.key\fP is written relative to this directory, so that it is found by the -chrooted \fBnamed\fP\&. +chrooted \fI\%named\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -122,17 +122,17 @@ area has its owner changed. .UNINDENT .SH EXAMPLES .sp -To allow \fBrndc\fP to be used with no manual configuration, run: +To allow \fI\%rndc\fP to be used with no manual configuration, run: .sp \fBrndc\-confgen \-a\fP .sp -To print a sample \fBrndc.conf\fP file and the corresponding \fBcontrols\fP and -\fBkey\fP statements to be manually inserted into \fBnamed.conf\fP, run: +To print a sample \fI\%rndc.conf\fP file and the corresponding \fBcontrols\fP and +\fBkey\fP statements to be manually inserted into \fI\%named.conf\fP, run: .sp \fBrndc\-confgen\fP .SH SEE ALSO .sp -\fBrndc(8)\fP, \fBrndc.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%rndc(8)\fP, \fI\%rndc.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in index 619840268c..d47670a89e 100644 --- a/doc/man/rndc.8in +++ b/doc/man/rndc.8in @@ -42,7 +42,7 @@ arguments. .sp \fBrndc\fP communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current -versions of \fBrndc\fP and \fBnamed\fP, the only supported authentication +versions of \fBrndc\fP and \fI\%named\fP, the only supported authentication algorithms are HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512. They use a shared secret on each end of the connection, which provides TSIG\-style @@ -108,7 +108,7 @@ unless there is an error. .INDENT 0.0 .TP .B \-r -This option instructs \fBrndc\fP to print the result code returned by \fBnamed\fP +This option instructs \fBrndc\fP to print the result code returned by \fI\%named\fP after executing the requested command (e.g., ISC_R_SUCCESS, ISC_R_FAILURE, etc.). .UNINDENT @@ -121,7 +121,7 @@ This option enables verbose logging. .TP .B \-y key_id This option indicates use of the key \fBkey_id\fP from the configuration file. For control message validation to succeed, \fBkey_id\fP must be known -by \fBnamed\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified, +by \fI\%named\fP with the same algorithm and secret string. If no \fBkey_id\fP is specified, \fBrndc\fP first looks for a key clause in the server statement of the server being used, or if no server statement is present for that host, then in the default\-key clause of the options statement. Note that @@ -141,14 +141,14 @@ Currently supported commands are: This command adds a zone while the server is running. This command requires the \fBallow\-new\-zones\fP option to be set to \fByes\fP\&. The configuration string specified on the command line is the zone configuration text -that would ordinarily be placed in \fBnamed.conf\fP\&. +that would ordinarily be placed in \fI\%named.conf\fP\&. .sp The configuration is saved in a file called \fBviewname.nzf\fP (or, if -\fBnamed\fP is compiled with liblmdb, an LMDB database file called +\fI\%named\fP is compiled with liblmdb, an LMDB database file called \fBviewname.nzd\fP). \fBviewname\fP is the name of the view, unless the view name contains characters that are incompatible with use as a file name, in which case a cryptographic hash of the view name is used -instead. When \fBnamed\fP is restarted, the file is loaded into +instead. When \fI\%named\fP is restarted, the file is loaded into the view configuration so that zones that were added can persist after a restart. .sp @@ -175,10 +175,10 @@ are reported in the output of the \fBrndc delzone\fP command.) .sp If the zone was originally added via \fBrndc addzone\fP, then it is removed permanently. However, if it was originally configured in -\fBnamed.conf\fP, then that original configuration remains in place; +\fI\%named.conf\fP, then that original configuration remains in place; when the server is restarted or reconfigured, the zone is recreated. To remove it permanently, it must also be removed from -\fBnamed.conf\fP\&. +\fI\%named.conf\fP\&. .sp See also \fI\%rndc addzone\fP and \fI\%rndc modzone\fP\&. .UNINDENT @@ -194,7 +194,7 @@ zone. \fBrndc dnssec \-rollover\fP allows you to schedule key rollover for a specific key (overriding the original key lifetime). .sp -\fBrndc dnssec \-checkds\fP will let \fBnamed\fP know that the DS for the given +\fBrndc dnssec \-checkds\fP will let \fI\%named\fP know that the DS for the given key has been seen published into or withdrawn from the parent. This is required in order to complete a KSK rollover. If the \fB\-key id\fP argument is specified, look for the key with the given identifier, otherwise if there @@ -207,7 +207,7 @@ withdrawn is set to now, unless otherwise specified with the argument \fB\-when .TP .B dnstap (\-reopen | \-roll [number]) This command closes and re\-opens DNSTAP output files. \fBrndc dnstap \-reopen\fP allows -the output file to be renamed externally, so that \fBnamed\fP can +the output file to be renamed externally, so that \fI\%named\fP can truncate and re\-open it. \fBrndc dnstap \-roll\fP causes the output file to be rolled automatically, similar to log files. The most recent output file has ".0" appended to its name; the previous most recent @@ -257,8 +257,8 @@ See also \fI\%rndc thaw\fP\&. This command stops the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but are rolled forward from the journal files when the server is restarted. If -\fB\-p\fP is specified, \fBnamed\fP\(aqs process ID is returned. This allows -an external process to determine when \fBnamed\fP has completed +\fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned. This allows +an external process to determine when \fI\%named\fP has completed halting. .sp See also \fI\%rndc stop\fP\&. @@ -306,11 +306,11 @@ This command should be used only with extreme caution. .sp Existing keys that are already trusted are not deleted from memory; DNSSEC validation can continue after this command is used. -However, key maintenance operations cease until \fBnamed\fP is +However, key maintenance operations cease until \fI\%named\fP is restarted or reconfigured, and all existing key maintenance states are deleted. .sp -Running \fI\%rndc reconfig\fP or restarting \fBnamed\fP immediately +Running \fI\%rndc reconfig\fP or restarting \fI\%named\fP immediately after this command causes key maintenance to be reinitialized from scratch, just as if the server were being started for the first time. This is primarily intended for testing, but it may @@ -326,16 +326,16 @@ This command modifies the configuration of a zone while the server is running. T command requires the \fBallow\-new\-zones\fP option to be set to \fByes\fP\&. As with \fBaddzone\fP, the configuration string specified on the command line is the zone configuration text that would ordinarily be -placed in \fBnamed.conf\fP\&. +placed in \fI\%named.conf\fP\&. .sp If the zone was originally added via \fI\%rndc addzone\fP, the configuration changes are recorded permanently and are still in effect after the server is restarted or reconfigured. However, if -it was originally configured in \fBnamed.conf\fP, then that original +it was originally configured in \fI\%named.conf\fP, then that original configuration remains in place; when the server is restarted or reconfigured, the zone reverts to its original configuration. To make the changes permanent, it must also be modified in -\fBnamed.conf\fP\&. +\fI\%named.conf\fP\&. .sp See also \fI\%rndc addzone\fP and \fI\%rndc delzone\fP\&. .UNINDENT @@ -356,18 +356,18 @@ See also \fI\%rndc trace\fP\&. .B nta [(\-class class | \-dump | \-force | \-remove | \-lifetime duration)] domain [view] This command sets a DNSSEC negative trust anchor (NTA) for \fBdomain\fP, with a lifetime of \fBduration\fP\&. The default lifetime is configured in -\fBnamed.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one +\fI\%named.conf\fP via the \fBnta\-lifetime\fP option, and defaults to one hour. The lifetime cannot exceed one week. .sp A negative trust anchor selectively disables DNSSEC validation for zones that are known to be failing because of misconfiguration rather than an attack. When data to be validated is at or below an active -NTA (and above any other configured trust anchors), \fBnamed\fP +NTA (and above any other configured trust anchors), \fI\%named\fP aborts the DNSSEC validation process and treats the data as insecure rather than bogus. This continues until the NTA\(aqs lifetime has elapsed. .sp -NTAs persist across restarts of the \fBnamed\fP server. The NTAs for a +NTAs persist across restarts of the \fI\%named\fP server. The NTAs for a view are saved in a file called \fBname.nta\fP, where \fBname\fP is the name of the view; if it contains characters that are incompatible with use as a file name, a cryptographic hash is generated from the name of @@ -385,7 +385,7 @@ If \fB\-dump\fP is used, any other arguments are ignored and a list of existing NTAs is printed. Note that this may include NTAs that are expired but have not yet been cleaned up. .sp -Normally, \fBnamed\fP periodically tests to see whether data below +Normally, \fI\%named\fP periodically tests to see whether data below an NTA can now be validated (see the \fBnta\-recheck\fP option in the Administrator Reference Manual for details). If data can be validated, then the NTA is regarded as no longer necessary and is @@ -413,8 +413,8 @@ on and off. .sp Query logging can also be enabled by explicitly directing the \fBqueries\fP \fBcategory\fP to a \fBchannel\fP in the \fBlogging\fP section -of \fBnamed.conf\fP, or by specifying \fBquerylog yes;\fP in the -\fBoptions\fP section of \fBnamed.conf\fP\&. +of \fI\%named.conf\fP, or by specifying \fBquerylog yes;\fP in the +\fBoptions\fP section of \fI\%named.conf\fP\&. .UNINDENT .INDENT 0.0 .TP @@ -427,7 +427,7 @@ avoids the need to examine the modification times of the zone files. .INDENT 0.0 .TP .B recursing -This command dumps the list of queries \fBnamed\fP is currently +This command dumps the list of queries \fI\%named\fP is currently recursing on, and the list of domains to which iterative queries are currently being sent. .sp @@ -493,7 +493,7 @@ If the first argument is \fB\-\fP, then the output is returned via the \fBrndc\fP response channel and printed to the standard output. Otherwise, it is written to the secroots dump file, which defaults to \fBnamed.secroots\fP, but can be overridden via the \fBsecroots\-file\fP -option in \fBnamed.conf\fP\&. +option in \fI\%named.conf\fP\&. .sp See also \fI\%rndc managed\-keys\fP\&. .UNINDENT @@ -501,11 +501,11 @@ See also \fI\%rndc managed\-keys\fP\&. .TP .B serve\-stale (on | off | reset | status) [class [view]] This command enables, disables, resets, or reports the current status of -the serving of stale answers as configured in \fBnamed.conf\fP\&. +the serving of stale answers as configured in \fI\%named.conf\fP\&. .sp If serving of stale answers is disabled by \fBrndc\-serve\-stale off\fP, then it -remains disabled even if \fBnamed\fP is reloaded or reconfigured. \fBrndc -serve\-stale reset\fP restores the setting as configured in \fBnamed.conf\fP\&. +remains disabled even if \fI\%named\fP is reloaded or reconfigured. \fBrndc +serve\-stale reset\fP restores the setting as configured in \fI\%named.conf\fP\&. .sp \fBrndc serve\-stale status\fP reports whether caching and serving of stale answers is currently enabled or disabled. It also reports the values of @@ -565,7 +565,7 @@ depending on whether the opt\-out bit in the NSEC3 chain should be set. \fBiterations\fP defines the number of additional times to apply the algorithm when generating an NSEC3 hash. The \fBsalt\fP is a string of data expressed in hexadecimal, a hyphen (\fI\-\(aq) if no salt is to be -used, or the keyword \(ga\(gaauto\(ga\fP, which causes \fBnamed\fP to generate a +used, or the keyword \(ga\(gaauto\(ga\fP, which causes \fI\%named\fP to generate a random 64\-bit salt. .sp So, for example, to create an NSEC3 chain using the SHA\-1 hash @@ -601,8 +601,8 @@ there is no explicit root zone configured. .B stop \-p This command stops the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated -zones. If \fB\-p\fP is specified, \fBnamed\fP\(aqs process ID is returned. -This allows an external process to determine when \fBnamed\fP has +zones. If \fB\-p\fP is specified, \fI\%named\fP\(aqs process ID is returned. +This allows an external process to determine when \fI\%named\fP has completed stopping. .sp See also \fI\%rndc halt\fP\&. @@ -661,7 +661,7 @@ apply to statically configured TSIG keys. .TP .B tsig\-list This command lists the names of all TSIG keys currently configured for use by -\fBnamed\fP in each view. The list includes both statically configured keys and +\fI\%named\fP in each view. The list includes both statically configured keys and dynamic TKEY\-negotiated keys. .UNINDENT .INDENT 0.0 @@ -701,8 +701,8 @@ without using the configuration file. Several error messages could be clearer. .SH SEE ALSO .sp -\fBrndc.conf(5)\fP, \fBrndc\-confgen(8)\fP, -\fBnamed(8)\fP, \fBnamed.conf(5)\fP, BIND 9 Administrator +\fI\%rndc.conf(5)\fP, \fI\%rndc\-confgen(8)\fP, +\fI\%named(8)\fP, \fI\%named.conf(5)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium diff --git a/doc/man/rndc.conf.5in b/doc/man/rndc.conf.5in index 389f8ada36..1c88b9b915 100644 --- a/doc/man/rndc.conf.5in +++ b/doc/man/rndc.conf.5in @@ -35,9 +35,9 @@ rndc.conf \- rndc configuration file \fBrndc.conf\fP .SH DESCRIPTION .sp -\fBrndc.conf\fP is the configuration file for \fBrndc\fP, the BIND 9 name +\fBrndc.conf\fP is the configuration file for \fI\%rndc\fP, the BIND 9 name server control utility. This file has a similar structure and syntax to -\fBnamed.conf\fP\&. Statements are enclosed in braces and terminated with a +\fI\%named.conf\fP\&. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported: .sp @@ -47,13 +47,13 @@ C++ style: // to end of line .sp Unix style: # to end of line .sp -\fBrndc.conf\fP is much simpler than \fBnamed.conf\fP\&. The file uses three +\fBrndc.conf\fP is much simpler than \fI\%named.conf\fP\&. The file uses three statements: an options statement, a server statement, and a key statement. .sp The \fBoptions\fP statement contains five clauses. The \fBdefault\-server\fP clause is followed by the name or address of a name server. This host -is used when no name server is given as an argument to \fBrndc\fP\&. +is used when no name server is given as an argument to \fI\%rndc\fP\&. The \fBdefault\-key\fP clause is followed by the name of a key, which is identified by a \fBkey\fP statement. If no \fBkeyid\fP is provided on the rndc command line, and no \fBkey\fP clause is found in a matching @@ -78,14 +78,14 @@ IPv4 and IPv6 source address, respectively. .sp The \fBkey\fP statement begins with an identifying string, the name of the key. The statement has two clauses. \fBalgorithm\fP identifies the -authentication algorithm for \fBrndc\fP to use; currently only HMAC\-MD5 +authentication algorithm for \fI\%rndc\fP to use; currently only HMAC\-MD5 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default), HMAC\-SHA384, and HMAC\-SHA512 are supported. This is followed by a secret clause which contains the base\-64 encoding of the algorithm\(aqs authentication key. The base\-64 string is enclosed in double quotes. .sp There are two common ways to generate the base\-64 string for the secret. -The BIND 9 program \fBrndc\-confgen\fP can be used to generate a random +The BIND 9 program \fI\%rndc\-confgen\fP can be used to generate a random key, or the \fBmmencode\fP program, also known as \fBmimencode\fP, can be used to generate a base\-64 string from known input. \fBmmencode\fP does not ship with BIND 9 but is available on many systems. See the Example @@ -156,7 +156,7 @@ key testkey { .UNINDENT .UNINDENT .sp -In the above example, \fBrndc\fP by default uses the server at +In the above example, \fI\%rndc\fP by default uses the server at localhost (127.0.0.1) and the key called "samplekey". Commands to the localhost server use the "samplekey" key, which must also be defined in the server\(aqs configuration file with the same name and secret. The @@ -164,16 +164,16 @@ key statement indicates that "samplekey" uses the HMAC\-SHA256 algorithm and its secret clause contains the base\-64 encoding of the HMAC\-SHA256 secret enclosed in double quotes. .sp -If \fBrndc \-s testserver\fP is used, then \fBrndc\fP connects to the server +If \fI\%rndc \-s testserver\fP is used, then \fI\%rndc\fP connects to the server on localhost port 5353 using the key "testkey". .sp -To generate a random secret with \fBrndc\-confgen\fP: +To generate a random secret with \fI\%rndc\-confgen\fP: .sp -\fBrndc\-confgen\fP +\fI\%rndc\-confgen\fP .sp A complete \fBrndc.conf\fP file, including the randomly generated key, is written to the standard output. Commented\-out \fBkey\fP and -\fBcontrols\fP statements for \fBnamed.conf\fP are also printed. +\fBcontrols\fP statements for \fI\%named.conf\fP are also printed. .sp To generate a base\-64 secret with \fBmmencode\fP: .sp @@ -182,12 +182,12 @@ To generate a base\-64 secret with \fBmmencode\fP: .sp The name server must be configured to accept rndc connections and to recognize the key specified in the \fBrndc.conf\fP file, using the -controls statement in \fBnamed.conf\fP\&. See the sections on the +controls statement in \fI\%named.conf\fP\&. See the sections on the \fBcontrols\fP statement in the BIND 9 Administrator Reference Manual for details. .SH SEE ALSO .sp -\fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBmmencode(1)\fP, BIND 9 Administrator Reference Manual. +\fI\%rndc(8)\fP, \fI\%rndc\-confgen(8)\fP, \fBmmencode(1)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT diff --git a/doc/man/tsig-keygen.8in b/doc/man/tsig-keygen.8in index b2424663e3..fe9498c417 100644 --- a/doc/man/tsig-keygen.8in +++ b/doc/man/tsig-keygen.8in @@ -37,7 +37,7 @@ tsig-keygen \- TSIG key generation tool .sp \fBtsig\-keygen\fP is an utility that generates keys for use in TSIG signing. The resulting keys can be used, for example, to secure dynamic DNS updates -to a zone, or for the \fBrndc\fP command channel. +to a zone, or for the \fI\%rndc\fP command channel. .sp A domain name can be specified on the command line to be used as the name of the generated key. If no name is specified, the default is \fBtsig\-key\fP\&. @@ -57,7 +57,7 @@ This option prints a short summary of options and arguments. .UNINDENT .SH SEE ALSO .sp -\fBnsupdate(1)\fP, \fBnamed.conf(5)\fP, \fBnamed(8)\fP, BIND 9 Administrator Reference Manual. +\fI\%nsupdate(1)\fP, \fI\%named.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual. .SH AUTHOR Internet Systems Consortium .SH COPYRIGHT