dnssec-settime.docbook revision a6ca100924894cdd8e2b791d75a8cef32b1fba1f
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews [<!ENTITY mdash "&#8212;">]>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!--
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Copyright (C) 2009-2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein -
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein-->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<refentry id="man.dnssec-settime">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentryinfo>
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews <date>February 06, 2014</date>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refmeta>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle><application>dnssec-settime</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refmiscinfo>BIND9</refmiscinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refmeta>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refname><application>dnssec-settime</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refpurpose>Set the key timing metadata for a DNSSEC key</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2009</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2010</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2011</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2014</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <year>2015</year>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews </copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </docinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsynopsisdiv>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <cmdsynopsis>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <command>dnssec-settime</command>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <arg><option>-f</option></arg>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-h</option></arg>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <arg><option>-V</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <arg choice="req">keyfile</arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsynopsisdiv>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <title>DESCRIPTION</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para><command>dnssec-settime</command>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews reads a DNSSEC private key file and sets the key timing metadata
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein as specified by the <option>-P</option>, <option>-A</option>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <option>-R</option>, <option>-I</option>, and <option>-D</option>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein options. The metadata can then be used by
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>dnssec-signzone</command> or other signing software to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein determine when a key is to be published, whether it should be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein used for signing a zone, etc.
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews If none of these options is set on the command line,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein then <command>dnssec-settime</command> simply prints the key timing
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein metadata already stored in the key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When key metadata fields are changed, both files of a key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein pair (<filename>Knnnn.+aaa+iiiii.key</filename> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Metadata fields are stored in the private file. A human-readable
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater description of the metadata is also placed in comments in the key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein file. The private file's permissions are always set to be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein inaccessible to anyone other than the owner (mode 0600).
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsect1>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsect1>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <title>OPTIONS</title>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
12351e0500dff39f56844401fd191a36bcc4a7adMark Andrews <variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-f</term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Force an update of an old-format key with no metadata fields.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Without this option, <command>dnssec-settime</command> will
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein fail when attempting to update a legacy key. With this option,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the key will be recreated in the new format, but with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein original key data retained. The key's creation date will be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein set to the present time. If no other values are specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein then the key's publication and activation dates will also
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein be set to the present time.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-K <replaceable class="parameter">directory</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the directory in which the key files are to reside.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-L <replaceable class="parameter">ttl</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the default TTL to use for this key when it is converted
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater into a DNSKEY RR. If the key is imported into a zone,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein this is the TTL that will be used for it, unless there was
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews already a DNSKEY RRset in place, in which case the existing TTL
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein would take precedence. If this value is not set and there
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater is no existing DNSKEY RRset, the TTL will default to the
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater SOA TTL. Setting the default TTL to <literal>0</literal>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater or <literal>none</literal> removes it from the key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-h</term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Emit usage message and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-V</term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Prints version information.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </para>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </listitem>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-v <replaceable class="parameter">level</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <listitem>
<para>
Sets the debugging level.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-E <replaceable class="parameter">engine</replaceable></term>
<listitem>
<para>
Specifies the cryptographic hardware to use, when applicable.
</para>
<para>
When BIND is built with OpenSSL PKCS#11 support, this defaults
to the string "pkcs11", which identifies an OpenSSL engine
that can drive a cryptographic accelerator or hardware service
module. When BIND is built with native PKCS#11 cryptography
(--enable-native-pkcs11), it defaults to the path of the PKCS#11
provider library specified via "--with-pkcs11".
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>TIMING OPTIONS</title>
<para>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
an offset from the present time. For convenience, if such an offset
is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
is computed in seconds. To unset a date, use 'none' or 'never'.
</para>
<variablelist>
<varlistentry>
<term>-P <replaceable class="parameter">date/offset</replaceable></term>
<listitem>
<para>
Sets the date on which a key is to be published to the zone.
After that date, the key will be included in the zone but will
not be used to sign it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-A <replaceable class="parameter">date/offset</replaceable></term>
<listitem>
<para>
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-R <replaceable class="parameter">date/offset</replaceable></term>
<listitem>
<para>
Sets the date on which the key is to be revoked. After that
date, the key will be flagged as revoked. It will be included
in the zone and will be used to sign it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-I <replaceable class="parameter">date/offset</replaceable></term>
<listitem>
<para>
Sets the date on which the key is to be retired. After that
date, the key will still be included in the zone, but it
will not be used to sign it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-D <replaceable class="parameter">date/offset</replaceable></term>
<listitem>
<para>
Sets the date on which the key is to be deleted. After that
date, the key will no longer be included in the zone. (It
may remain in the key repository, however.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S <replaceable class="parameter">predecessor key</replaceable></term>
<listitem>
<para>
Select a key for which the key being modified will be an
explicit successor. The name, algorithm, size, and type of the
predecessor key must exactly match those of the key being
modified. The activation date of the successor key will be set
to the inactivation date of the predecessor. The publication
date will be set to the activation date minus the prepublication
interval, which defaults to 30 days.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-i <replaceable class="parameter">interval</replaceable></term>
<listitem>
<para>
Sets the prepublication interval for a key. If set, then
the publication and activation dates must be separated by at least
this much time. If the activation date is specified but the
publication date isn't, then the publication date will default
to this much time before the activation date; conversely, if
the publication date is specified but activation date isn't,
then activation will be set to this much time after publication.
</para>
<para>
If the key is being set to be an explicit successor to another
key, then the default prepublication interval is 30 days;
otherwise it is zero.
</para>
<para>
As with date offsets, if the argument is followed by one of
the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
interval is measured in years, months, weeks, days, hours,
or minutes, respectively. Without a suffix, the interval is
measured in seconds.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PRINTING OPTIONS</title>
<para>
<command>dnssec-settime</command> can also be used to print the
timing metadata associated with a key.
</para>
<variablelist>
<varlistentry>
<term>-u</term>
<listitem>
<para>
Print times in UNIX epoch format.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">C/P/A/R/I/D/all</replaceable></term>
<listitem>
<para>
Print a specific metadata value or set of metadata values.
The <option>-p</option> option may be followed by one or more
of the following letters to indicate which value or values to print:
<option>C</option> for the creation date,
<option>P</option> for the publication date,
<option>A</option> for the activation date,
<option>R</option> for the revocation date,
<option>I</option> for the inactivation date, or
<option>D</option> for the deletion date.
To print all of the metadata, use <option>-p all</option>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5011</citetitle>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para><corpauthor>Internet Systems Consortium</corpauthor>
</para>
</refsect1>
</refentry><!--
- Local variables:
- mode: sgml
- End:
-->