bin/dnssec/dnssec-signzone.docbook

	dnssec-signzone.docbook revision c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85
5cd4555ad444fd391002ae32450572054369fd42Rob Austein<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
5cd4555ad444fd391002ae32450572054369fd42Rob Austein               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein           [<!ENTITY mdash "&#8212;">]>
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<!--
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - Copyright (C) 2000-2003  Internet Software Consortium.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington -
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - Permission to use, copy, modify, and distribute this software for any
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington -
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington-->
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews<!-- $Id: dnssec-signzone.docbook,v 1.25 2007/01/29 23:57:22 marka Exp $ -->
b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4Mark Andrews<refentry id="man.dnssec-signzone">
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refentryinfo>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <date>June 30, 2000</date>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refentryinfo>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refmeta>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <refentrytitle><application>dnssec-signzone</application></refentrytitle>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins   <manvolnum>8</manvolnum>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <refmiscinfo>BIND9</refmiscinfo>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refmeta>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refnamediv>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <refname><application>dnssec-signzone</application></refname>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <refpurpose>DNSSEC zone signing tool</refpurpose>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refnamediv>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  <docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2004</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2005</year>
4b3f3cc67135e676a9b3b688685fb59e3494b0e6Mark Andrews      <year>2006</year>
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews      <year>2007</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2000</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2001</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2002</year>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <year>2003</year>
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews      <holder>Internet Software Consortium.</holder>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    </copyright>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein  </docinfo>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsynopsisdiv>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <cmdsynopsis>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <command>dnssec-signzone</command>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-a</option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <arg><option>-g</option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-h</option></arg>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
50105afc551903541608b11851d73278b23579a3Mark Andrews      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
6e8a8077faf96d8da0b6cf738913f5f1f86e4008Mark Andrews      <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins      <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-p</option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-t</option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <arg><option>-z</option></arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg choice="req">zonefile</arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <arg rep="repeat">key</arg>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </cmdsynopsis>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsynopsisdiv>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <title>DESCRIPTION</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><command>dnssec-signzone</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      signs a zone.  It generates
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      NSEC and RRSIG records and produces a signed version of the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      zone. The security status of delegations from the signed zone
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      (that is, whether the child zones are secure or not) is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      determined by the presence or absence of a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <filename>keyset</filename> file for each child zone.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <title>OPTIONS</title>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <variablelist>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-a</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Verify all generated signatures.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-c <replaceable class="parameter">class</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Specifies the DNS class of the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <varlistentry>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews        <term>-k <replaceable class="parameter">key</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Treat specified key as a key signing key ignoring any
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            key flags.  This option may be specified multiple times.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      </varlistentry>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews
50105afc551903541608b11851d73278b23579a3Mark Andrews      <varlistentry>
50105afc551903541608b11851d73278b23579a3Mark Andrews        <term>-l <replaceable class="parameter">domain</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Generate a DLV set in addition to the key (DNSKEY) and DS sets.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The domain is appended to the name of the records.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
50105afc551903541608b11851d73278b23579a3Mark Andrews      </varlistentry>
50105afc551903541608b11851d73278b23579a3Mark Andrews
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-d <replaceable class="parameter">directory</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Look for <filename>keyset</filename> files in
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <option>directory</option> as the directory
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
bf7f253e306d0ced8ae24d7a0598773950da11f4Mark Andrews      <varlistentry>
bf7f253e306d0ced8ae24d7a0598773950da11f4Mark Andrews        <term>-g</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Generate DS records for child zones from keyset files.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Existing DS records will be removed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
bf7f253e306d0ced8ae24d7a0598773950da11f4Mark Andrews      </varlistentry>
bf7f253e306d0ced8ae24d7a0598773950da11f4Mark Andrews
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-s <replaceable class="parameter">start-time</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Specify the date and time when the generated RRSIG records
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            become valid.  This can be either an absolute or relative
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            time.  An absolute start time is indicated by a number
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            in YYYYMMDDHHMMSS notation; 20000530144500 denotes
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            14:45:00 UTC on May 30th, 2000.  A relative start time is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            indicated by +N, which is N seconds from the current time.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            If no <option>start-time</option> is specified, the current
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            time minus 1 hour (to allow for clock skew) is used.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-e <replaceable class="parameter">end-time</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Specify the date and time when the generated RRSIG records
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            expire.  As with <option>start-time</option>, an absolute
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            time is indicated in YYYYMMDDHHMMSS notation.  A time relative
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            to the start time is indicated with +N, which is N seconds from
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            the start time.  A time relative to the current time is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            indicated with now+N.  If no <option>end-time</option> is
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            specified, 30 days from the start time is used as a default.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-f <replaceable class="parameter">output-file</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The name of the output file containing the signed zone.  The
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            default is to append <filename>.signed</filename> to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            input file.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-h</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Prints a short summary of the options and arguments to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <command>dnssec-signzone</command>.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-i <replaceable class="parameter">interval</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            When a previously signed zone is passed as input, records
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            may be resigned.  The <option>interval</option> option
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            specifies the cycle interval as an offset from the current
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            time (in seconds).  If a RRSIG record expires after the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            cycle interval, it is retained.  Otherwise, it is considered
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            to be expiring soon, and it will be replaced.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The default cycle interval is one quarter of the difference
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            between the signature end and start times.  So if neither
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <option>end-time</option> or <option>start-time</option>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            are specified, <command>dnssec-signzone</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            generates
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            signatures that are valid for 30 days, with a cycle
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            interval of 7.5 days.  Therefore, if any existing RRSIG records
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            are due to expire in less than 7.5 days, they would be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            replaced.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      <varlistentry>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        <term>-I <replaceable class="parameter">input-format</replaceable></term>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        <listitem>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews          <para>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews            The format of the input zone file.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        Possible formats are <command>"text"</command> (default)
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        and <command>"raw"</command>.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        This option is primarily intended to be used for dynamic
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews            signed zones so that the dumped zone file in a non-text
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews            format containing updates can be signed directly.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        The use of this option does not make much sense for
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        non-dynamic zones.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews          </para>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        </listitem>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      </varlistentry>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews
6e8a8077faf96d8da0b6cf738913f5f1f86e4008Mark Andrews      <varlistentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <term>-j <replaceable class="parameter">jitter</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            When signing a zone with a fixed signature lifetime, all
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            RRSIG records issued at the time of signing expires
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            simultaneously.  If the zone is incrementally signed, i.e.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            a previously signed zone is passed as input to the signer,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            all expired signatures has to be regenerated at about the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            same time.  The <option>jitter</option> option specifies a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            jitter window that will be used to randomize the signature
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            expire time, thus spreading incremental signature
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            regeneration over time.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Signature lifetime jitter also to some extent benefits
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            validators and servers by spreading out cache expiration,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            i.e. if large numbers of RRSIGs don't expire at the same time
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            from all caches there will be less congestion than if all
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            validators need to refetch at mostly the same time.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
6e8a8077faf96d8da0b6cf738913f5f1f86e4008Mark Andrews      </varlistentry>
6e8a8077faf96d8da0b6cf738913f5f1f86e4008Mark Andrews
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-n <replaceable class="parameter">ncpus</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Specifies the number of threads to use.  By default, one
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            thread is started for each detected CPU.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins      <varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <term>-N <replaceable class="parameter">soa-serial-format</replaceable></term>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          <para>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins            The SOA serial number format of the signed zone.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        Possible formats are <command>"keep"</command> (default),
170938fdfc065eb9629b1dc2793f883e2d6cc565Mark Andrews            <command>"increment"</command> and
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <command>"unixtime"</command>.
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          </para>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          <variablelist>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          <term><command>"keep"</command></term>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins              <listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins                <para>Do not modify the SOA serial number.</para>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          </listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins            </varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          <term><command>"increment"</command></term>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins              <listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins                <para>Increment the SOA serial number using RFC 1982
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins                      arithmetics.</para>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          </listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins            </varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        <varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          <term><command>"unixtime"</command></term>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins              <listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins                <para>Set the SOA serial number to the number of seconds
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins            since epoch.</para>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins          </listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins            </varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins     </variablelist>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins        </listitem>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins      </varlistentry>
6ed53e5949d9fcd9715b440015b56e5a896d63dfDavid Hankins
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-o <replaceable class="parameter">origin</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The zone origin.  If not specified, the name of the zone file
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            is assumed to be the origin.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      <varlistentry>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        <term>-O <replaceable class="parameter">output-format</replaceable></term>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        <listitem>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews          <para>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews            The format of the output file containing the signed zone.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        Possible formats are <command>"text"</command> (default)
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        and <command>"raw"</command>.
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews          </para>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews        </listitem>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews      </varlistentry>
e174044290953a2499f574e35cc9c22ba126a303Mark Andrews
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-p</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Use pseudo-random data when signing the zone.  This is faster,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            but less secure, than using real random data.  This option
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            may be useful when signing large zones or when the entropy
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            source is limited.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Specifies the source of randomness.  If the operating
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            system does not provide a <filename>/dev/random</filename>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            or equivalent device, the default source of randomness
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            is keyboard input.  <filename>randomdev</filename>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            specifies
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            the name of a character device or file containing random
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            data to be used instead of the default.  The special value
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            <filename>keyboard</filename> indicates that keyboard
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            input should be used.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-t</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Print statistics at completion.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>-v <replaceable class="parameter">level</replaceable></term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Sets the debugging level.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      <varlistentry>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews        <term>-z</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            Ignore KSK flag on key when determining what to sign.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews      </varlistentry>
b0c15bd9792112fb47f6d956e580e4369e92f4e7Mark Andrews
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>zonefile</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The file containing the zone to be signed.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington        <term>key</term>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <listitem>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            The keys used to sign the zone.  If no keys are specified, the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            default all zone keys that have private key files in the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            current directory.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein          </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        </listitem>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </varlistentry>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </variablelist>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <title>EXAMPLE</title>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The following command signs the <userinput>example.com</userinput>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      zone with the DSA key generated in the <command>dnssec-keygen</command>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      man page.  The zone's keys must be in the zone.  If there are
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <filename>keyset</filename> files associated with child
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      zones,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      they must be in the current directory.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <userinput>example.com</userinput>, the following command would be
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      issued:
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><userinput>dnssec-signzone -o example.com db.example.com
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        Kexample.com.+003+26160</userinput>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      The command would print a string of the form:
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <para>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      In this example, <command>dnssec-signzone</command> creates
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      the file <filename>db.example.com.signed</filename>.  This
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      file
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      should be referenced in a zone statement in a
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein      <filename>named.conf</filename> file.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <title>SEE ALSO</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><citerefentry>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      </citerefentry>,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington      <citetitle>RFC 2535</citetitle>.
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  <refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    <title>AUTHOR</title>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    <para><corpauthor>Internet Systems Consortium</corpauthor>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington    </para>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington  </refsect1>
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein</refentry><!--
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - Local variables:
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - mode: sgml
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington - End:
0b062f4990db5cc6db2fe3398926f71b92a67407Brian Wellington-->