dnssec-signzone.docbook revision c651f15b30f1dae5cc2f00878fb5da5b3a35a468
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2000-2003 Internet Software Consortium.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id: dnssec-signzone.docbook,v 1.15 2005/04/07 03:49:56 marka Exp $ -->
e21a2904f02a03fa06b6db04d348f65fe9c67b2bMark Andrews <refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle><application>dnssec-signzone</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refname><application>dnssec-signzone</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refpurpose>DNSSEC zone signing tool</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater </cmdsynopsis>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater </refsynopsisdiv>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <command>dnssec-signzone</command> signs a zone. It generates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein NSEC and RRSIG records and produces a signed version of the
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater zone. The security status of delegations from the signed zone
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater (that is, whether the child zones are secure or not) is
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater determined by the presence or absence of a
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <filename>keyset</filename> file for each child zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <variablelist>
a1ad6695ed6f988406cf155aa26376f84f73bcb9Automatic Updater <varlistentry>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Verify all generated signatures.
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <term>-c <replaceable class="parameter">class</replaceable></term>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Specifies the DNS class of the zone.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-k <replaceable class="parameter">key</replaceable></term>
2895f101b5585a19015ac2c2c1e1812ac467fa12Automatic Updater Treat specified key as a key signing key ignoring any
7208386cd37a2092c70eddf80cf29519b16c4c80Mark Andrews key flags. This option may be specified multiple times.
507151045be68c671ffd4e2f37e17cdfa0376fc4Automatic Updater </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-l <replaceable class="parameter">domain</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Generate a DLV set in addition to the key (DNSKEY) and DS sets.
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews The domain is appended to the name of the records.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-d <replaceable class="parameter">directory</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Generate DS records for child zones from keyset files.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Existing DS records will be removed.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-s <replaceable class="parameter">start-time</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specify the date and time when the generated RRSIG records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein become valid. This can be either an absolute or relative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein time. An absolute start time is indicated by a number
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in YYYYMMDDHHMMSS notation; 20000530144500 denotes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein 14:45:00 UTC on May 30th, 2000. A relative start time is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein indicated by +N, which is N seconds from the current time.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein If no <option>start-time</option> is specified, the current
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein time minus 1 hour (to allow for clock skew) is used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-e <replaceable class="parameter">end-time</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specify the date and time when the generated RRSIG records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein expire. As with <option>start-time</option>, an absolute
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein time is indicated in YYYYMMDDHHMMSS notation. A time relative
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the start time is indicated with +N, which is N seconds from
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the start time. A time relative to the current time is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein indicated with now+N. If no <option>end-time</option> is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified, 30 days from the start time is used as a default.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <term>-f <replaceable class="parameter">output-file</replaceable></term>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews The name of the output file containing the signed zone. The
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews default is to append <filename>.signed</filename> to the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews </varlistentry>
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Prints a short summary of the options and arguments to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-i <replaceable class="parameter">interval</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When a previously signed zone is passed as input, records
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein may be resigned. The <option>interval</option> option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specifies the cycle interval as an offset from the current
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater time (in seconds). If a RRSIG record expires after the
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater cycle interval, it is retained. Otherwise, it is considered
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater to be expiring soon, and it will be replaced.
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater The default cycle interval is one quarter of the difference
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater between the signature end and start times. So if neither
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater <option>end-time</option> or <option>start-time</option>
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater are specified, <command>dnssec-signzone</command> generates
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater signatures that are valid for 30 days, with a cycle
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater interval of 7.5 days. Therefore, if any existing RRSIG records
afb33f777af856f8c3382604a7a8ffdfe2b512c5Automatic Updater are due to expire in less than 7.5 days, they would be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When signing a zone with a fixed signature lifetime, all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein RRSIG records issued at the time of signing expires
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein simultaneously. If the zone is incrementally signed, i.e.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein a previously signed zone is passed as input to the signer,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein all expired signatures has to be regenerated at about the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein same time. The <option>jitter</option> option specifies a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein jitter window that will be used to randomize the signature
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein expire time, thus spreading incremental signature
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein regeneration over time.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Signature lifetime jitter also to some extent benefits
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein validators and servers by spreading out cache expiration,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein i.e. if large numbers of RRSIGs don't expire at the same time
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein from all caches there will be less congestion than if all
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein validators need to refetch at mostly the same time.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-n <replaceable class="parameter">ncpus</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the number of threads to use. By default, one
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein thread is started for each detected CPU.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews </varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews <term>-o <replaceable class="parameter">origin</replaceable></term>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews The zone origin. If not specified, the name of the zone file
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews is assumed to be the origin.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Use pseudo-random data when signing the zone. This is faster,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein but less secure, than using real random data. This option
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein may be useful when signing large zones or when the entropy
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein source is limited.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-r <replaceable class="parameter">randomdev</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the source of randomness. If the operating
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein system does not provide a <filename>/dev/random</filename>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein or equivalent device, the default source of randomness
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is keyboard input. <filename>randomdev</filename> specifies
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name of a character device or file containing random
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein data to be used instead of the default. The special value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>keyboard</filename> indicates that keyboard
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein input should be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
bea931e17b7567f09107f93ab7e25c7f00abeb9cMark Andrews <varlistentry>
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews Print statistics at completion.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-v <replaceable class="parameter">level</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the debugging level.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Ignore KSK flag on key when determining what to sign.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews The file containing the zone to be signed.
ceeb18e6907a10547859faa340ecad83bedae90cMark Andrews Sets the debugging level.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The keys used to sign the zone. If no keys are specified, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein default all zone keys that have private key files in the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein current directory.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The following command signs the <userinput>example.com</userinput>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein zone with the DSA key generated in the <command>dnssec-keygen</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein man page. The zone's keys must be in the zone. If there are
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>keyset</filename> files associated with child zones,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein they must be in the current directory.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <userinput>example.com</userinput>, the following command would be
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <userinput>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</userinput>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The command would print a string of the form:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein In this example, <command>dnssec-signzone</command> creates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the file <filename>db.example.com.signed</filename>. This file
b05bdb520d83f7ecaad708fe305268c3420be01dMark Andrews should be referenced in a zone statement in a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <corpauthor>Internet Systems Consortium</corpauthor>
984c2e9f76e66e86f7d9aca99a774836ddf196eaAutomatic Updater - Local variables: