doc/arm/man.dnssec-coverage.html

	man.dnssec-coverage.html revision 9b3ef7211c28f97f5ecb507d2e2d474397238b44
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<!--
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna - Copyright (C) 2000-2003 Internet Software Consortium.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo -
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - Permission to use, copy, modify, and/or distribute this software for any
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - purpose with or without fee is hereby granted, provided that the above
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - copyright notice and this permission notice appear in all copies.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo -
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo - PERFORMANCE OF THIS SOFTWARE.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo-->
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<html>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<head>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<title>dnssec-coverage</title>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<link rel="prev" href="man.dnssec-checkds.html" title="dnssec-checkds">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<link rel="next" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo</head>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<div class="navheader">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<table width="100%" summary="Navigation header">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<tr><th colspan="3" align="center"><span class="application">dnssec-coverage</span></th></tr>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<tr>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<td width="20%" align="left">
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<a accesskey="p" href="man.dnssec-checkds.html">Prev</a>�</td>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<th width="60%" align="center">Manual pages</th>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-dsfromkey.html">Next</a>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo</td>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo</tr>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo</table>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<hr>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna</div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="refentry">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<a name="man.dnssec-coverage"></a><div class="titlepage"></div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="refnamediv">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<h2>Name</h2>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p><span class="application">dnssec-coverage</span> &#8212; checks future DNSKEY coverage for a zone</p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna</div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="refsynopsisdiv">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<h2>Synopsis</h2>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone...]</p></div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna</div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="refsection">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<a name="id-1.14.6.7"></a><h2>DESCRIPTION</h2>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p><span class="command"><strong>dnssec-coverage</strong></span>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      verifies that the DNSSEC keys for a given zone or a set of zones
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      have timing metadata set properly to ensure no future lapses in DNSSEC
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      coverage.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna    </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      If <code class="option">zone</code> is specified, then keys found in
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      the key repository matching that zone are scanned, and an ordered
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      list is generated of the events scheduled for that key (i.e.,
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      publication, activation, inactivation, deletion).  The list of
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      events is walked in order of occurrence.  Warnings are generated
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      if any event is scheduled which could cause the zone to enter a
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      state in which validation failures might occur: for example, if
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      the number of published or active keys for a given algorithm drops
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      to zero, or if a key is deleted from the zone too soon after a new
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      key is rolled, and cached data signed by the prior key has not had
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      time to expire from resolver caches.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna    </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      If <code class="option">zone</code> is not specified, then all keys in the
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      key repository will be scanned, and all zones for which there are
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      keys will be analyzed.  (Note: This method of reporting is only
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      accurate if all the zones that have keys in a given repository
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna      share the same TTL parameters.)
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna    </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna</div>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="refsection">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<a name="id-1.14.6.8"></a><h2>OPTIONS</h2>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<div class="variablelist"><dl class="variablelist">
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dd><p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            Sets the directory in which keys can be found.  Defaults to the
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            current working directory.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p></dd>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dd><p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            If a <code class="option">file</code> is specified, then the zone is
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            read from that file; the largest TTL and the DNSKEY TTL are
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            determined directly from the zone data, and the
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            <code class="option">-m</code> and <code class="option">-d</code> options do
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            not need to be specified on the command line.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p></dd>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dt><span class="term">-l <em class="replaceable"><code>duration</code></em></span></dt>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dd>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            The length of time to check for DNSSEC coverage.  Key events
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            scheduled further into the future than <code class="option">duration</code>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            will be ignored, and assumed to be correct.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            The value of <code class="option">duration</code> can be set in seconds,
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            or in larger units of time by adding a suffix: 'mi' for minutes,
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            'h' for hours, 'd' for days, 'w' for weeks, 'mo' for months,
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            'y' for years.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna</dd>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dt><span class="term">-m <em class="replaceable"><code>maximum TTL</code></em></span></dt>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<dd>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            Sets the value to be used as the maximum TTL for the zone or
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            zones being analyzed when determining whether there is a
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            possibility of validation failure.  When a zone-signing key is
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            deactivated, there must be enough time for the record in the
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            zone with the longest TTL to have expired from resolver caches
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            before that key can be purged from the DNSKEY RRset.  If that
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            condition does not apply, a warning will be generated.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            The length of the TTL can be set in seconds, or in larger units
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            of time by adding a suffix: 'mi' for minutes, 'h' for hours,
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            This option is not necessary if the <code class="option">-f</code> has
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            been used to specify a zone file.  If <code class="option">-f</code> has
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            been specified, this option may still be used; it will override
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            the value found in the file.
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna          </p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna<p>
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            If this option is not used and the maximum TTL cannot be retrieved
28b1e50e4eed7be353f9778497714aab53ef2a0dSriharsha Basavapatna            from a zone file, a warning is generated and a default value of
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            1 week is used.
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel          </p>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel</dd>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel<dt><span class="term">-d <em class="replaceable"><code>DNSKEY TTL</code></em></span></dt>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel<dd>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel<p>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            Sets the value to be used as the DNSKEY TTL for the zone or
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            zones being analyzed when determining whether there is a
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            possibility of validation failure.  When a key is rolled (that
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            is, replaced with a new key), there must be enough time for the
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            old DNSKEY RRset to have expired from resolver caches before
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            the new key is activated and begins generating signatures.  If
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            that condition does not apply, a warning will be generated.
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel          </p>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel<p>
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            The length of the TTL can be set in seconds, or in larger units
25b895bc9d3dbeb672f8d067af54c94268c932e5Zach Kissel            of time by adding a suffix: 'mi' for minutes, 'h' for hours,
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg          </p>
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg<p>
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            This option is not necessary if <code class="option">-f</code> has
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            been used to specify a zone file from which the TTL
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            of the DNSKEY RRset can be read, or if a default key TTL was
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            set using ith the <code class="option">-L</code> to
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            <span class="command"><strong>dnssec-keygen</strong></span>.  If either of those is true,
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            this option may still be used; it will override the values
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg            found in the zone file or the key file.
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg          </p>
4d39be2b45b5ac811d28452e6eb629ac64aebfc4sg<p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            If this option is not used and the key TTL cannot be retrieved
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            from the zone file or the key file, then a warning is generated
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo            and a default value of 1 day is used.
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo          </p>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo</dd>
1ae0874509b6811fdde1dfd46f0d93fd09867a3fheppo<dt><span class="term">-r <em class="replaceable"><code>resign interval</code></em></span></dt>
<dd>
<p>
            Sets the value to be used as the resign interval for the zone
            or zones being analyzed when determining whether there is a
            possibility of validation failure.  This value defaults to
            22.5 days, which is also the default in
            <span class="command"><strong>named</strong></span>.  However, if it has been changed
            by the <code class="option">sig-validity-interval</code> option in
            <code class="filename">named.conf</code>, then it should also be
            changed here.
          </p>
<p>
            The length of the interval can be set in seconds, or in larger
            units of time by adding a suffix: 'mi' for minutes, 'h' for hours,
            'd' for days, 'w' for weeks, 'mo' for months, 'y' for years.
          </p>
</dd>
<dt><span class="term">-k</span></dt>
<dd><p>
        Only check KSK coverage; ignore ZSK events. Cannot be
            used with <code class="option">-z</code>.
          </p></dd>
<dt><span class="term">-z</span></dt>
<dd><p>
        Only check ZSK coverage; ignore KSK events. Cannot be
            used with <code class="option">-k</code>.
          </p></dd>
<dt><span class="term">-c <em class="replaceable"><code>compilezone path</code></em></span></dt>
<dd><p>
            Specifies a path to a <span class="command"><strong>named-compilezone</strong></span> binary.
            Used for testing.
          </p></dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.14.6.9"></a><h2>SEE ALSO</h2>
<p>
      <span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>
    </p>
</div>
</div>
<div class="navfooter">
<hr>
<table width="100%" summary="Navigation footer">
<tr>
<td width="40%" align="left">
<a accesskey="p" href="man.dnssec-checkds.html">Prev</a>�</td>
<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-dsfromkey.html">Next</a>
</td>
</tr>
<tr>
<td width="40%" align="left" valign="top">
<span class="application">dnssec-checkds</span>�</td>
<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">dnssec-dsfromkey</span>
</td>
</tr>
</table>
</div>
<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0a2</p>
</body>
</html>