diff options
| author | erwin <erwin@FreeBSD.org> | 2013-08-22 08:15:03 +0000 |
|---|---|---|
| committer | erwin <erwin@FreeBSD.org> | 2013-08-22 08:15:03 +0000 |
| commit | 6a288ef517fece2ca5a21d081efd7b4a81da0053 (patch) | |
| tree | 37271fd86c9be9a6bab12a7aebd85ccfbb8a7b62 /contrib/bind9/bin/dnssec/dnssec-settime.8 | |
| parent | 0b46e38a09fbccfdfd7bca0f387c66b2c64fa5b6 (diff) | |
| parent | f32b4abce98c97ee6e51b7aa8f8fde6e4cab7f28 (diff) | |
| download | FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.zip FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.tar.gz | |
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
Diffstat (limited to 'contrib/bind9/bin/dnssec/dnssec-settime.8')
| -rw-r--r-- | contrib/bind9/bin/dnssec/dnssec-settime.8 | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/contrib/bind9/bin/dnssec/dnssec-settime.8 b/contrib/bind9/bin/dnssec/dnssec-settime.8 index 8a5e2e7..7c0c3b2 100644 --- a/contrib/bind9/bin/dnssec/dnssec-settime.8 +++ b/contrib/bind9/bin/dnssec/dnssec-settime.8 @@ -32,7 +32,7 @@ dnssec\-settime \- Set the key timing metadata for a DNSSEC key .SH "SYNOPSIS" .HP 15 -\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} +\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-settime\fR @@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will Sets the directory in which the key files are to reside. .RE .PP +\-L \fIttl\fR +.RS 4 +Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to +0 +or +none +removes it. +.RE +.PP \-h .RS 4 Emit usage message and exit. |
