Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/dnssec/Attic/dnssec-settime.8,v rcsdiff: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/dnssec/Attic/dnssec-settime.8,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.3 retrieving revision 1.4 diff -u -p -r1.3 -r1.4 --- src/external/mpl/bind/dist/bin/dnssec/Attic/dnssec-settime.8 2019/02/24 20:01:27 1.3 +++ src/external/mpl/bind/dist/bin/dnssec/Attic/dnssec-settime.8 2020/05/24 19:46:11 1.4 @@ -1,6 +1,6 @@ -.\" $NetBSD: dnssec-settime.8,v 1.3 2019/02/24 20:01:27 christos Exp $ +.\" $NetBSD: dnssec-settime.8,v 1.4 2020/05/24 19:46:11 christos Exp $ .\" -.\" Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009-2011, 2014-2020 Internet Systems Consortium, Inc. ("ISC") .\" .\" This Source Code Form is subject to the terms of the Mozilla Public .\" License, v. 2.0. If a copy of the MPL was not distributed with this @@ -41,7 +41,7 @@ dnssec-settime \- set the key timing metadata for a DNSSEC key .SH "SYNOPSIS" .HP \w'\fBdnssec\-settime\fR\ 'u -\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} +\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-s\fR] [\fB\-g\ \fR\fB\fIstate\fR\fR] [\fB\-d\ \fR\fB\fIstate\fR\fR\fB\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\ \fR\fB\fIstate\fR\fR\fB\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIstate\fR\fR\fB\ \fR\fB\fIdate/offset\fR\fR] [\fB\-z\ \fR\fB\fIstate\fR\fR\fB\ \fR\fB\fIdate/offset\fR\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-settime\fR @@ -61,7 +61,25 @@ simply prints the key timing metadata al .PP When key metadata fields are changed, both files of a key pair (Knnnn\&.+aaa+iiiii\&.key and -Knnnn\&.+aaa+iiiii\&.private) are regenerated\&. Metadata fields are stored in the private file\&. A human\-readable description of the metadata is also placed in comments in the key file\&. The private file\*(Aqs permissions are always set to be inaccessible to anyone other than the owner (mode 0600)\&. +Knnnn\&.+aaa+iiiii\&.private) are regenerated\&. +.PP +Metadata fields are stored in the private file\&. A human\-readable description of the metadata is also placed in comments in the key file\&. The private file\*(Aqs permissions are always set to be inaccessible to anyone other than the owner (mode 0600)\&. +.PP +When working with state files, it is possible to update the timing metadata in those files as well with +\fB\-s\fR\&. If this option is used you can also update key states with +\fB\-d\fR +(DS), +\fB\-k\fR +(DNSKEY), +\fB\-r\fR +(RRSIG of KSK), or +\fB\-z\fR +(RRSIG of ZSK)\&. Allowed states are HIDDEN, RUMOURED, OMNIPRESENT, and UNRETENTIVE\&. +.PP +You can also set the goal state of the key with +\fB\-g\fR\&. This should be either HIDDEN or OMNIPRESENT (representing whether the key should be removed from the zone, or published)\&. +.PP +It is NOT RECOMMENDED to manipulate state files manually except for testing purposes\&. .SH "OPTIONS" .PP \-f @@ -158,6 +176,39 @@ If the key is being set to be an explici .sp As with date offsets, if the argument is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the interval is measured in years, months, weeks, days, hours, or minutes, respectively\&. Without a suffix, the interval is measured in seconds\&. .RE +.SH "KEY STATE OPTIONS" +.PP +Known key states are HIDDEN, RUMOURED, OMNIPRESENT and UNRETENTIVE\&. These should not be set manually except for testing purposes\&. +.PP +\-s +.RS 4 +When setting key timing data, also update the state file\&. +.RE +.PP +\-g +.RS 4 +Set the goal state for this key\&. Must be HIDDEN or OMNIPRESENT\&. +.RE +.PP +\-d +.RS 4 +Set the DS state for this key, and when it was last changed\&. +.RE +.PP +\-k +.RS 4 +Set the DNSKEY state for this key, and when it was last changed\&. +.RE +.PP +\-r +.RS 4 +Set the RRSIG (KSK) state for this key, and when it was last changed\&. +.RE +.PP +\-z +.RS 4 +Set the RRSIG (ZSK) state for this key, and when it was last changed\&. +.RE .SH "PRINTING OPTIONS" .PP \fBdnssec\-settime\fR @@ -202,5 +253,5 @@ RFC 5011\&. \fBInternet Systems Consortium, Inc\&.\fR .SH "COPYRIGHT" .br -Copyright \(co 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009-2011, 2014-2020 Internet Systems Consortium, Inc. ("ISC") .br