resolve conflicts

1 files changed, 181 insertions, 181 deletions

diff --git a/usr.sbin/bind/bin/dnssec/dnssec-signzone.html b/usr.sbin/bind/bin/dnssec/dnssec-signzone.html
index 6925d324553..4c0f0008897 100644
--- a/usr.sbin/bind/bin/dnssec/dnssec-signzone.html
+++ b/usr.sbin/bind/bin/dnssec/dnssec-signzone.html
@@ -1,27 +1,30 @@
 <!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
+ - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001-2003  Internet Software Consortium.
+ -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
+
+<!-- $ISC: dnssec-signzone.html,v 1.4.2.1.4.7 2004/08/22 23:38:58 marka Exp $ -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <HTML
 ><HEAD
 ><TITLE
 >dnssec-signzone</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
 ><BODY
 CLASS="REFENTRY"
 BGCOLOR="#FFFFFF"
@@ -32,10 +35,10 @@ ALINK="#0000FF"
 ><H1
 ><A
 NAME="AEN1"
+></A
 ><SPAN
 CLASS="APPLICATION"
 >dnssec-signzone</SPAN
-></A
 ></H1
 ><DIV
 CLASS="REFNAMEDIV"
@@ -59,104 +62,102 @@ NAME="AEN13"
 ><B
 CLASS="COMMAND"
 >dnssec-signzone</B
->  [<TT
+>  [<VAR
 CLASS="OPTION"
->-a</TT
->] [<TT
+>-a</VAR
+>] [<VAR
 CLASS="OPTION"
->-c <TT
+>-c <VAR
 CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
+>class</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-d <TT
+>-d <VAR
 CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] [<TT
+>directory</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-s <TT
+>-e <VAR
 CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
+>end-time</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-e <TT
+>-f <VAR
 CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
+>output-file</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-g</VAR
+>] [<VAR
 CLASS="OPTION"
->-f <TT
+>-h</VAR
+>] [<VAR
+CLASS="OPTION"
+>-k <VAR
 CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
-></TT
->] [<TT
+>key</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-h</TT
->] [<TT
+>-l <VAR
+CLASS="REPLACEABLE"
+>domain</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-i <TT
+>-i <VAR
 CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
-></TT
->] [<TT
+>interval</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-n <TT
+>-n <VAR
 CLASS="REPLACEABLE"
-><I
->nthreads</I
-></TT
-></TT
->] [<TT
+>nthreads</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-o <TT
+>-o <VAR
 CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
-></TT
->] [<TT
+>origin</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-p</TT
->] [<TT
+>-p</VAR
+>] [<VAR
 CLASS="OPTION"
->-r <TT
+>-r <VAR
 CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
+>randomdev</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-t</TT
->] [<TT
+>-s <VAR
+CLASS="REPLACEABLE"
+>start-time</VAR
+></VAR
+>] [<VAR
 CLASS="OPTION"
->-v <TT
+>-t</VAR
+>] [<VAR
+CLASS="OPTION"
+>-v <VAR
 CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
+>level</VAR
+></VAR
+>] [<VAR
+CLASS="OPTION"
+>-z</VAR
 >] {zonefile} [key...]</P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN56"
+NAME="AEN66"
 ></A
 ><H2
 >DESCRIPTION</H2
@@ -164,26 +165,21 @@ NAME="AEN56"
 >        <B
 CLASS="COMMAND"
 >dnssec-signzone</B
-> signs a zone.  It generates NXT
-	and SIG records and produces a signed version of the zone.  If there
-	is a <TT
-CLASS="FILENAME"
->signedkey</TT
-> file from the zone's parent,
-	the parent's signatures will be incorporated into the generated
-	signed zone file.  The security status of delegations from the the
-        signed zone (that is, whether the child zones are secure or not) is
-        determined by the presence or absence of a
+> signs a zone.  It generates
+	NSEC and RRSIG records and produces a signed version of the
+	zone. The security status of delegations from the signed zone
+	(that is, whether the child zones are secure or not) is
+	determined by the presence or absence of a
 	<TT
 CLASS="FILENAME"
->signedkey</TT
+>keyset</TT
 > file for each child zone.
     </P
 ></DIV
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN62"
+NAME="AEN71"
 ></A
 ><H2
 >OPTIONS</H2
@@ -200,11 +196,9 @@ CLASS="VARIABLELIST"
 	  </P
 ></DD
 ><DT
->-c <TT
+>-c <VAR
 CLASS="REPLACEABLE"
-><I
->class</I
-></TT
+>class</VAR
 ></DT
 ><DD
 ><P
@@ -212,76 +206,98 @@ CLASS="REPLACEABLE"
 	  </P
 ></DD
 ><DT
->-d <TT
+>-k <VAR
+CLASS="REPLACEABLE"
+>key</VAR
+></DT
+><DD
+><P
+>	       Treat specified key as a key signing key ignoring any
+	       key flags.  This option may be specified multiple times.
+	  </P
+></DD
+><DT
+>-l <VAR
+CLASS="REPLACEABLE"
+>domain</VAR
+></DT
+><DD
+><P
+>		Generate a DLV set in addition to the key (DNSKEY) and DS sets.
+		The domain is appended to the name of the records.
+	  </P
+></DD
+><DT
+>-d <VAR
 CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
+>directory</VAR
 ></DT
 ><DD
 ><P
 >	       Look for <TT
 CLASS="FILENAME"
->signedkey</TT
+>keyset</TT
 > files in
-	       <TT
+	       <VAR
 CLASS="OPTION"
->directory</TT
+>directory</VAR
 > as the directory 
 	  </P
 ></DD
 ><DT
->-s <TT
+>-g</DT
+><DD
+><P
+>		Generate DS records for child zones from keyset files.
+		Existing DS records will be removed.
+	  </P
+></DD
+><DT
+>-s <VAR
 CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
+>start-time</VAR
 ></DT
 ><DD
 ><P
->	       Specify the date and time when the generated SIG records
+>	       Specify the date and time when the generated RRSIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
+	       If no <VAR
 CLASS="OPTION"
->start-time</TT
+>start-time</VAR
 > is specified, the current
-	       time is used.
+	       time minus 1 hour (to allow for clock skew) is used.
 	  </P
 ></DD
 ><DT
->-e <TT
+>-e <VAR
 CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
+>end-time</VAR
 ></DT
 ><DD
 ><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
+>	       Specify the date and time when the generated RRSIG records
+	       expire.  As with <VAR
 CLASS="OPTION"
->start-time</TT
+>start-time</VAR
 >, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
 	       the start time.  A time relative to the current time is
-	       indicated with now+N.  If no <TT
+	       indicated with now+N.  If no <VAR
 CLASS="OPTION"
->end-time</TT
+>end-time</VAR
 > is
 	       specified, 30 days from the start time is used as a default.
 	  </P
 ></DD
 ><DT
->-f <TT
+>-f <VAR
 CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
+>output-file</VAR
 ></DT
 ><DD
 ><P
@@ -305,50 +321,46 @@ CLASS="COMMAND"
 	  </P
 ></DD
 ><DT
->-i <TT
+>-i <VAR
 CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
+>interval</VAR
 ></DT
 ><DD
 ><P
 >	       When a previously signed zone is passed as input, records
-	       may be resigned.  The <TT
+	       may be resigned.  The <VAR
 CLASS="OPTION"
->interval</TT
+>interval</VAR
 > option
 	       specifies the cycle interval as an offset from the current
-	       time (in seconds).  If a SIG record expires after the
+	       time (in seconds).  If a RRSIG record expires after the
 	       cycle interval, it is retained.  Otherwise, it is considered
 	       to be expiring soon, and it will be replaced.
 	  </P
 ><P
 >	       The default cycle interval is one quarter of the difference
 	       between the signature end and start times.  So if neither
-	       <TT
+	       <VAR
 CLASS="OPTION"
->end-time</TT
-> or <TT
+>end-time</VAR
+> or <VAR
 CLASS="OPTION"
->start-time</TT
+>start-time</VAR
 >
 	       are specified, <B
 CLASS="COMMAND"
 >dnssec-signzone</B
 > generates
 	       signatures that are valid for 30 days, with a cycle
-	       interval of 7.5 days.  Therefore, if any existing SIG records
+	       interval of 7.5 days.  Therefore, if any existing RRSIG records
 	       are due to expire in less than 7.5 days, they would be
 	       replaced.
 	  </P
 ></DD
 ><DT
->-n <TT
+>-n <VAR
 CLASS="REPLACEABLE"
-><I
->ncpus</I
-></TT
+>ncpus</VAR
 ></DT
 ><DD
 ><P
@@ -357,11 +369,9 @@ CLASS="REPLACEABLE"
 	  </P
 ></DD
 ><DT
->-o <TT
+>-o <VAR
 CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
+>origin</VAR
 ></DT
 ><DD
 ><P
@@ -380,11 +390,9 @@ CLASS="REPLACEABLE"
 	  </P
 ></DD
 ><DT
->-r <TT
+>-r <VAR
 CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
+>randomdev</VAR
 ></DT
 ><DD
 ><P
@@ -415,11 +423,9 @@ CLASS="FILENAME"
 	  </P
 ></DD
 ><DT
->-v <TT
+>-v <VAR
 CLASS="REPLACEABLE"
-><I
->level</I
-></TT
+>level</VAR
 ></DT
 ><DD
 ><P
@@ -427,6 +433,13 @@ CLASS="REPLACEABLE"
 	  </P
 ></DD
 ><DT
+>-z</DT
+><DD
+><P
+>	       Ignore KSK flag on key when determining what to sign.
+	  </P
+></DD
+><DT
 >zonefile</DT
 ><DD
 ><P
@@ -449,16 +462,14 @@ CLASS="REPLACEABLE"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN154"
+NAME="AEN181"
 ></A
 ><H2
 >EXAMPLE</H2
 ><P
->        The following command signs the <TT
+>        The following command signs the <KBD
 CLASS="USERINPUT"
-><B
->example.com</B
-></TT
+>example.com</KBD
 >
 	zone with the DSA key generated in the <B
 CLASS="COMMAND"
@@ -467,23 +478,19 @@ CLASS="COMMAND"
 	man page.  The zone's keys must be in the zone.  If there are
 	<TT
 CLASS="FILENAME"
->signedkey</TT
-> files associated with this zone
-	or any child zones, they must be in the current directory.
-	<TT
+>keyset</TT
+> files associated with child zones,
+	they must be in the current directory.
+	<KBD
 CLASS="USERINPUT"
-><B
->example.com</B
-></TT
+>example.com</KBD
 >, the following command would be
 	issued:
     </P
 ><P
->        <TT
+>        <KBD
 CLASS="USERINPUT"
-><B
->dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</B
-></TT
+>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</KBD
 >
     </P
 ><P
@@ -508,7 +515,7 @@ CLASS="FILENAME"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN168"
+NAME="AEN195"
 ></A
 ><H2
 >SEE ALSO</H2
@@ -520,13 +527,6 @@ CLASS="REFENTRYTITLE"
 >dnssec-keygen</SPAN
 >(8)</SPAN
 >,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
       <I
 CLASS="CITETITLE"
 >BIND 9 Administrator Reference Manual</I
@@ -540,12 +540,12 @@ CLASS="CITETITLE"
 ><DIV
 CLASS="REFSECT1"
 ><A
-NAME="AEN179"
+NAME="AEN203"
 ></A
 ><H2
 >AUTHOR</H2
 ><P
->        Internet Software Consortium
+>        Internet Systems Consortium
     </P
 ></DIV
 ></BODY