summaryrefslogtreecommitdiff
path: root/usr.sbin/nsd
diff options
context:
space:
mode:
authorJakob Schlyter <jakob@cvs.openbsd.org>2011-05-23 06:48:49 +0000
committerJakob Schlyter <jakob@cvs.openbsd.org>2011-05-23 06:48:49 +0000
commit05ce6e23a4de597556dc2e7cbe5bce593a3da7f5 (patch)
treeedea943caf661948394d2db033e33de913ede575 /usr.sbin/nsd
parent927432f907066551c12745a9deb07f3db437d33e (diff)
remove old man-pages
Diffstat (limited to 'usr.sbin/nsd')
-rw-r--r--usr.sbin/nsd/nsd-checkconf.894
-rw-r--r--usr.sbin/nsd/nsd-notify.866
-rw-r--r--usr.sbin/nsd/nsd-patch.869
-rw-r--r--usr.sbin/nsd/nsd-xfer.883
-rw-r--r--usr.sbin/nsd/nsd-zonec.8126
-rw-r--r--usr.sbin/nsd/nsd.8266
-rw-r--r--usr.sbin/nsd/nsd.conf.5519
-rw-r--r--usr.sbin/nsd/nsdc.8167
8 files changed, 0 insertions, 1390 deletions
diff --git a/usr.sbin/nsd/nsd-checkconf.8 b/usr.sbin/nsd/nsd-checkconf.8
deleted file mode 100644
index 61abea90570..00000000000
--- a/usr.sbin/nsd/nsd-checkconf.8
+++ /dev/null
@@ -1,94 +0,0 @@
-.TH "nsd\-checkconf" "8" "@date@" "NLnet Labs" "nsd @version@"
-."\ Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-."\ See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd\-checkconf
-\- NSD configuration file checker.
-.SH "SYNOPSIS"
-.LP
-.B nsd\-checkconf
-.RB [ \-v ]
-.RB [ \-h ]
-.RB [ \-o
-.IR option ]
-.RB [ \-z
-.IR zonename ]
-.RB [ \-s
-.IR keyname ]
-.I configfile
-.SH "DESCRIPTION"
-.LP
-.B nsd\-checkconf
-reads a configuration file. It prints parse errors to standard
-error, and performs additional checks on the contents. The
-configfile format is described in nsd.conf(5).
-.P
-The utility of this program is to check a config file for errors
-before using it in nsd(8) or nsd-zonec(8). This program can also be used
-for shell scripts to access the nsd config file, using the \-o and
-\-z options.
-.P
-.SH "OPTIONS"
-.TP
-.B \-v
-After reading print the options to standard output in configfile
-format. Without this option, only success or parse errors are
-reported.
-.TP
-.B \-h
-Print usage help information and exit.
-.TP
-.B \-o\fI option
-Return only this option from the config file. This option can
-to be used in conjunction with the
-.B \-z
-option.
-The special value
-.I zones
-prints out a list of configured zones.
-.P
-.RS
-This option is primarily used by
-.B nsdc
-to parse the config file from the shell. If the
-.B \-z
-option is given, but the
-.B \-o
-option is not given, nothing is printed.
-.RE
-.TP
-.B \-s\fI keyname
-Prints the key secret (base64 blob) configured for this key in the
-config file. Used to help shell scripts parse the config file.
-.TP
-.B \-z\fI zonename
-Return the option specified with
-.B \-o
-for zone 'zonename'.
-.P
-.RS
-If this option is not given, the server section of the config file
-is used. This option is primarily used by
-.B nsdc
-to parse the config file from the shell.
-.RE
-.P
-.RS
-The \-o, \-s and \-z option print configfile options to standard output.
-.RE
-.SH "FILES"
-.TP
-/etc/nsd.conf
-default
-.B NSD
-configuration file
-.SH "SEE ALSO"
-.LP
-nsd(8), nsdc(8), nsd.conf(5), nsd\-notify(8), nsd\-patch(8),
-nsd-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-notify.8 b/usr.sbin/nsd/nsd-notify.8
deleted file mode 100644
index a34810f80df..00000000000
--- a/usr.sbin/nsd/nsd-notify.8
+++ /dev/null
@@ -1,66 +0,0 @@
-.TH "nsd\-notify" "8" "@date@" "NLnet Labs" "nsd @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd\-notify
-\- program to send NOTIFY's to remote nameservers.
-.SH "SYNOPSIS"
-.LP
-.B nsd\-notify
-.RB [ \-4 ]
-.RB [ \-6 ]
-.RB [ \-h ]
-.RB [ \-a
-.IR address[@port] ]
-.RB [ \-p
-.IR port ]
-.RB [ \-y
-.IR key:secret[:algorithm] ]
-.B \-z
-.I zone servers
-.SH "DESCRIPTION"
-.LP
-.B Nsd\-notify
-is simple program to send NOTIFY's to remote nameservers.
-.B NSD
-is a complete implementation of an authoritative DNS nameserver.
-.SH "OPTIONS"
-.TP
-.B \-4
-Only send to IPv4 addresses.
-.TP
-.B \-6
-Only send to IPv6 addresses.
-.TP
-.B \-h
-Print help information and exit.
-.TP
-.B \-a\fI address[@port]
-Specify the source address (and port) to send from.
-.TP
-.B \-p\fI port
-Specify the port to send to.
-.TP
-.B \-y\fI key:secret[:algorithm]
-Specify a TSIG key and base64 encoded secret to sign the notification with. If
-the TSIG algorithm is not defined, MD5 is used.
-.TP
-.B z\fI zone
-Specify the zone to notify about.
-.TP
-.I servers
-List of nameservers to send to.
-.SH "EXAMPLES"
-.LP
-To run this program the standard way type:
-.LP
-.B # nsd\-notify \-z foobar.cz 1.2.3.4
-.SH "SEE ALSO"
-.LP
-nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8),
-nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS
-file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-patch.8 b/usr.sbin/nsd/nsd-patch.8
deleted file mode 100644
index 45aee1acb64..00000000000
--- a/usr.sbin/nsd/nsd-patch.8
+++ /dev/null
@@ -1,69 +0,0 @@
-.TH "nsd\-patch" "8" "@date@" "NLnet Labs" "nsd @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd\-patch
-\- NSD zone patcher version @version@.
-.SH "SYNOPSIS"
-.B nsd\-patch
-.RB [ \-c
-.IR configfile ]
-.RB [ \-f ]
-.RB [ \-h ]
-.RB [ \-l ]
-.RB [ \-o
-.IR dbfile ]
-.RB [ \-s ]
-.RB [ \-x
-.IR difffile ]
-.SH "DESCRIPTION"
-.LP
-.B Nsd\-patch
-is the zone patcher for nsd(8). It reads in the nsd database
-(nsd.db) and difffile (ixfr.db), and overwrites the zone text files
-if they have been updated. Running this regularly ensures that the
-difffile does not grow infinitely.
-.SH "OPTIONS"
-.TP
-.B \-c\fI configfile
-Read specified configfile instead of the default
-.IR /etc/nsd.conf .
-.TP
-.B \-f
-Forces writing zone files. Also zones that have not changed are written
-back to their zone files.
-.TP
-.B \-h
-Print usage help information and exit.
-.TP
-.B \-l
-List the journal entries from the difffile. Does not write to zone files.
-.TP
-.B \-o\fI dbfile
-Store the output directly to dbfile.
-.TP
-.B \-s
-Skip writing zone files. No zones are written back to their zone files.
-.TP
-.B \-x\fI difffile
-Read specified difffile. Overrides the config file setting.
-.SH "FILES"
-.TP
-/var/nsd/db/nsd.db
-default
-.B NSD
-database
-.TP
-/etc/nsd.conf
-default
-.B NSD
-configuration file
-.SH "SEE ALSO"
-nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8), nsd-notify(8),
-nsd-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-xfer.8 b/usr.sbin/nsd/nsd-xfer.8
deleted file mode 100644
index 93e1068d2b9..00000000000
--- a/usr.sbin/nsd/nsd-xfer.8
+++ /dev/null
@@ -1,83 +0,0 @@
-.TH "nsd\-xfer" "8" "@date@" "NLnet Labs" "nsd @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd\-xfer
-\- AXFR client to transfer zones from a name server
-.SH "SYNOPSIS"
-.LP
-.B nsd\-xfer
-.RB [ \-4 ]
-.RB [ \-6 ]
-.RB [ \-a
-.IR address[@port] ]
-.RB [ \-p
-.IR port ]
-.RB [ \-s
-.IR serial ]
-.RB [ \-T
-.IR tsiginfo ]
-.RB [ \-v ]
-.B \-z
-.I zone
-.B \-f
-.I file
-.I servers
-.SH "DESCRIPTION"
-.LP
-.B Nsd\-xfer
-is program to transfer zones from a name server using AXFR.
-.B NSD
-is a complete implementation of an authoritative DNS nameserver.
-.SH "OPTIONS"
-.LP
-.TP
-.B \-4
-Only send to IPv4 addresses.
-.TP
-.B \-6
-Only send to IPv6 addresses.
-.TP
-.B \-a\fI address[@port]
-Specify the source address (and port) to send from.
-.TP
-.B \-f\fI file
-The file to store the zone in.
-.TP
-.B \-p\fI port
-Specify the port to send to.
-.TP
-.B \-s\fI serial
-Specify the serial of the current zone. The zone is only transferred
-if the master server has a zone with a greater serial number.
-.TP
-.B \-T\fI tsiginfo
-Use TSIG to verify the zone transfer. The
-.I tsiginfo
-file must contain the TSIG key information. The file is removed
-upon successful reading of the key. The format of the tsiginfo file
-is described in the doc/README file (section 3.3).
-.TP
-.B \-v
-Be more verbose.
-.TP
-.B \-z\fI zone
-Specify the zone to receive.
-.TP
-.I servers
-List of nameservers to try.
-.SH "EXAMPLES"
-.LP
-To run this program the standard way type:
-.LP
-# nsd\-xfer \-z foobar.cz \-f foobar.cz.zone 1.2.3.4
-.SH "SEE ALSO"
-.LP
-nsd(8), nsdc(8), nsd.conf(5), nsd-checkconf(8),
-nsd-notify(8), nsd-patch(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see CREDITS
-file in the distribution for further details.
diff --git a/usr.sbin/nsd/nsd-zonec.8 b/usr.sbin/nsd/nsd-zonec.8
deleted file mode 100644
index c5ca4c70518..00000000000
--- a/usr.sbin/nsd/nsd-zonec.8
+++ /dev/null
@@ -1,126 +0,0 @@
-.TH "nsd-zonec" "8" "Apr 14, 2010" "NLnet Labs" "nsd 3.2.5"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd-zonec
-\- NSD zone compiler version 3.2.5.
-.SH "SYNOPSIS"
-.LP
-.B nsd-zonec
-.RB [ \-v ]
-.RB [ \-h ]
-.RB [ \-C ]
-.RB [ \-L ]
-.RB [ \-F ]
-.RB [ \-c
-.IR configfile ]
-.RB [ \-d
-.IR directory ]
-.RB [ \-o
-.IR origin ]
-.RB [ \-z
-.IR zonefile ]
-.RB [ \-f
-.IR database ]
-.SH "DESCRIPTION"
-.LP
-.B Zonec
-is the nsd(8) database compiler for creating name space databases
-from a set of input master zone files specified in nsd.conf(5) file.
-.LP
-It is normally invoked via nsdc(8) rebuild command.
-.B Zonec
-will then parse every zone in nsd.conf(5) file and add it to the
-name space database,
-.I /var/nsd/db/nsd.db
-by default, that is used by nsd(8) to answer incoming queries.
-.SH "OPTIONS"
-.TP
-.B \-c\fI configfile
-Read specified configfile instead of the default
-.IR /etc/nsd.conf .
-.TP
-.B \-C
-No config file is read (use with \-f, \-o and \-z).
-.TP
-.B \-d\fI directory
-Change the working directory to
-.I directory
-before doing any work. Overrides zonesdir: option in config file.
-.TP
-.B \-f\fI database
-Create the specified
-.I database
-instead of the file specified as database: in the config file.
-.TP
-.B \-o\fI origin
-Use this as the first origin. Zone information is read from
-zonefile specified with \-z. When reading zones from config file
-this option is ignored.
-.TP
-.B \-z\fI zonefile
-Reads all zone information from
-.IR zonefile .
-If
-.IR zonefile
-equals `\-`, then all zone information is read from stdin, making
-constructs like:
-.LP
-.RS
-.B # cat zones*
-|
-.B ./nsd-zonec \-C \-f nsd.db \-o example.net \-z \-
-.RE
-.LP
-.RS
-possible. When reading zones from config file this option is
-ignored.
-.RE
-.TP
-.B \-v
-Increase the verbosity of nsd-zonec. This flag can be specified multiple
-times to increase the level of verbosity. The first level of
-verbosity will print per zone summary information. The second level
-of will print progress information for each 10,000 RRs processed.
-.TP
-.B \-F
-Set debug facilities. (If compiled with \-\-enable\-checking.)
-.TP
-.B \-L
-Set debug level. (If compiled with \-\-enable\-checking.)
-.SH "FILES"
-.TP
-/var/nsd/db/nsd.db
-default
-.B NSD
-database
-.TP
-/etc/nsd/nsd.conf
-default
-.B NSD
-configuration file
-.SH "DIAGNOSTICS"
-.LP
-.B Zonec
-will log all the problems via the standard error output and
-progress via stdout if the
-.B v
-option is specified.
-.SH "SEE ALSO"
-.LP
-nsd(8), nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd-notify(8),
-nsd-patch(8), nsd-xfer(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
-.SH "BUGS"
-.LP
-.B Zonec
-has rather weak error diagnostics that will change in further
-versions.
-.B Zonec
-expects the input files to be free of syntax errors and very little
-fool proof checks are done.
diff --git a/usr.sbin/nsd/nsd.8 b/usr.sbin/nsd/nsd.8
deleted file mode 100644
index 27f995865a7..00000000000
--- a/usr.sbin/nsd/nsd.8
+++ /dev/null
@@ -1,266 +0,0 @@
-.TH "NSD" "8" "@date@" "NLnet Labs" "NSD @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd
-\- Name Server Daemon (NSD) version @version@.
-.SH "SYNOPSIS"
-.LP
-.B nsd
-.RB [ \-4 ]
-.RB [ \-6 ]
-.RB [ \-a
-.IR ip\-address[@port] ]
-.RB [ \-c
-.IR configfile ]
-.RB [ \-d ]
-.RB [ \-f
-.IR database ]
-.RB [ \-h ]
-.RB [ \-i
-.IR identity ]
-.RB [ \-I
-.IR nsid ]
-.RB [ \-l
-.IR logfile ]
-.RB [ \-N
-.IR server\-count ]
-.RB [ \-n
-.IR noncurrent\-tcp\-count ]
-.RB [ \-P
-.IR pidfile ]
-.RB [ \-p
-.IR port ]
-.RB [ \-s
-.IR seconds ]
-.RB [ \-t
-.IR chrootdir ]
-.RB [ \-u
-.IR username ]
-.RB [ \-V
-.IR level ]
-.RB [ \-v ]
-.SH "DESCRIPTION"
-.LP
-.B NSD
-is a complete implementation of an authoritative DNS nameserver.
-Upon startup,
-.B NSD
-will read the database specified with
-.B \-f
-.I database
-argument and put itself into background and answers queries on port
-53 or a different port specified with
-.B \-p
-.I port
-option. The
-.I database
-must be generated beforehand with nsd-zonec(8). By default,
-.B NSD
-will bind to all local interfaces available. Use the
-.B \-a
-.I ip\-address[@port]
-option to specify a single particular interface address to be
-bound. If this option is given more than once,
-.B NSD
-will bind its UDP and TCP sockets to all the specified ip\-addresses
-separately. If IPv6 is enabled when
-.B NSD
-is compiled an IPv6 address can also be specified.
-.P
-.SH "OPTIONS"
-.LP
-All the options can be specified in the configfile (
-.B \-c
-argument), except for the
-.B \-v
-and
-.B \-h
-options. If options are specified on the commandline, the options
-on the commandline take precedence over the options in the
-configfile.
-.P
-Normally
-.B NSD
-should be started with the `nsdc(8) start` command invoked from a
-.I /etc/rc.d/nsd.sh
-script or similar at the operating system startup.
-.TP
-.B \-4
-Only listen to IPv4 connections.
-.TP
-.B \-6
-Only listen to IPv6 connections.
-.TP
-.B \-a\fI ip\-address[@port]
-Listen to the specified
-.IR ip\-address .
-The
-.I ip\-address
-must be specified in numeric format (using the standard IPv4 or IPv6
-notation). Optionally, a port number can be given.
-This flag can be specified multiple times to listen to
-multiple IP addresses. If this flag is not specified,
-.B NSD
-listens to the wildcard interface.
-.TP
-.B \-c\fI configfile
-Read specified
-.I configfile instead of the default
-.IR /etc/nsd/nsd.conf .
-For format description see nsd.conf(5).
-.TP
-.B \-d
-Turn on debugging mode, do not fork, stay in the foreground.
-.TP
-.B \-f\fI database
-Use the specified
-.I database
-instead of the default of
-.IR /var/nsd/db/nsd.db .
-If a
-.B zonesdir:
-is specified in the config file this path can be relative to that
-directory.
-.TP
-.B \-h
-Print help information and exit.
-.TP
-.B \-i\fI identity
-Return the specified
-.I identity
-when asked for
-.I CH TXT ID.SERVER
-(This option is used to determine which server is answering the queries
-when they are multicast). The default is the name returned by
-gethostname(3).
-.TP
-.B \-I\fI nsid
-Add the specified
-.I nsid
-to the EDNS section of the answer when queried with an NSID EDNS
-enabled packet.
-.TP
-.B \-l\fI logfile
-Log messages to the specified
-.IR logfile .
-The default is to log to stderr and syslog. If a
-.B zonesdir:
-is specified in the config file this path can be relative to that
-directory.
-.TP
-.B \-N\fI count
-Start
-.I count
-.B NSD
-servers. The default is 1. Starting more than a single server is
-only useful on machines with multiple CPUs and/or network adapters.
-.TP
-.B \-n\fI number
-The maximum
-.I number
-of concurrent TCP connection that can be handled by each server. The
-default is 10.
-.TP
-.B \-P\fI pidfile
-Use the specified
-.I pidfile
-instead of the platform specific default, which is mostly
-.IR /var/nsd/run/nsd.pid .
-If a
-.B zonesdir:
-is specified in the config file, this path can be relative to that
-directory.
-.TP
-.B \-p\fI port
-Answer the queries on the specified
-.IR port .
-Normally this is port 53.
-.TP
-.B \-s\fI seconds
-.It Fl s Ar seconds
-Produce statistics dump every
-.I seconds
-seconds. This is equal to sending
-.I SIGUSR1
-to the daemon periodically.
-.TP
-.B \-t\fI chroot
-Specifies a directory to
-.I chroot
-to upon startup. This option requires you to ensure that appropriate
-syslogd(8) socket (e.g.
-.I chrootdir
-/dev/log) is available, otherwise
-.B NSD
-won't produce any log output.
-.TP
-.B \-u\fI username
-Drop user and group privileges to those of
-.I username
-after binding the socket.
-The
-.I username
-must be one of: username, id, or id.gid. For example: nsd, 80, or
-80.80.
-.TP
-.B \-V\fI level
-This value specifies the verbosity level for (non\-debug) logging.
-Default is 0.
-.TP
-.B \-v
-Print the version number of
-.B NSD
-to standard error and exit.
-.LP
-.B NSD
-reacts to the following signals:
-.TP
-SIGTERM
-Stop answering queries, shutdown, and exit normally.
-.TP
-SIGHUP
-Reload the database.
-.TP
-SIGUSR1
-Dump BIND8\-style statistics into the log. Ignored otherwise.
-.SH "FILES"
-.TP
-/var/nsd/db/nsd.db
-default
-.B NSD
-database
-.TP
-/var/nsd/run/nsd.pid
-the process id of the name server.
-.TP
-/etc/nsd.conf
-default
-.B NSD
-configuration file
-.SH "DIAGNOSTICS"
-.LP
-will log all the problems via the standard syslog(8)
-.I daemon
-facility, unless the
-.B \-d
-option is specified.
-.SH "SEE ALSO"
-.LP
-nsdc(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8),
-nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
-.SH "BUGS"
-.LP
-.B NSD
-will answer the queries erroneously if the
-.I database
-was not properly compiled with nsd-zonec(8). Therefore problems with
-misconfigured master zone files or nsd-zonec(8) bugs may not be visible
-until the queries are actually answered with
-.BR NSD .
diff --git a/usr.sbin/nsd/nsd.conf.5 b/usr.sbin/nsd/nsd.conf.5
deleted file mode 100644
index f4a2154263d..00000000000
--- a/usr.sbin/nsd/nsd.conf.5
+++ /dev/null
@@ -1,519 +0,0 @@
-.TH "nsd.conf" "5" "@date@" "NLnet Labs" "nsd @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsd.conf
-\- NSD configuration file
-.SH "SYNOPSIS"
-.LP
-.B nsd.conf
-.SH "DESCRIPTION"
-.B Nsd.conf
-is used to configure nsd(8). The file format has attributes and
-values. Some attributes have attributes inside them. The notation
-is: attribute: value.
-.PP
-Comments start with # and last to the end of line. Empty lines are
-ignored as is whitespace at the beginning of a line.
-.PP
-.B Nsd.conf
-specifies options for the nsd server, zone files, primaries and
-secondaries.
-.SH "EXAMPLE"
-.LP
-An example of a short nsd.conf file is below.
-.LP
-# Example.com nsd.conf file
-.RS 0
-# This is a comment.
-.RE
-.TP
-server:
-.RS 5
-database: "/var/nsd/db/nsd.db"
-.RE
-.RS 5
-username: nsd
-.RE
-.RS 5
-logfile: "/var/log/nsd.log"
-.RE
-.RS 5
-pidfile: "/var/nsd/run/nsd.pid"
-.RE
-.RS 5
-difffile: "/var/nsd/run/ixfr.db"
-.RE
-.RS 5
-xfrdfile: "/var/nsd/run/rfrd.state"
-.RE
-.TP
-zone:
-.RS 5
-name: example.com
-.RE
-.RS 5
-# note that quotes are optional on the value
-.RE
-.RS 5
-zonefile: /var/nsd/zones/example.com
-.RE
-.SH "FILE FORMAT"
-There must be whitespace between keywords. Attribute keywords end
-with a colon ':'. An attribute is followed by its containing
-attributes, or a value.
-.P
-At the top level only
-.B server:
-or
-.B zone:
-or
-.B key:
-are allowed. These are followed by their attributes or the start of
-a new
-.B server:
-or
-.B zone:
-or
-.B key:
-clause. The
-.B zone:
-attribute is followed by zone options. The
-.B server:
-attribute is followed by global options for the
-.B NSD
-server. A
-.B key:
-attribute is used to define keys for authentication.
-.P
-Files can be included using the
-.B include:
-directive. It can appear anywhere, and takes a single filename as
-an argument. Processing continues as if the text from the included
-file was copied into the config file at that point.
-.S "Server Options"
-.LP
-The global options (if not overridden from the NSD commandline) are
-taken from the
-.B server:
-clause. There may only be one
-.B server:
-clause.
-.TP
-.B ip\-address:\fR <ip4 or ip6>[@port]
-NSD will bind to the listed ip\-address. Can be give multiple times
-to bind multiple ip\-addresses. Optionally, a port number can be given.
-If none are given NSD listens to the wildcard interface. Same as commandline option
-.BR \-a.
-.TP
-.B debug\-mode:\fR <yes or no>
-Turns on debugging mode for nsd, does not fork a daemon process.
-Default is no. Same as commandline option
-.BR \-d.
-.TP
-.B ip4\-only:\fR <yes or no>
-If yes, NSD only listens to IPv4 connections. Same as commandline
-option
-.BR \-4.
-.TP
-.B ip6\-only:\fR <yes or no>
-If yes, NSD only listens to IPv6 connections. Same as commandline
-option
-.BR \-6.
-.TP
-.B database:\fR <filename>
-By default
-.I /var/nsd/db/nsd.db
-is used. The specified file is used to store the compiled
-zone information. Same as commandline option
-.BR \-f.
-.TP
-.B identity:\fR <string>
-Returns the specified identity when asked for CH TXT ID.SERVER.
-Default is the name as returned by gethostname(3). Same as
-commandline option
-.BR \-i .
-.TP
-.B nsid:\fR <string>
-Add the specified nsid to the EDNS section of the answer when queried
-with an NSID EDNS enabled packet. Same as commandline option
-.BR \-I .
-.TP
-.B logfile:\fR <filename>
-Log messages to the logfile. The default is to log to stderr and
-syslog (with facility LOG_DAEMON). Same as commandline option
-.BR \-l .
-.TP
-.B server\-count:\fR <number>
-.It \fBserver\-count:\fR <number>
-Start this many NSD servers. Default is 1. Same as commandline
-option
-.BR \-N .
-.TP
-.B tcp\-count:\fR <number>
-The maximum number of concurrent, active TCP connections by each server.
-Default is 10. This option should have a value below 1000.
-Same as commandline option
-.BR \-n .
-.TP
-.B tcp\-query\-count:\fR <number>
-The maximum number of queries served on a single TCP connection.
-Default is 0, meaning there is no maximum.
-.TP
-.B tcp\-timeout:\fR <number>
-Overrides the default TCP timeout. This also affects zone transfers over TCP.
-.TP
-.B ipv4\-edns\-size:\fR <number>
-Preferred EDNS buffer size for IPv4.
-.TP
-.B ipv6\-edns\-size:\fR <number>
-Preferred EDNS buffer size for IPv6.
-.TP
-.B pidfile:\fR <filename>
-Use the pid file instead of the platform specific default, usually
-.IR /var/run/nsd.pid.
-Same as commandline option
-.BR \-P .
-.TP
-.B port:\fR <number>
-Answer queries on the specified port. Default is 53. Same as
-commandline option
-.BR \-p .
-.TP
-.B statistics:\fR <number>
-If not present no statistics are dumped. Statistics are produced
-every number seconds. Same as commandline option
-.BR \-s .
-.TP
-.B chroot:\fR <directory>
-NSD will chroot on startup to the specified directory. Same as
-commandline option
-.BR \-t .
-.TP
-.B username:\fR <username>
-After binding the socket, drop user privileges and assume the
-username. Can be username, id or id.gid. Same as commandline option
-.BR \-u .
-.TP
-.B zonesdir:\fR <directory>
-Change the working directory to the specified directory before
-accessing zone files. Same as commandline option
-.B \-d
-for nsd-zonec(8). Also nsd(8) will access files (pid file, database
-file, log file) relative to this directory. Set the value to ""
-(the empty string) to disable the change of working directory.
-.TP
-.B difffile:\fR <filename>
-When NSD receives IXFR updates it will store them in this file.
-This file contains the differences between the database file and the
-latest zone version. Default is
-.IR /var/nsd/run/ixfr.db .
-.TP
-.B xfrdfile:\fR <filename>
-The soa timeout and zone transfer daemon in NSD will save its state
-to this file. State is read back after a restart. The state file can
-be deleted without too much harm, but timestamps of zones will be
-gone. For more details see the section on zone expiry behavior of
-NSD. Default is
-.IR /var/nsd/run/xfrd.state .
-.TP
-.B xrfd\-reload\-timeout:\fR <number>
-If this value is \-1, xfrd will not trigger a reload after a zone
-transfer. If positive xfrd will trigger a reload after a zone
-transfer, then it will wait for the number of seconds before it will
-trigger a new reload. Setting this value throttles the reloads to
-once per the number of seconds. The default is 10 seconds.
-.TP
-.B verbosity:\fR <level>
-This value specifies the verbosity level for (non\-debug) logging.
-Default is 0. 1 gives more information about incoming notifies and
-zone transfers. 2 lists soft warnings that are encountered.
-.TP
-.B hide\-version:\fR <yes or no>
-Prevent NSD from replying with the version string on CHAOS class
-queries.
-.SS "Zone Options"
-.LP
-For every zone the options need to be specified in one
-.B zone:
-clause. The access control list elements can be given multiple
-times to add multiple servers. These elements need to be added
-explicitly.
-.TP
-.B name:\fR <string>
-The name of the zone. This is the domain name of the apex of the
-zone. May end with a '.' (in FQDN notation). For example
-"example.com", "sub.example.net.". This attribute must be present in
-each zone.
-.TP
-.B zonefile:\fR <filename>
-The file containing the zone information. This file is used by
-nsd-zonec(8). This attribute must be present in each zone.
-.TP
-.B allow\-notify:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED>
-Access control list. The listed (primary) address is allowed to
-send notifies to this (secondary) server. Notifies from unlisted or
-specifically BLOCKED addresses are discarded. If NOKEY is given no
-TSIG signature is required.
-.P
-.RS
-The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be
-a subnet of the form 1.2.3.4/24, or masked like
-1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25.
-A port number can be added using a suffix of @number, for example
-1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300.
-Note the ip\-spec ranges do not use spaces around the /, &, @ and \-
-symbols.
-.RE
-.TP
-.B request\-xfr:\fR [AXFR|UDP] <ip\-address> <key\-name | NOKEY>
-Access control list. The listed address (the master) is queried for
-AXFR/IXFR on update. The specified key is used during AXFR/IXFR.
-.P
-.RS
-If the AXFR option is given, the server will not be contacted with
-IXFR queries but only AXFR requests will be made to the server. This
-allows an NSD secondary to have a master server that runs NSD. If
-the AXFR option is left out then both IXFR and AXFR requests are
-made to the master server.
-.P
-If the UDP option is given, the secondary will use UDP to transmit the IXFR
-requests. You should deploy TSIG when allowing UDP transport, to authenticate
-notifies and zone transfers. Otherwise, NSD is more vulnerable for
-Kaminsky-style attacks. If the UDP option is left out then IXFR will be
-transmitted using TCP.
-.RE
-.TP
-.B allow\-axfr\-fallback:\fR <yes or no>
-This option should be accompanied by request-xfr. It (dis)allows NSD (as secondary)
-to fallback to AXFR if the primary name server does not support IXFR. Default is yes.
-.TP
-.B notify:\fR <ip\-address> <key\-name | NOKEY>
-Access control list. The listed address (a secondary) is notified
-of updates to this zone. The specified key is used to sign the
-notify. Only on secondary configurations will NSD be able to detect
-zone updates (as it gets notified itself, or refreshes after a
-time).
-.TP
-.B notify\-retry:\fR <number>
-This option should be accompanied by notify. It sets the number of retries
-when sending notifies.
-.TP
-.B provide\-xfr:\fR <ip\-spec> <key\-name | NOKEY | BLOCKED>
-Access control list. The listed address (a secondary) is allowed to
-request AXFR from this server. Zone data will be provided to the
-address. The specified key is used during AXFR. For unlisted or
-BLOCKED addresses no data is provided, requests are discarded.
-.P
-.RS
-The ip\-spec is either a plain IP address (IPv4 or IPv6), or can be
-a subnet of the form 1.2.3.4/24, or masked like
-1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25.
-A port number can be added using a suffix of @number, for example
-1.2.3.4@5300 or 1.2.3.4/24@5300 for port 5300. Note the ip\-spec
-ranges do not use spaces around the /, &, @ and \- symbols.
-.RE
-.TP
-.B outgoing\-interface:\fR <ip\-address>
-Access control list. The listed address is used to request AXFR|IXFR (in case of
-a secondary) or used to send notifies (in case of a primary).
-.P
-.RS
-The ip\-address is either a plain IP address (IPv4 or IPv6), or can be
-a subnet of the form 1.2.3.4/24, or masked like
-1.2.3.4&255.255.255.0 or a range of the form 1.2.3.4\-1.2.3.25.
-.RE
-.SS "Key Declarations"
-The
-.B key:
-clause establishes a key for use in access control lists. It has
-the following attributes.
-.TP
-.B name:\fR <string>
-The key name. Used to refer to this key in the access control list.
-.TP
-.B algorithm:\fR <string>
-Authentication algorithm for this key.
-.TP
-.B secret:\fR <base64 blob>
-The base64 encoded shared secret. It is possible to put the
-.B secret:
-declaration (and base64 blob) into a different file, and then to
-.B include:
-that file. In this way the key secret and the rest of the configuration
-file, which may have different security policies, can be split apart.
-.SH "NSD CONFIGURATION FOR BIND9 HACKERS"
-BIND9 is a name server implementation with its own configuration
-file format, named.conf(5). BIND9 types zones as 'Master' or 'Slave'.
-.SS "Slave zones"
-For a slave zone, the master servers are listed. The master servers are
-queried for zone data, and are listened to for update notifications.
-In NSD these two properties need to be configured seperately, by listing
-the master address in allow\-notify and request\-xfr statements.
-.P
-In BIND9 you only need to provide allow\-notify elements for
-any extra sources of notifications (i.e. the operators), NSD needs to have
-allow\-notify for both masters and operators. BIND9 allows
-additional transfer sources, in NSD you list those as request\-xfr.
-.P
-Here is an example of a slave zone in BIND9 syntax.
-.P
-# Config file for example.org
-options {
-.RS 5
-dnssec\-enable yes;
-.RE
-.RS 0
-};
-.RE
-.LP
-key tsig.example.org. {
-.RS 5
-algorithm hmac\-md5;
-.RE
-.RS 5
-secret "aaaaaabbbbbbccccccdddddd";
-.RE
-};
-.LP
-server 162.0.4.49 {
-.RS 5
-keys { tsig.example.org. ; };
-.RE
-};
-.LP
-zone "example.org" {
-.RS 5
-type slave;
-.RE
-.RS 5
-file "secondary/example.org.signed";
-.RE
-.RS 5
-masters { 162.0.4.49; };
-.RE
-};
-.P
-For NSD, DNSSEC is enabled automatically for zones that are signed. The
-dnssec\-enable statement in the options clause is not needed. In NSD
-keys are associated with an IP address in the access control list
-statement, therefore the server{} statement is not needed. Below is
-the same example in an NSD config file.
-.LP
-# Config file for example.org
-.RS 0
-key:
-.RE
-.RS 5
-name: tsig.example.org.
-.RE
-.RS 5
-algorithm: hmac\-md5
-.RE
-.RS 5
-secret: "aaaaaabbbbbbccccccdddddd"
-.RE
-.LP
-zone:
-.RS 5
-name: "example.org"
-.RE
-.RS 5
-zonefile: "secondary/example.org.signed"
-.RE
-.RS 5
-# the master is allowed to notify and will provide zone data.
-.RE
-.RS 5
-allow\-notify: 162.0.4.49 NOKEY
-.RE
-.RS 5
-request\-xfr: 162.0.4.49 tsig.example.org.
-.RE
-.P
-Notice that the master is listed twice, once to allow it to send notifies
-to this slave server and once to tell the slave server where to look for
-updates zone data. More allow\-notify and request\-xfr lines can be
-added to specify more masters.
-.P
-It is possible to specify extra allow\-notify lines for addresses
-that are also allowed to send notifications to this slave server.
-.SS "Master zones"
-For a master zone in BIND9, the slave servers are listed. These slave
-servers are sent notifications of updated and are allowed to request
-transfer of the zone data. In NSD these two properties need to be
-configured seperately.
-.P
-Here is an example of a master zone in BIND9 syntax.
-.LP
-zone "example.nl" {
-.RS 5
-type master;
-.RE
-.RS 5
-file "example.nl";
-.RE
-};
-.LP
-In NSD syntax this becomes:
-.LP
-zone:
-.RS 5
-name: "example.nl"
-.RE
-.RS 5
-zonefile: "example.nl"
-.RE
-.RS 5
-# allow anybody to request xfr.
-.RE
-.RS 5
-provide\-xfr: 0.0.0.0/0 NOKEY
-.RE
-.RS 5
-provide\-xfr: ::0/0 NOKEY
-.RE
-.P
-.RS 5
-# to list a slave server you would in general give
-.RE
-.RS 5
-# provide\-xfr: 1.2.3.4 tsig\-key.name.
-.RE
-.RS 5
-# notify: 1.2.3.4 NOKEY
-.RE
-.SS "Other"
-NSD is an authoritative only DNS server. This means that it is
-meant as a primary or secondary server for zones, providing DNS
-data to DNS resolvers and caches. BIND9 can function as an
-authoritative DNS server, the configuration options for that are
-compared with those for NSD in this section. However, BIND9 can
-also function as a resolver or cache. The configuration options that
-BIND9 has for the resolver or caching thus have no equivalents for NSD.
-.SH "FILES"
-.TP
-/var/nsd/db/nsd.db
-default
-.B NSD
-database
-.TP
-/etc/nsd.conf
-default
-.B NSD
-configuration file
-.SH "SEE ALSO"
-.LP
-nsd(8), nsdc(8), nsd\-checkconf(8), nsd-notify(8),
-nsd-patch(8), nsd-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
-.SH "BUGS"
-.LP
-.B nsd.conf
-is parsed by a primitive parser, error messages may not be to the
-point.
diff --git a/usr.sbin/nsd/nsdc.8 b/usr.sbin/nsd/nsdc.8
deleted file mode 100644
index ca59dc3a4d1..00000000000
--- a/usr.sbin/nsd/nsdc.8
+++ /dev/null
@@ -1,167 +0,0 @@
-.TH "NSDC" "8" "@date@" "NLnet Labs" "NSDC @version@"
-.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
-.\" See LICENSE for the license.
-.SH "NAME"
-.LP
-.B nsdc
-\- Name Server Daemon (NSD) control script.
-.SH "SYNOPSIS"
-.LP
-.B nsdc
-.RB [ \-c
-.IR configfile ]
-.I start
-|
-.I stop
-|
-.I reload
-|
-.I rebuild
-|
-.I restart
-|
-.I running
-|
-.I update
-|
-.I notify
-|
-.I patch
-.SH "DESCRIPTION"
-.LP
-.B Nsdc
-is the shell script that used to control nsd(8) and nsd-zonec(8) from
-.B NSD
-distribution.
-.B Nsdc
-is also suitable to be linked into
-.I /etc/rc.d
-directory on
-.I BSD
-like systems for automatic startup of nsd(8) at boot time.
-.P
-At every invokation,
-.B nsdc
-will try to read the nsd.conf(5) configuration file. An example of
-such configuration file is distributed with the
-.B NSD
-package as
-.IR nsd.conf.sample .
-The config file is checked for errors before it is used, see
-nsd\-checkconf(8).
-.P
-Possible
-.B nsdc
-applications are:
-.TP
-.I start
-Start nsd(8).
-.TP
-.I stop
-Shut down nsd(8) by sending
-.I SIGTERM
-to it.
-.TP
-.I reload
-Initiate nsd(8) name space database reload by sending
-.IR SIGHUP.
-.TP
-.I rebuild
-Rebuild the nsd(8) database by invoking nsd-zonec(8) with appropriate
-arguments.
-.TP
-.I restart
-Restart nsdc(8). This equals to nsdc stop && nsdc start.
-.TP
-.I running
-Check whether nsd(8) is running. Returns error message and error
-code if it is not running, and no message and zero error code
-otherwise.
-.TP
-.I update
-Updates all the slave zones which have
-.I allow\-notify:
-from localhost (127.0.0.1 or ::1) allowed.
-If a TSIG key is specified for the allow\-notify statement in the
-config file, it will be used to secure the notify. Note that NSD
-keeps track of zone timeouts automatically, this is only needed if
-you want to manually force updates by sending notify messages to the
-localhost.
-.P
-.RS
-Another method you can use is to stop nsd, delete the xfrd.state
-file and then start nsd again. It will try to update all zones.
-This method does not require allow\-notify: statements.
-.RE
-.TP
-.I notify
-Sends notify messages to all the slaves for all the zones that have the
-.I notify:
-keyword in the
-.I nsd.conf
-file. If a TSIG key is specified for a notify statement, it will be
-used to secure the notification message to that slave server.
-.TP
-.I patch
-Merge zone transfer changes back to zone files. It reads in the nsd
-database (nsd.db) and difffile (ixfr.db), and overwrites the zone
-text files if they have been updated. Running this regularly
-ensures that the difffile does not grow infinitely.
-.SH "OPTIONS"
-.TP
-.B \-c\fI configfile
-Specify configfile to use instead of the default
-.IR /etc/nsd.conf .
-.SH "FILES"
-.TP
-/etc/nsd.conf
-Configuration file for nsd to change default pathnames and
-.B NSD
-flags. The zone names, pathnames to zone files and access control
-lists are also in nsd.conf(5).
-.TP
-/var/nsd/db/nsd.db
-default
-.B NSD
-database
-.TP
-/var/nsd/db/nsd.db.lock
-Lockfile for the
-.B NSD
-database access by operator tools.
-.TP
-/var/nsd/run/ixfr.db
-Journal of zone transfers, the diff file containing the new zone
-contents transferred.
-.TP
-/var/nsd/run/xfrd.state
-State for the zone transfer process of
-.BR NSD.
-Contains timeouts for the zones and whether zones are expired.
-.TP
-/var/nsd/run/nsd.pid
-the process id of the name server.
-.SH "DIAGNOSTICS"
-.LP
-.B Nsdc
-will return zero return code if operation was successful and
-an error message to standard output plus a non\-zero return code
-otherwise.
-.SH "SEE ALSO"
-.LP
-nsd(8), nsd.conf(5), nsd\-checkconf(8), nsd\-notify(8),
-nsd\-patch(8), nsd\-xfer(8), nsd-zonec(8)
-.SH "AUTHORS"
-.LP
-.B NSD
-was written by NLnet Labs and RIPE NCC joint team. Please see
-CREDITS file in the distribution for further details.
-.SH "BUGS"
-Syntax checking of the config file is rudimentary and error
-messages may be wrong. If you do a nsdc patch, whilst a (long) zone
-transfer is busy, the zone transfer contents will be partially
-lost. After a reload, this will be detected and the zone transfer
-should be restarted. The reload that happens at the end of nsdc
-patch also frees up memory churn in
-.B NSD
-caused by zone transfers.