diff --git a/doc/manual/source/man/dnst-key2ds.rst b/doc/manual/source/man/dnst-key2ds.rst index 844880c4..452c8578 100644 --- a/doc/manual/source/man/dnst-key2ds.rst +++ b/doc/manual/source/man/dnst-key2ds.rst @@ -14,6 +14,13 @@ Description The following file will be created for each key: ``K++.ds``. The base name ``K++`` will be printed to stdout. +Arguments +--------- + +.. option:: + + ```` must be a file containing one or more RFC 4034 ``DNSKEY`` + resource records in presentation format. Options ------- diff --git a/doc/manual/source/man/dnst-keygen.rst b/doc/manual/source/man/dnst-keygen.rst index e47b7617..49ee1b85 100644 --- a/doc/manual/source/man/dnst-keygen.rst +++ b/doc/manual/source/man/dnst-keygen.rst @@ -28,12 +28,20 @@ The following files will be created: Upon completion, ``K++`` will be printed. +Arguments +--------- + +.. option:: + + The owner name of the apex of the zone which the generated key is + intended to sign. + Options ------- .. option:: -a - Use the given signing algorithm. + Use the given signing algorithm. Mandatory. Possible values are: diff --git a/doc/manual/source/man/dnst-notify.rst b/doc/manual/source/man/dnst-notify.rst index 57e4a2d9..df3638ea 100644 --- a/doc/manual/source/man/dnst-notify.rst +++ b/doc/manual/source/man/dnst-notify.rst @@ -9,19 +9,32 @@ Synopsis Description ----------- -**dnst notify** sends a NOTIFY message to the specified name servers. A name -server can be specified as a domain name or IP address. +**dnst notify** sends a NOTIFY message to the specified name servers. This tells them that an updated zone is available at the primaries. It can perform TSIG signatures, and it can add a SOA serial number of the updated zone. If a server already has that serial number it will disregard the message. +Arguments +--------- + +.. option:: ... + + One or more name servers to which NOTIFY messages will be sent, by + default on port 53. + + Each name server can be specified as a domain name or IP address. + Options ------- .. option:: -z - The zone to send the NOTIFY for. + The zone to send the NOTIFY for. Mandatory. + +.. option:: -I
+ + Source IP to send the message from. .. option:: -I
diff --git a/doc/manual/source/man/dnst-nsec3-hash.rst b/doc/manual/source/man/dnst-nsec3-hash.rst index a72450f5..809ec7b7 100644 --- a/doc/manual/source/man/dnst-nsec3-hash.rst +++ b/doc/manual/source/man/dnst-nsec3-hash.rst @@ -11,6 +11,13 @@ Description **dnst nsec3-hash** prints the NSEC3 hash of a given domain name. +Arguments +--------- + +.. option:: + + The domain name to generate an NSEC3 hash for. + Options ------- diff --git a/doc/manual/source/man/dnst-signzone.rst b/doc/manual/source/man/dnst-signzone.rst index aab57362..7274b8ca 100644 --- a/doc/manual/source/man/dnst-signzone.rst +++ b/doc/manual/source/man/dnst-signzone.rst @@ -4,13 +4,15 @@ dnst signzone Synopsis -------- -:program:`dnst signzone` ``[OPTIONS]`` ```` ``...`` +:program:`dnst signzone` ``[OPTIONS]`` ``-o `` ```` ``...`` Description ----------- **dnst signzone** signs the zonefile with the given key(s). +Signing a zone adds DNS Security Extensions (DNSSEC) resource records + Keys must be specified by their base name (usually ``K++``), i.e. WITHOUT the ``.private`` or ``.key`` extension. Both ``.private`` and ``.key`` files are required. @@ -51,7 +53,7 @@ Options .. option:: -o - Set the origin for the zone. Mandatory. + Use this owner name as the apex of the zone. Mandatory. .. option:: -u diff --git a/doc/manual/source/man/dnst-update.rst b/doc/manual/source/man/dnst-update.rst index 6d4752b5..f82bc527 100644 --- a/doc/manual/source/man/dnst-update.rst +++ b/doc/manual/source/man/dnst-update.rst @@ -10,36 +10,43 @@ Synopsis Description ----------- -**dnst update** sends a dynamic update packet to update an IP (or delete all -existing IPs) for a domain name. +**dnst update** sends an RFC 2136 Dynamic Update message to the name servers +for a zone to update an IP address (or delete all existing IP addresses) for a +domain name. + +The message to be sent can be optionally authenticated using a given TSIG key. Arguments --------- .. option:: - The domain name to update the IP address of + The domain name to update the IP address of. .. option:: - The zone to send the update to (if omitted, derived from SOA record) + The zone to send the update to (if omitted, derived from SOA record). .. option:: - The IP to update the domain with (``none`` to remove any existing IPs) + The IP address to update the domain with (``none`` to remove any + existing IP addresses) .. option:: - TSIG key name + TSIG key name. .. option:: - TSIG algorithm (e.g. "hmac-sha256") + TSIG algorithm (e.g. "hmac-sha256"). .. option:: Base64 encoded TSIG key data. +Options: +-------- + .. option:: -h, --help Print the help text (short summary with ``-h``, long help with diff --git a/doc/manual/source/man/ldns-key2ds.rst b/doc/manual/source/man/ldns-key2ds.rst index daf14b4a..16585c0b 100644 --- a/doc/manual/source/man/ldns-key2ds.rst +++ b/doc/manual/source/man/ldns-key2ds.rst @@ -18,7 +18,6 @@ It prints out the basename for this file (``K++``). By default, it takes a pick of algorithm similar to the key algorithm, SHA1 for RSASHA1, and so on. - Options ------- diff --git a/doc/manual/source/man/ldns-keygen.rst b/doc/manual/source/man/ldns-keygen.rst index 6f3703dc..677dcb96 100644 --- a/doc/manual/source/man/ldns-keygen.rst +++ b/doc/manual/source/man/ldns-keygen.rst @@ -9,17 +9,13 @@ Synopsis Description ----------- -**ldns-keygen** is used to generate a private/public keypair. When run, it will -create 3 files; a ``.key`` file with the public DNSKEY, a ``.private`` file -with the private keydata and a ``.ds`` file with the DS record of the DNSKEY -record. +**ldns-keygen** is used to generate a private/public keypair. -.. **ldns-keygen** can also be used to create symmetric keys (for TSIG) by -.. selecting the appropriate algorithm: hmac-md5.sig-alg.reg.int, hmac-sha1, -.. hmac-sha224, hmac-sha256, hmac-sha384 or hmac-sha512. In that case no DS record -.. will be created and no .ds file. +When run, it will create 3 files; a ``.key`` file with the public DNSKEY, a +``.private`` file with the private keydata and a ``.ds`` file with the DS +record of the DNSKEY record. -ldns-keygen prints the basename for the key files: ``K++`` +**ldns-keygen** prints the basename for the key files: ``K++`` Options ------- @@ -31,6 +27,9 @@ Options versions and other software), the list gives names from the RFC. Also the plain algorithm number is accepted. + Note: Unlike the original LDNS, this implementation does not support + creation of symmetric keys (for TSIG). + .. option:: -b Use this many bits for the key length. diff --git a/doc/manual/source/man/ldns-notify.rst b/doc/manual/source/man/ldns-notify.rst index 43360118..b50f2565 100644 --- a/doc/manual/source/man/ldns-notify.rst +++ b/doc/manual/source/man/ldns-notify.rst @@ -57,4 +57,3 @@ Options .. option:: -v Print the version and exit. - diff --git a/doc/manual/source/man/ldns-signzone.rst b/doc/manual/source/man/ldns-signzone.rst index b91f83cc..b4b5c46e 100644 --- a/doc/manual/source/man/ldns-signzone.rst +++ b/doc/manual/source/man/ldns-signzone.rst @@ -47,7 +47,7 @@ Arguments Note: Unlike the original LDNS: - Public keys corresponding to ``.private`` key MUST be supplied, either as DNSKEY RRs in the given zone or as ``.key`` files. This - Implementation is not able to generate missing public keys. + implementation is not able to generate missing public keys. - Supported DNSKEY algorithms are the ones supported by the domain crate. Supported algorithms include RSASHA256, ECDSAP256SHA256, and ED25519 but exclude RSHASHA1 and @@ -113,13 +113,15 @@ Options .. option:: -o - Use this as the origin for the zone (only necessary for zonefiles with - relative names and no $ORIGIN). + Use this owner name as the apex of the zone. + + If not specified the owner name of the first SOA record will be used as + the apex of the zone. .. option:: -u Set the SOA serial in the resulting zonefile to the given number of - seconds since Jan 1st 1970. + seconds since January 1st 1970. .. option:: -u