Commit c6779948 authored by Ondřej Surý's avatar Ondřej Surý

Generate man pages directly from sphinx instead of using local copies

parent 7289c940
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = libtap src tests tests-fuzz samples doc man
SUBDIRS = libtap src tests tests-fuzz samples doc
singlehtml install-singlehtml:
$(MAKE) -C doc $@
......
......@@ -393,7 +393,6 @@ AM_CONDITIONAL([HAVE_MAKEINFO], test "$MAKEINFO" != "false")
AC_CONFIG_FILES([Makefile
doc/Makefile
man/Makefile
samples/Makefile
libtap/Makefile
src/Makefile
......@@ -405,15 +404,6 @@ AC_CONFIG_FILES([Makefile
src/dnssec/tests/Makefile
src/dnssec/utils/Makefile
doc/conf_autotools.py
man/kdig.1
man/keymgr.8
man/khost.1
man/knot.conf.5
man/knot1to2.1
man/knotc.8
man/knotd.8
man/knsec3hash.1
man/knsupdate.1
])
AC_OUTPUT
......
......@@ -87,8 +87,21 @@ info-local install-info-local:
@echo "able to generate info pages."
endif
man:
$(SPHINXBUILD) -b man -D version="__VERSION__" -D today="__DATE__" -d $(SPHINXBUILDDIR)/doctrees-man $(ALLSPHINXOPTS) $(SPHINXBUILDDIR)/man
MANPAGES =
if HAVE_DAEMON
MANPAGES += _build/man/knot.conf.5 _build/man/knotc.8 _build/man/knotd.8
endif # HAVE_DAEMON
if HAVE_UTILS
MANPAGES += _build/man/kdig.1 _build/man/khost.1 _build/man/knsupdate.1 _build/man/knot1to2.1 _build/man/knsec3hash.1 _build/man/keymgr.8
endif # HAVE_UTILS
dist_man_MANS = $(MANPAGES)
man: $(MANPAGES)
$(MANPAGES):
$(SPHINXBUILD) -b man -D version="@VERSION@" -D today="@RELEASE_DATE@" -d $(SPHINXBUILDDIR)/doctrees-man $(ALLSPHINXOPTS) $(SPHINXBUILDDIR)/man
@echo
@echo "Build finished. The man pages are in $(SPHINXBUILDDIR)/man."
......
MANPAGES =
if HAVE_DAEMON
MANPAGES += knot.conf.5 knotc.8 knotd.8
endif # HAVE_DAEMON
if HAVE_UTILS
MANPAGES += kdig.1 khost.1 knsupdate.1 knot1to2.1 knsec3hash.1 keymgr.8
endif # HAVE_UTILS
dist_man_MANS = $(MANPAGES)
clean-local:
-rm *.1 *.5 *.8
.\" Man page generated from reStructuredText.
.
.TH "KDIG" "1" "@RELEASE_DATE@" "@VERSION@" "Knot DNS"
.SH NAME
kdig \- Advanced DNS lookup utility
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBkdig\fP [\fIcommon\-settings\fP] [\fIquery\fP [\fIsettings\fP]]...
.sp
\fBkdig\fP \fB\-h\fP
.SH DESCRIPTION
.sp
This utility sends one or more DNS queries to a nameserver. Each query can have
individual \fIsettings\fP, or it can be specified globally via \fIcommon\-settings\fP,
which must precede \fIquery\fP specification.
.SS Parameters
.INDENT 0.0
.TP
\fIquery\fP
\fIname\fP | \fB\-q\fP \fIname\fP | \fB\-x\fP \fIaddress\fP | \fB\-G\fP \fItapfile\fP
.TP
\fIcommon\-settings\fP, \fIsettings\fP
[\fIclass\fP] [\fItype\fP] [\fB@\fP\fIserver\fP]... [\fIoptions\fP]
.TP
\fIname\fP
Is a domain name that is to be looked up.
.TP
\fIserver\fP
Is a domain name or an IPv4 or IPv6 address of the nameserver to send a query
to. An additional port can be specified using address:port ([address]:port
for IPv6 address), address@port, or address#port notation. If no server is
specified, the servers from \fB/etc/resolv.conf\fP are used.
.UNINDENT
.sp
If no arguments are provided, \fBkdig\fP sends NS query for the root
zone.
.SS Options
.INDENT 0.0
.TP
\fB\-4\fP
Use IPv4 protocol only.
.TP
\fB\-6\fP
Use IPv6 protocol only.
.TP
\fB\-b\fP \fIaddress\fP
Set the source IP address of the query to \fIaddress\fP\&. The address must be a
valid address for local interface or :: or 0.0.0.0. Optional port
can be specified in the same format as \fIserver\fP value.
.TP
\fB\-c\fP \fIclass\fP
Set query class (e.g. CH, CLASS4). An explicit variant of \fIclass\fP
specification. The default class is IN.
.TP
\fB\-d\fP
Enable debug messages.
.TP
\fB\-h\fP, \fB\-\-help\fP
Print help and usage.
.TP
\fB\-k\fP \fIkeyfile\fP
Use TSIG or SIG\-0 key stored in a file \fIkeyfile\fP to authenticate the request.
Supported file format is the same as generated by ISC \fBdnssec\-keygen\fP\&.
The key comprises of public (.key extension) and private part (.private
extension). Either of these file names or a name without the extension can be
specified as \fIkeyfile\fP parameter.
.TP
\fB\-p\fP \fIport\fP
Set nameserver port number or service name to send a query to. The default
port is 53.
.TP
\fB\-q\fP \fIname\fP
Set query name. An explicit variant of \fIname\fP specification.
.TP
\fB\-t\fP \fItype\fP
Set query type (e.g. NS, IXFR=12345, TYPE65535). An explicit variant of
\fItype\fP specification. The default type is A. It is also possible to use
NOTIFY parameter to send a notify message.
.TP
\fB\-v\fP, \fB\-\-version\fP
Print program version.
.TP
\fB\-x\fP \fIaddress\fP
Send reverse (PTR) query for IPv4 or IPv6 \fIaddress\fP\&. Correct name, class
and type is set automatically.
.TP
\fB\-y\fP [\fIalg\fP:]\fIname\fP:\fIkey\fP
Use TSIG key with a name \fIname\fP to authenticate the request. The \fIalg\fP
part specifies the algorithm (the default is hmac\-md5) and \fIkey\fP specifies
the shared secret encoded in Base64.
.TP
\fB\-E\fP \fItapfile\fP
Export a dnstap trace of the query and response messages received to the
file \fItapfile\fP\&.
.TP
\fB\-G\fP \fItapfile\fP
Generate message output from a previously saved dnstap file \fItapfile\fP\&.
.TP
\fB+\fP[\fBno\fP]\fBmultiline\fP
Wrap long records to more lines and improve human readability.
.TP
\fB+\fP[\fBno\fP]\fBshort\fP
Show record data only.
.TP
\fB+\fP[\fBno\fP]\fBaaflag\fP
Set AA flag.
.TP
\fB+\fP[\fBno\fP]\fBtcflag\fP
Set TC flag.
.TP
\fB+\fP[\fBno\fP]\fBrdflag\fP
Set RD flag.
.TP
\fB+\fP[\fBno\fP]\fBrecurse\fP
Same as \fB+\fP[\fBno\fP]\fBrdflag\fP
.TP
\fB+\fP[\fBno\fP]\fBraflag\fP
Set RA flag.
.TP
\fB+\fP[\fBno\fP]\fBzflag\fP
Set zero flag bit.
.TP
\fB+\fP[\fBno\fP]\fBadflag\fP
Set AD flag.
.TP
\fB+\fP[\fBno\fP]\fBcdflag\fP
Set CD flag.
.TP
\fB+\fP[\fBno\fP]\fBdnssec\fP
Set DO flag.
.TP
\fB+\fP[\fBno\fP]\fBall\fP
Show all packet sections.
.TP
\fB+\fP[\fBno\fP]\fBqr\fP
Show query packet.
.TP
\fB+\fP[\fBno\fP]\fBheader\fP
Show packet header.
.TP
\fB+\fP[\fBno\fP]\fBopt\fP
Show EDNS pseudosection.
.TP
\fB+\fP[\fBno\fP]\fBquestion\fP
Show question section.
.TP
\fB+\fP[\fBno\fP]\fBanswer\fP
Show answer section.
.TP
\fB+\fP[\fBno\fP]\fBauthority\fP
Show authority section.
.TP
\fB+\fP[\fBno\fP]\fBadditional\fP
Show additional section.
.TP
\fB+\fP[\fBno\fP]\fBtsig\fP
Show TSIG pseudosection.
.TP
\fB+\fP[\fBno\fP]\fBstats\fP
Show trailing packet statistics.
.TP
\fB+\fP[\fBno\fP]\fBclass\fP
Show DNS class.
.TP
\fB+\fP[\fBno\fP]\fBttl\fP
Show TTL value.
.TP
\fB+\fP[\fBno\fP]\fBtcp\fP
Use TCP protocol (default is UDP for standard query and TCP for AXFR/IXFR).
.TP
\fB+\fP[\fBno\fP]\fBfail\fP
Stop querying next nameserver if SERVFAIL response is received.
.TP
\fB+\fP[\fBno\fP]\fBignore\fP
Don\(aqt use TCP automatically if truncated reply is received.
.UNINDENT
.sp
\fB+\fP[\fBno\fP]\fBnsid\fP
.INDENT 0.0
.INDENT 3.5
Request nameserver identifier (NSID).
.UNINDENT
.UNINDENT
.INDENT 0.0
.TP
\fB+\fP[\fBno\fP]\fBedns\fP=\fIN\fP
Use EDNS version (default is 0).
.TP
\fB+noidn\fP
Disable IDN transformation to ASCII and vice versa. IDNA2003 support depends
on libidn availability during project building!
.TP
\fB+generic\fP
Use the generic representation format when printing resource record types
and data.
.TP
\fB+client\fP=\fISUBN\fP
Set EDNS client subnet SUBN=IP/prefix.
.TP
\fB+time\fP=\fIT\fP
Set wait for reply interval in seconds (default is 5 seconds). This timeout
applies to each query try.
.TP
\fB+retry\fP=\fIN\fP
Set number (>=0) of UDP retries (default is 2). This doesn\(aqt apply to
AXFR/IXFR.
.TP
\fB+bufsize\fP=\fIB\fP
Set EDNS buffer size in bytes (default is 512 bytes).
.UNINDENT
.SH NOTES
.sp
Options \fB\-k\fP and \fB\-y\fP cannot be used mutually.
.sp
Missing features with regard to ISC dig:
.INDENT 0.0
.INDENT 3.5
Options \fB\-f\fP and \fB\-m\fP and query options:
\fB+split\fP=\fIW\fP,
\fB+tries\fP=\fIT\fP,
\fB+ndots\fP=\fID\fP,
\fB+domain\fP=\fIsomename\fP,
\fB+trusted\-key\fP=\fI####\fP,
\fB+\fP[\fBno\fP]\fBvc\fP,
\fB+\fP[\fBno\fP]\fBsearch\fP,
\fB+\fP[\fBno\fP]\fBshowsearch\fP,
\fB+\fP[\fBno\fP]\fBdefname\fP,
\fB+\fP[\fBno\fP]\fBaaonly\fP,
\fB+\fP[\fBno\fP]\fBcmd\fP,
\fB+\fP[\fBno\fP]\fBidentify\fP,
\fB+\fP[\fBno\fP]\fBcomments\fP,
\fB+\fP[\fBno\fP]\fBrrcomments\fP,
\fB+\fP[\fBno\fP]\fBonesoa\fP,
\fB+\fP[\fBno\fP]\fBbesteffort\fP,
\fB+\fP[\fBno\fP]\fBsigchase\fP,
\fB+\fP[\fBno\fP]\fBtopdown\fP,
\fB+\fP[\fBno\fP]\fBnssearch\fP, and
\fB+\fP[\fBno\fP]\fBtrace\fP\&.
.sp
Per\-user file configuration via \fB~/.digrc\fP\&.
.UNINDENT
.UNINDENT
.SH EXAMPLES
.INDENT 0.0
.IP 1. 3
Get A records for example.com:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ kdig example.com A
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 2. 3
Perform AXFR for zone example.com from the server 192.0.2.1:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ kdig example.com \-t AXFR @192.0.2.1
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 3. 3
Get A records for example.com from 192.0.2.1 and reverse lookup for address
2001:DB8::1 from 192.0.2.2. Both using the TCP protocol:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ kdig +tcp example.com \-t A @192.0.2.1 \-x 2001:DB8::1 @192.0.2.2
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.SH FILES
.sp
\fB/etc/resolv.conf\fP
.SH SEE ALSO
.sp
\fIkhost(1)\fP, \fIknsupdate(1)\fP\&.
.SH AUTHOR
CZ.NIC Labs <http://www.knot-dns.cz>
.SH COPYRIGHT
Copyright 2010-2015, CZ.NIC, z.s.p.o.
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
.TH "KEYMGR" "8" "@RELEASE_DATE@" "@VERSION@" "Knot DNS"
.SH NAME
keymgr \- DNSSEC key management utility
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBkeymgr\fP [\fIglobal\-options\fP] [\fIcommand\fP\&...] [\fIarguments\fP\&...]
.sp
\fBkeymgr\fP [\fIglobal\-options\fP] [\fIcommand\fP\&...] \fBhelp\fP
.SH DESCRIPTION
.sp
The \fBkeymgr\fP utility serves for DNSSEC keys and KASP (Key And
Signature Policy) management in Knot DNS server. The configuration is stored
in a so called KASP database. The database is simply a directory on the
file\-system containing files in the JSON format.
.sp
The operations are organized into commands and subcommands. The command
specifies the operation to be performed with the KASP database. It is usually
followed by named arguments. A special command \fBhelp\fP can be used to list
available subcommands at that position. Listing of available command arguments
is not supported yet.
.sp
The command and argument names are parsed in a smart way. Only a beginning
of the name can be specified and will be recognized. The specified part must
be unique amongst the other names.
.SS Global options
.INDENT 0.0
.TP
\fB\-\-dir\fP \fIpath\fP
The location of the KASP database to work with. Defaults to current working
directory.
.UNINDENT
.SS Main commands
.INDENT 0.0
.TP
\fBinit\fP
Initialize new KASP database.
.TP
\fBzone\fP ...
Operations with zones in the database. A zone holds assigned signing
configuration and signing metadata.
.TP
\fBpolicy\fP ...
Operations with KASP policies. The policy holds parameters that define the
way how a zone is signed.
.TP
\fBkeystore\fP ...
Operations with private key store content. The private key store holds
private key material separately from zone metadata.
.UNINDENT
.SS zone commands
.INDENT 0.0
.TP
\fBzone\fP \fBadd\fP \fIzone\-name\fP [\fBpolicy\fP \fIpolicy\-name\fP|\fBnone\fP]
Add a zone into the database. The policy defaults to \fBnone\fP, meaning that
no automatic key management is to be performed.
.TP
\fBzone\fP \fBlist\fP [\fIpattern\fP]
List zones in the database matching the \fIpattern\fP as a substring.
.TP
\fBzone\fP \fBremove\fP \fIzone\-name\fP [\fBforce\fP]
Remove a zone from the database. If some keys are currently active, the
\fBforce\fP argument must be specified.
.TP
\fBzone\fP \fBset\fP \fIzone\-name\fP [\fBpolicy\fP \fIpolicy\-name\fP|\fBnone\fP]
Change zone configuration. At the moment, only a policy can be changed.
.TP
\fBzone\fP \fBshow\fP \fIzone\-name\fP
Show zone details.
.TP
\fBzone\fP \fBkey\fP \fBlist\fP \fIzone\-name\fP
List key IDs and tags of zone keys.
.TP
\fBzone\fP \fBkey\fP \fBshow\fP \fIzone\-name\fP \fIkey\fP
Show zone key details. The \fIkey\fP can be a key tag or a key ID prefix.
.TP
\fBzone\fP \fBkey\fP \fBgenerate\fP \fIzone\-name\fP [\fIkey\-parameter\fP\&...]
Generate a new key for a zone.
.TP
\fBzone\fP \fBkey\fP \fBimport\fP \fIzone\-name\fP \fIkey\-file\fP
Import an existing key in the legacy format. The \fIkey\-file\fP suffix
\fB\&.private\fP or \fB\&.key\fP is not required. A public key without
a matching private key cannot be imported.
.TP
\fBzone\fP \fBkey\fP \fBset\fP \fIzone\-name\fP \fIkey\fP [\fIkey\-parameter\fP\&...]
Change a key parameter. Only key timing parameters can be changed.
.UNINDENT
.sp
Available \fIkey\-parameter\fPs:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
\fBalgorithm\fP \fIid\fP
Algorithm number or IANA mnemonic.
.TP
\fBsize\fP \fIbits\fP
Size of the key in bits.
.TP
\fBksk\fP
Set the DNSKEY SEP (Secure Entry Point) flag.
.TP
\fBpublish\fP \fItime\fP
The time the key is publish as a DNSKEY record.
.TP
\fBactive\fP \fItime\fP
The time the key is started to be used for signing.
.TP
\fBretire\fP \fItime\fP
The time the key is stopped to be used for signing.
.TP
\fBremove\fP \fItime\fP
The time the key\(aqs DNSKEY is removed from the zone.
.UNINDENT
.UNINDENT
.UNINDENT
.sp
The \fItime\fP accepts YYYYMMDDHHMMSS format, unix timestamp, or offset from the
current time. For the offset, add \fB+\fP or \fB\-\fP prefix and optionally a
suffix \fBmi\fP, \fBh\fP, \fBd\fP, \fBw\fP, \fBmo\fP, or \fBy\fP\&. If no suffix is specified,
the offset is in seconds.
.SS policy commands
.INDENT 0.0
.TP
\fBpolicy\fP \fBlist\fP
List policies in the database.
.TP
\fBpolicy\fP \fBshow\fP \fIpolicy\-name\fP
Show policy details.
.TP
\fBpolicy\fP \fBadd\fP \fIpolicy\-name\fP [\fIpolicy\-parameter\fP\&...]
Add a new policy into the database.
.TP
\fBpolicy\fP \fBset\fP \fIpolicy\-name\fP [\fIpolicy\-parameter\fP\&...]
Change policy configuration.
.TP
\fBpolicy\fP \fBremove\fP \fIpolicy\-name\fP
Remove a policy from the database.
\fBNote\fP, the utility does not check if the policy is used.
.UNINDENT
.sp
Available \fIpolicy\-parameter\fPs:
.INDENT 0.0
.INDENT 3.5
.INDENT 0.0
.TP
\fBalgorithm\fP \fIid\fP
DNSKEY algorithm number or IANA mnemonic.
.TP
\fBdnskey\-ttl\fP \fIseconds\fP
TTL value for DNSKEY records.
\fBNote\fP, the value is temporarily overridden by the SOA TTL.
.TP
\fBksk\-size\fP \fIbits\fP
Set size of the KSK in bits.
.TP
\fBzsk\-size\fP \fIbits\fP
Set size of the ZSK in bits.
.TP
\fBzsk\-lifetime\fP \fIseconds\fP
Interval after which the ZSK rollover will be initiated.
.TP
\fBrrsig\-lifetime\fP \fIseconds\fP
Lifetime of issued RRSIGs.
.TP
\fBrrsig\-refresh\fP \fIseconds\fP
How long before RRSIG expiration it will be refreshed.
.TP
\fBnsec3\fP \fIenable\fP
Specifies if NSEC3 will be used instead of NSEC.
\fBNote\fP, currently unused (the setting is derived from NSEC3PARAM presence
in the zone).
.TP
\fBsoa\-min\-ttl\fP \fIseconds\fP
SOA Minimum TTL field.
\fBNote\fP, Knot DNS overwrites the value with the real used value.
.TP
\fBzone\-max\-ttl\fP \fIseconds\fP
Max TTL in the zone.
\fBNote\fP, Knot DNS will determine the value automatically in the future.
.TP
\fBdelay\fP \fIsecones\fP
Zone signing and data propagation delay. The value is added for safety to
timing of all rollover steps.
.UNINDENT
.UNINDENT
.UNINDENT
.SS keystore commands
.sp
The key store functionality is limited at the moment. Only one instance of
file\-based key store is supported. This command is subject to change.
.INDENT 0.0
.TP
\fBkeystore\fP \fBlist\fP
List private keys in the key store.
.UNINDENT
.SH EXAMPLES
.INDENT 0.0
.IP 1. 3
Initialize new KASP database, add a policy named \fIdefault\fP with default
parameters, and add a zone \fIexample.com\fP\&. The zone will use the created
policy:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr init
$ keymgr policy add default
$ keymgr zone add example.com policy default
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 2. 3
List zones containing \fI\&.com\fP substring:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr zone list .com
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 3. 3
Add a testing policy \fIlab\fP with rapid key rollovers. Apply the policy to an
existing zone:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr policy add lab rrsig\-lifetime 300 rrsig\-refresh 150 zsk\-lifetime 600 delay 10
$ keymgr zone set example.com policy lab
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 4. 3
Add an existing and already secured zone. Let the keys be managed by the
KASP. Make sure to import all used keys. Also the used algorithm must match
with the one configured in the policy:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr zone add example.com policy default
$ keymgr zone key import example.com Kexample.com+010+12345.private
$ keymgr zone key import example.com Kexample.com+010+67890.private
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 5. 3
Disable automatic key management for a secured zone:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr zone set example.com policy none
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 6. 3
Add a zone to be signed with manual key maintenance. Generate one ECDSA
signing key. The Single\-Type Signing scheme will be used:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr zone add example.com policy none
$ keymgr zone key gen example.com algo 13 size 256
.ft P
.fi
.UNINDENT
.UNINDENT
.IP 7. 3
Add a zone to be signed with manual key maintenance. Generate two
RSA\-SHA\-256 signing keys. The first key will be used as a KSK, the second
one as a ZSK:
.INDENT 3.0
.INDENT 3.5
.sp
.nf
.ft C
$ keymgr zone add example.com policy none
$ keymgr zone key generate example.com algorithm rsasha256 size 2048 ksk
$ keymgr zone key generate example.com algorithm rsasha256 size 1024
.ft P
.fi
.UNINDENT
.UNINDENT
.UNINDENT
.SH SEE ALSO
.sp
\fI\%RFC 6781\fP \- DNSSEC Operational Practices.
.sp
\fIknot.conf(5)\fP,
\fIknotc(8)\fP,
\fIknotd(8)\fP\&.
.SH AUTHOR
CZ.NIC Labs <http://www.knot-dns.cz>
.SH COPYRIGHT
Copyright 2010-2015, CZ.NIC, z.s.p.o.
.\" Generated by docutils manpage writer.
.
.\" Man page generated from reStructuredText.
.
.TH "KHOST" "1" "@RELEASE_DATE@" "@VERSION@" "Knot DNS"
.SH NAME
khost \- Simple DNS lookup utility
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBkhost\fP [\fIoptions\fP] \fIname\fP [\fIserver\fP]
.SH DESCRIPTION
.sp
This utility sends a DNS query for the \fIname\fP to the \fIserver\fP and prints a reply
in more user\-readable form. For more advanced DNS queries use \fBkdig\fP
instead.
.SS Parameters
.INDENT 0.0
.TP
\fIname\fP
Is a domain name that is to be looked up. If the \fIname\fP is IPv4 or IPv6
address the PTR query type is used.
.TP
\fIserver\fP
Is a name or an address of the nameserver to send a query to. The address
can be specified using [address]:port notation. If no server is specified
the servers from \fB/etc/resolv.conf\fP are used.
.UNINDENT
.sp
If no arguments are provided, \fBkhost\fP prints short help.
.SS Options
.INDENT 0.0
.TP
\fB\-4\fP
Use IPv4 protocol only.