9.8.4

parent 90197276
--- 9.8.3-P1 released ---
--- 9.8.4 released ---
3383. [security] A certain combination of records in the RBT could
cause named to hang while populating the additional
section of a response. [RT #31090]
3373. [bug] win32: open raw files in binary mode. [RT #30944]
3364. [security] Named could die on specially crafted record.
[RT #30416]
--- 9.8.4rc1 released ---
3369. [bug] nsupdate terminated unexpectedly in interactive mode
if built with readline support. [RT #29550]
3368. [bug] <dns/iptable.h> and <dns/zone.h> were not C++ safe.
3367. [bug] dns_dnsseckey_create() result was not being checked.
[RT #30685]
3366. [bug] Fixed Read-After-Write dependency violation for IA64
atomic operations. [RT #25181]
3365. [bug] Removed spurious newlines from log messages in
zone.c [RT #30675]
3363. [bug] Need to allow "forward" and "fowarders" options
in static-stub zones; this had been overlooked.
[RT #30482]
3362. [bug] Setting some option values to 0 in named.conf
could trigger an assertion failure on startup.
[RT #27730]
3360. [bug] 'host -w' could die. [RT #18723]
3359. [bug] An improperly-formed TSIG secret could cause a
memory leak. [RT #30607]
3357. [port] Add support for libxml2-2.8.x [RT #30440]
3356. [bug] Cap the TTL of signed RRsets when RRSIGs are
approaching their expiry, so they don't remain
in caches after expiry. [RT #26429]
--- 9.8.4b1 released ---
3354. [func] Improve OpenSSL error logging. [RT #29932]
3353. [bug] Use a single task for task exclusive operations.
[RT #29872]
3352. [bug] Ensure that learned server attributes timeout of the
adb cache. [RT #29856]
3351. [bug] isc_mem_put and isc_mem_putanddetach didn't report
caller if either ISC_MEM_DEBUGSIZE or ISC_MEM_DEBUGCTX
memory debugging flags are set. [RT #30243]
3350. [bug] Memory read overrun in isc___mem_reallocate if
ISC_MEM_DEBUGCTX memory debugging flag is set.
[RT #30240]
3348. [bug] Prevent RRSIG data from being cached if a negative
record matching the covering type exists at a higher
trust level. Such data already can't be retrieved from
the cache since change 3218 -- this prevents it
being inserted into the cache as well. [RT #26809]
3347. [bug] dnssec-settime: Issue a warning when writing a new
private key file would cause a change in the
permissions of the existing file. [RT #27724]
3346. [security] Bad-cache data could be used before it was
initialized, causing an assert. [RT #30025]
3342. [bug] Change #3314 broke saving of stub zones to disk
resulting in excessive cpu usage in some cases.
[RT #29952]
3337. [bug] Change #3294 broke support for the multiple keys
in controls. [RT #29694]
3335. [func] nslookup: return a nonzero exit code when unable
to get an answer. [RT #29492]
3333. [bug] Setting resolver-query-timeout too low can cause
named to not recover if it loses connectivity.
[RT #29623]
3332. [bug] Re-use cached DS rrsets if possible. [RT #29446]
3331. [security] dns_rdataslab_fromrdataset could produce bad
rdataslabs. [RT #29644]
3330. [func] Fix missing signatures on NOERROR results despite
RPZ rewriting. Also
- add optional "recursive-only yes|no" to the
response-policy statement
- add optional "max-policy-ttl" to the response-policy
statement to limit the false data that
"recursive-only no" can introduce into
resolvers' caches
- add a RPZ performance test to bin/tests/system/rpz
when queryperf is available.
- the encoding of PASSTHRU action to "rpz-passthru".
(The old encoding is still accepted.)
[RT #26172]
3329. [bug] Handle RRSIG signer-name case consistently: We
generate RRSIG records with the signer-name in
lower case. We accept them with any case, but if
they fail to validate, we try again in lower case.
[RT #27451]
3328. [bug] Fixed inconsistent data checking in dst_parse.c.
[RT #29401]
3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
--- 9.8.3 released ---
3318. [tuning] Reduce the amount of work performed while holding a
......
# Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......
......@@ -51,6 +51,11 @@ BIND 9
For up-to-date release notes and errata, see
http://www.isc.org/software/bind9/releasenotes
BIND 9.8.4
BIND 9.8.4 includes several bug fixes and patches security
flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
BIND 9.8.3
BIND 9.8.3 is a maintenance release.
......
/*
* Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004, 2005, 2007, 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
/* Define if OpenSSL includes ECDSA support */
#undef HAVE_OPENSSL_ECDSA
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
......
# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......
# Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2003 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......
......@@ -639,6 +639,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
{
isc_result_t result;
FILE *output = stdout;
const char *flags;
flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
if (debug) {
if (filename != NULL && strcmp(filename, "-") != 0)
......@@ -649,7 +652,7 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
}
if (filename != NULL && strcmp(filename, "-") != 0) {
result = isc_stdio_open(filename, "w+", &output);
result = isc_stdio_open(filename, flags, &output);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not open output "
......
# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
......
# Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
......
# Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2005, 2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......
/*
* Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
......@@ -57,6 +57,7 @@ static isc_boolean_t in_use = ISC_FALSE;
static char defclass[MXRD] = "IN";
static char deftype[MXRD] = "A";
static isc_event_t *global_event = NULL;
static int query_error = 1, print_error = 0;
static char domainopt[DNS_NAME_MAXTEXT];
......@@ -406,6 +407,9 @@ isc_result_t
printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
char servtext[ISC_SOCKADDR_FORMATSIZE];
/* I've we've gotten this far, we've reached a server. */
query_error = 0;
debug("printmessage()");
isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
......@@ -433,6 +437,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
(msg->rcode != dns_rcode_nxdomain) ? nametext :
query->lookup->textname, rcode_totext(msg->rcode));
debug("returning with rcode == 0");
/* the lookup failed */
print_error |= 1;
return (ISC_R_SUCCESS);
}
......@@ -887,5 +894,5 @@ main(int argc, char **argv) {
destroy_libs();
isc_app_finish();
return (0);
return (query_error | print_error);
}
# Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
......
.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
......@@ -55,7 +55,7 @@ Use SHA\-256 as the digest algorithm.
.RS 4
Select the digest algorithm. The value of
\fBalgorithm\fR
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
.RE
.PP
\-K \fIdirectory\fR
......@@ -139,5 +139,5 @@ RFC 4509.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
.br
/*
* Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -296,7 +296,7 @@ usage(void) {
fprintf(stderr, " -K <directory>: directory in which to find "
"key file or keyset file\n");
fprintf(stderr, " -a algorithm: digest algorithm "
"(SHA-1, SHA-256 or GOST)\n");
"(SHA-1, SHA-256, GOST or SHA-384)\n");
fprintf(stderr, " -1: use SHA-1\n");
fprintf(stderr, " -2: use SHA-256\n");
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
......@@ -415,6 +415,9 @@ main(int argc, char **argv) {
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}
......
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -39,6 +39,7 @@
<year>2008</year>
<year>2009</year>
<year>2010</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......@@ -107,7 +108,8 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or GOST. These values are case insensitive.
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</para>
</listitem>
</varlistentry>
......
<!--
- Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -32,14 +32,14 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543465"></a><h2>DESCRIPTION</h2>
<a name="id2543468"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-dsfromkey</strong></span>
outputs the Delegation Signer (DS) resource record (RR), as defined in
RFC 3658 and RFC 4509, for the given key(s).
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543477"></a><h2>OPTIONS</h2>
<a name="id2543480"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-1</span></dt>
<dd><p>
......@@ -54,7 +54,8 @@
<dd><p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or GOST. These values are case insensitive.
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
......@@ -100,7 +101,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543664"></a><h2>EXAMPLE</h2>
<a name="id2543667"></a><h2>EXAMPLE</h2>
<p>
To build the SHA-256 DS RR from the
<strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
......@@ -115,7 +116,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543693"></a><h2>FILES</h2>
<a name="id2543697"></a><h2>FILES</h2>
<p>
The keyfile can be designed by the key identification
<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
......@@ -129,13 +130,13 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543729"></a><h2>CAVEAT</h2>
<a name="id2543732"></a><h2>CAVEAT</h2>
<p>
A keyfile error can give a "file not found" even if the file exists.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543738"></a><h2>SEE ALSO</h2>
<a name="id2543741"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
......@@ -145,7 +146,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543778"></a><h2>AUTHOR</h2>
<a name="id2543781"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
......@@ -47,7 +47,7 @@ of the key is specified on the command line. This must match the name of the zon
.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
......@@ -215,5 +215,5 @@ RFC 4034.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC")
.br
/*
* Copyright (C) 2007-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2007-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -55,7 +55,8 @@ int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
" NSEC3DSA | NSEC3RSASHA1 |"
" RSASHA256 | RSASHA512 | ECCGOST";
" RSASHA256 | RSASHA512 | ECCGOST |"
" ECDSAP256SHA256 | ECDSAP384SHA384";
ISC_PLATFORM_NORETURN_PRE static void
usage(void) ISC_PLATFORM_NORETURN_POST;
......@@ -369,7 +370,8 @@ main(int argc, char **argv) {
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
alg != DST_ALG_ECCGOST) {
alg != DST_ALG_ECCGOST &&
alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}
......
......@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -40,6 +40,7 @@
<year>2009</year>
<year>2010</year>
<year>2011</year>
<year>2012</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
......@@ -94,7 +95,8 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</para>
<para>
......
<!--
- Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
......@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543495"></a><h2>DESCRIPTION</h2>
<a name="id2543498"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
gets keys with the given label from a crypto hardware and builds
key files for DNSSEC (Secure DNS), as defined in RFC 2535
......@@ -44,14 +44,15 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543513"></a><h2>OPTIONS</h2>
<a name="id2543516"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</p>
<p>
......@@ -163,7 +164,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543877"></a><h2>TIMING OPTIONS</h2>
<a name="id2543880"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
......@@ -210,7 +211,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544043"></a><h2>GENERATED KEY FILES</h2>
<a name="id2544046"></a><h2>GENERATED KEY FILES</h2>
<p>
When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
successfully,
......@@ -249,7 +250,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544116"></a><h2>SEE ALSO</h2>
<a name="id2544119"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,