summaryrefslogtreecommitdiffstats
path: root/doc/man_knsupdate.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man_knsupdate.rst')
-rw-r--r--doc/man_knsupdate.rst74
1 files changed, 54 insertions, 20 deletions
diff --git a/doc/man_knsupdate.rst b/doc/man_knsupdate.rst
index 40a419b..e2d71f9 100644
--- a/doc/man_knsupdate.rst
+++ b/doc/man_knsupdate.rst
@@ -6,7 +6,9 @@
Synopsis
--------
-:program:`knsupdate` [*options*] [*filename*]
+:program:`knsupdate` [**-v**] [*options*] [*filename*]
+
+:program:`knsupdate` [**-q**] [*quic_options*] [*options*] [*filename*]
Description
-----------
@@ -28,39 +30,71 @@ Parameters
Options
.......
-**-d**
- Enable debug messages.
+**-T**, **--tcp**
+ Use a TCP connection. (**-v** can be used for compatibility with nsupdate).
-**-h**, **--help**
- Print the program help.
+**-S**, **--tls**
+ Use a TLS connection.
-**-k** *keyfile*
- Use the TSIG key stored in a file *keyfile* to authenticate the request. The
- file should contain the key in the same format, which is accepted by the
- **-y** option.
+**-Q**, **--quic**
+ Use a QUIC connection.
-**-p** *port*
+**-p**, **--port** *number*
Set the port to use for connections to the server (if not explicitly specified
- in the update). The default is 53.
+ in the update). The default is 53 for UDP/TCP or 853 for QUIC.
-**-r** *retries*
+**-r**, **--retry** *count*
The number of retries for UDP requests. The default is 3.
-**-t** *timeout*
+**-t**, **--timeout** *seconds*
The total timeout (for all UDP update tries) of the update request in seconds.
The default is 12. If set to zero, the timeout is infinite.
-**-v**
- Use a TCP connection.
-
-**-V**, **--version**
- Print the program version.
-
-**-y** [*alg*:]\ *name*:*key*
+**-y**, **--tsig** [*alg*:]\ *name*:*key*
Use the TSIG key with a name *name* to authenticate the request. The *alg*
part specifies the algorithm (the default is hmac-sha256) and *key* specifies
the shared secret encoded in Base64.
+**-k**, **--tsigfile** *path*
+ Use the TSIG key stored in a file *keyfile* to authenticate the request. The
+ file should contain the key in the same format, which is accepted by the
+ **-y** option.
+
+**-d**, **--debug**
+ Enable debug messages.
+
+**-h**, **--help**
+ Print the program help.
+
+**-V**, **--version**
+ Print the program version. The option **-VV** makes the program
+ print the compile time configuration summary.
+
+QUIC/TLS options
+................
+
+**-H**, **--hostname** *string*
+ Enable remote server hostname validation.
+
+**-P**, **--pin** *base64*
+ Use Out-of-Band key-pinned privacy profile
+ (RFC 7858#section-4.2). The PIN must be a Base64 encoded SHA-256 hash of the
+ X.509 SubjectPublicKeyInfo. Can be specified multiple times.
+
+**-A**, **--ca** [*path*]
+ Enable certificate validation. Certification authority certificates
+ are loaded from the specified PEM file (default is system certificate storage
+ if no argument is provided). Can be specified multiple times.
+
+**-E**, **--certfile** *path*
+ Path to a client certificate file.
+
+**-K**, **--keyfile** *path*
+ Path to a client key file.
+
+**-s**, **--sni** *string*
+ Use specified Server Name Indication.
+
Commands
........