diff options
author | cvs2svn <cvs2svn@FreeBSD.org> | 2000-08-23 09:25:06 +0000 |
---|---|---|
committer | cvs2svn <cvs2svn@FreeBSD.org> | 2000-08-23 09:25:06 +0000 |
commit | a430f036b34119abd5873c7e095a9b58e4d1b8ef (patch) | |
tree | b0fc8df9e6b6f62dfe12388e6e94213ce3de3388 /contrib/bind/doc | |
parent | 4635a6924f0a91e409eeea611691bc1da72ca21f (diff) |
Notes
Diffstat (limited to 'contrib/bind/doc')
75 files changed, 0 insertions, 20148 deletions
diff --git a/contrib/bind/doc/bog/00macs.me b/contrib/bind/doc/bog/00macs.me deleted file mode 100644 index 8ce02a287a1f8..0000000000000 --- a/contrib/bind/doc/bog/00macs.me +++ /dev/null @@ -1,51 +0,0 @@ -.\" Copyright (c) 1986, 1988 Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that this notice is preserved and that due credit is given -.\" to the University of California at Berkeley. The name of the University -.\" may not be used to endorse or promote products derived from this -.\" software without specific prior written permission. This software -.\" is provided ``as is'' without express or implied warranty. -.\" -.\" @(#)00macs.me 6.3 (Berkeley) 2/28/88 -.\" -.\" usage: troff -me myfile -.nr EX 0 -.de BX -.sp -.ba +4 -.lp -.nr EX +1 -.b -.ta (\\n(.lu-\\n(.iu)R -EXAMPLE \\n(EX: \(*D -.r -.lp -.. -.de EX -.br -.ba -.b -.tl '''\(gr' -.r -.lp -.. -.if \nl .ls 2 -.if t .nr bi 5m -.nr si 3n -.de $0 \" create a table of contents magically. -.(x -.ti (\\$3u-1u)*2m -\\$2. \\$1 -.)x -.. -.de $1 -.sp -.. -.de BU -.ip "\ \(bu" \w'\ \(bu\ 'u -.. -.de SM -\s-1\\$1\s0\\$2 -.. diff --git a/contrib/bind/doc/bog/00title.me b/contrib/bind/doc/bog/00title.me deleted file mode 100644 index 5048969413193..0000000000000 --- a/contrib/bind/doc/bog/00title.me +++ /dev/null @@ -1,89 +0,0 @@ -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.+c -.(l C -.sz 14 -.b "Name Server Operations Guide" -.b "for \s-1BIND\s+1" -.sz -\fIRelease 4.9.3\fP -.eh 'SMM:10-%''Name Server Operations Guide for \s-1BIND\s+1' -.oh 'Name Server Operations Guide for \s-1BIND\s+1''\s-1SMM\s+1:10-%' -.sp -\fIReleases from 4.9\fP -Paul Vixie\** -.(f -\** This author was employed by Digital Equipment Corporation's -Network Systems Laboratory during the development and release of -\s-1BIND\s+1 4.9. Release 4.9.2 was sponsored by Vixie -Enterprises. Releases from 4.9.3 were sponsored by the Internet -Software Consortium. -.)f -<paul@vix.com> -.sp \n(psu -Internet Software Consortium -La Honda, CA -.sp 2 -\fIReleases through 4.8.3\fP -Kevin J. Dunlap\** -Michael J. Karels -.sp \n(psu -Computer Systems Research Group -Computer Science Division -Department of Electrical Engineering and Computer Sciences -University of California -Berkeley, CA 94720 -.)l -.sp 2 -.(f -\** This author was an employee of Digital Equipment Corporation's -\s-1ULTRIX\s+1 Engineering Advanced Development Group and was on loan to -CSRG when this work was done. \s-1ULTRIX\s+1 is a trademark of Digital -Equipment Corporation. -.)f diff --git a/contrib/bind/doc/bog/Makefile b/contrib/bind/doc/bog/Makefile deleted file mode 100644 index 09e1908ea6b62..0000000000000 --- a/contrib/bind/doc/bog/Makefile +++ /dev/null @@ -1,89 +0,0 @@ -# ++Copyright++ 1986, 1988 -# - -# Copyright (c) 1986, 1988 -# The Regents of the University of California. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. All advertising materials mentioning features or use of this software -# must display the following acknowledgement: -# This product includes software developed by the University of -# California, Berkeley and its contributors. -# 4. Neither the name of the University nor the names of its contributors -# may be used to endorse or promote products derived from this software -# without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# - -# Portions Copyright (c) 1993 by Digital Equipment Corporation. -# -# Permission to use, copy, modify, and distribute this software for any -# purpose with or without fee is hereby granted, provided that the above -# copyright notice and this permission notice appear in all copies, and that -# the name of Digital Equipment Corporation not be used in advertising or -# publicity pertaining to distribution of the document or software without -# specific, written prior permission. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -# WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -# CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -# SOFTWARE. -# - -# --Copyright-- -# -# @(#)Makefile 6.3 (Berkeley) 2/28/88 -# -FILES= 00macs.me 00title.me intro.me ns.me types.me\ - files.me named.boot.primary\ - named.boot.secondary named.boot.cache resolv.conf\ - root.cache named.local ucbhosts.rev ucbhosts \ - setup.me manage.me build.me ack.me -ME= -me -NROFF= nroff -rb3 -PRINTER= -Pdp -TBL= dtbl $(PRINTER) -TROFF= ditroff $(PRINTER) -GROFF= groff -Tps -t $(ME) - -all: file.lst - -file.lst: $(FILES) - tbl $(FILES)| $(NROFF) $(ME) $(FLAGS) > file.lst - -file.psf: $(FILES) - $(GROFF) $(FILES) > file.psf - -troff: $(FILES) - $(TBL) $(FILES)| $(TROFF) $(ME) $(FLAGS) - -cat: $(FILES) - @cat $(FILES) - -clean: - rm -f *.psf *.lst *.BAK *.CKP *~ *.orig - -spell: $(FILES) - @for i in $(FILES); do \ - echo $$i; \ - spell $$i | sort | comm -23 - spell.ok > $$i.spell; \ - done diff --git a/contrib/bind/doc/bog/ack.me b/contrib/bind/doc/bog/ack.me deleted file mode 100644 index c9d7d858061f6..0000000000000 --- a/contrib/bind/doc/bog/ack.me +++ /dev/null @@ -1,283 +0,0 @@ -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.\" @(#)ack.me -.\" -.sx 0 -.bp -.ce -.b "ACKNOWLEDGEMENTS \(em 4.9.3" -.pp -The \fI<bind-workers@vix.com>\fP mailing list was once again of great help; -this release would not be nearly as ready for prime time if not for their -efforts. Special commendations are owed to Robert Elz, Don "Truck" Lewis, -Bob Halley, Mark Andrews, Berthold Paffrath, Ruediger Volk, and Peter Koch. -.pp -Digital Equipment Corporation, Hewlett Packard, Silicon Graphics, and SunSoft -all made hardware available for integration testing; this made the release -far more solid than it would otherwise have been. More hardware loans are -welcome \(em if you are a system vendor and you would like \s-2BIND\s+2 to -run ``out of the box'' on your platform and are willing to lend some rusty -old hardware for the purpose, please contact me (\fI<paul@vix.org>\fP) to -make the arrangements. -.pp -Special thanks to the Internet Software Consortium for funding this work. -Contact \fI<isc-info@isc.org>\fP if your organization would like to -participate in funding future releases of \s-2BIND\s+2 and other freely -redistributable software packages that are in wide use on the Internet. -.sp 2 -.ce -.b "ACKNOWLEDGEMENTS \(em through 4.9" -.pp -The alpha-test group was extremely helpful in furnishing improvements, -finding and repairing bugs, and being patient. I would like to express -special thanks to Brian Reid of Digital Equipment corporation for funding -this work. Robert Elz, Alan Barrett, Paul Albitz, Bryan Beecher, Andrew -Partan, Andy Cherenson, Tom Limoncelli, Berthold Paffrath, Fuat Baran, Anant -Kumar, Art Harkin, Win Treese, Don Lewis, Christophe Wolfhugel, and a cast -of dozens all helped out above and beyond the call of duty. Special thanks -to Phil Almquist, who got the project started and contributed a lot of the -code and fixed several of the worst bugs. -.sp 2 -.ce -.b "ACKNOWLEDGEMENTS \(em through 4.8.3" -.pp -Many thanks to the users at U. C. Berkeley for falling into many of the holes -involved with integrating BIND into the system so that others would be -spared the trauma. I would also like to extend gratitude to Jim McGinness -and Digital Equipment Corporation for permitting me to spend most of my time -on this project. -.pp -Ralph Campbell, Doug Kingston, Craig Partridge, Smoot Carl-Mitchell, Mike -Muuss and everyone else on the DARPA Internet who has contributed to the -development of BIND. To the members of the original BIND project, Douglas -Terry, Mark Painter, David Riggle and Songnian Zhou. -.pp -Anne Hughes, Jim Bloom and Kirk McKusick and the many others who have -reviewed this paper giving considerable advice. -.pp -This work was sponsored by the Defense Advanced Research Projects Agency -(DoD), Arpa Order No. 4871 monitored by the Naval Electronics Systems -Command under contract No. N00039-84-C-0089. The views and conclusions -contained in this document are those of the authors and should not be -interpreted as representing official policies, either expressed or implied, -of the Defense Research Projects Agency, of the US Government, or of Digital -Equipment Corporation. -.bp -.ba 0 -.in 0 -.sp 2 -.ce -.b REFERENCES -.sp -.nr ii 1i -.ip [Birrell] -Birrell, A. D., -Levin, R., -Needham, R. M., -and Schroeder, M.D., -.q "Grapevine: An Exercise in Distributed Computing." -In -.ul -Comm. A.C.M. 25, -4:260-274 -April 1982. -.ip [RFC819] -Su, Z. -Postel, J., -.q "The Domain Naming Convention for Internet User Applications." -.ul -Internet Request For Comment 819 -Network Information Center, -SRI International, -Menlo Park, California. -August 1982. -.ip [RFC974] -Partridge, C., -.q "Mail Routing and The Domain System." -.ul -Internet Request For Comment 974 -Network Information Center, -SRI International, -Menlo Park, California. -February 1986. -.ip [RFC1032] -Stahl, M., -.q "Domain Administrators Guide" -.ul -Internet Request For Comment 1032 -Network Information Center, -SRI International, -Menlo Park, California. -November 1987. -.ip [RFC1033] -Lottor, M., -.q "Domain Administrators Guide" -.ul -Internet Request For Comment 1033 -Network Information Center, -SRI International, -Menlo Park, California. -November 1987. -.ip [RFC1034] -Mockapetris, P., -.q "Domain Names - Concept and Facilities." -.ul -Internet Request For Comment 1034 -Network Information Center, -SRI International, -Menlo Park, California. -November 1987. -.ip [RFC1035] -Mockapetris, P., -.q "Domain Names - Implementation and Specification." -.ul -Internet Request For Comment 1035 -Network Information Center, -SRI International, -Menlo Park, California. -November 1987. -.ip [RFC1101] -Mockapetris, P., -.q "DNS Encoding of Network Names and Other Types." -.ul -Internet Request For Comment 1101 -Network Information Center, -SRI International, -Menlo Park, California. -April 1989. -.ip [RFC1123] -R. Braden, Editor, -.q "Requirements for Internet Hosts -- Application and Support" -.ul -Internet Request For Comment 1123 -Network Information Center, -SRI International, -Menlo Park, California. -October 1989. -.ip [RFC1183] -Everhart, C., -Mamakos, L., -Ullmann, R., -and -Mockapetris, P., -.q "New DNS RR Definitions" -.ul -Internet Request For Comment 1183 -Network Information Center, -SRI International, -Menlo Park, California. -October 1990. -.ip [RFC1327] -Hardcastle-Kille, S., -.q "Mapping between X.400(1988) / ISO 10021 and RFC 822" -.ul -Internet Request For Comment 1327 -Network Information Center, -SRI International, -Menlo Park, California. -May 1992. -.ip [RFC1664] -Allocchio, C., -Bonito, A., -Cole, B., -Giordano, S., -Hagens, R., -.q "Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables" -.ul -Internet Request For Comment 1664 -Network Information Center, -SRI International, -Menlo Park, California. -August 1994. -.ip [RFC1713] -Romao, A., -.q "Tools for DNS debugging" -.ul -Internet Request For Comment 1713, also FYI27 -Network Information Center, -SRI International, -Menlo Park, California. -November 1994. -.ip [Terry] -Terry, D. B., -Painter, M., -Riggle, D. W., -and -Zhou, S., -.ul -The Berkeley Internet Name Domain Server. -Proceedings USENIX Summer Conference, -Salt Lake City, Utah. -June 1984, pages 23-31. -.ip [Zhou] -Zhou, S., -.ul -The Design and Implementation of the Berkeley Internet Name Domain (BIND) Servers. -UCB/CSD 84/177. -University of California, Berkeley, -Computer Science Division. -May 1984. -.ip [Mockapetris] -Mockapetris, P., -Dunlap, K, -.ul -Development of the Domain Name System -ACM Computer Communications Review 18, 4:123-133. -Proceedings ACM SIGCOMM '88 Symposium, -August 1988. -.ul -.ip [Liu] -Liu, C., -Albitz, P., -.ul -DNS and BIND -O'Reilly & Associates, Sebastopol, CA, -502 pages, ISBN 0-937175-82-X -1992 diff --git a/contrib/bind/doc/bog/build.me b/contrib/bind/doc/bog/build.me deleted file mode 100644 index d6dab9f6f34bf..0000000000000 --- a/contrib/bind/doc/bog/build.me +++ /dev/null @@ -1,102 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)build.me 6.3 (Berkeley) 9/19/89 -.\" -.sh 1 "Building a System with a Name Server" -.pp -BIND is composed of two parts. One is the user interface called the -\fIresolver\fP -which consists of a group of routines that reside in the C library -\fI/lib/libc.a\fP. -Second is the actual server called \fInamed\fP. -This is a daemon that runs in the background and services queries on a -given network port. The standard port for UDP and TCP is specified in -\fI/etc/services\fP. -.sh 2 "Resolver Routines in libc" -.pp -When building your 4.3BSD system you may either -build the C library to use the name server resolver routines -or use the host table lookup routines to do host name and address resolution. -The default resolver for 4.3BSD uses the name server. Newer BSD systems -include both name server and host table functionality with preference given -to the name server if there is one or if there is a \fI/etc/resolv.conf\fP -file. -.pp -Building the C library to use the name server changes the way -\fIgethostbyname\fP\|(3N), \fIgethostbyaddr\fP\|(3N), and -\fIsethostent\fP\|(3N) do their functions. The name server renders -\fIgethostent\fP\|(3N) obsolete, since it has no concept of a next line in -the database. These library calls are built with the resolver routines -needed to query the name server. -.pp -The \fIresolver\fP contains functions that build query -packets and exchange them with name servers. -.pp -Before building the 4.3BSD C library, set the variable \fIHOSTLOOKUP\fP -equal to \fInamed\fP in \fI/usr/src/lib/libc/Makefile\fP. You -then make and install the C library and compiler and then compile the rest -of the 4.3BSD system. For more information see section 6.6 of ``Installing -and Operating 4.3BSD on the VAX\(dd''. -.(f -\(ddVAX is a Trademark of Digital Equipment Corporation -.)f -.pp -If your operating system isn't VAX\(dd 4.3BSD, it is probably the case that -your vendor has included \fIresolver\fP support in the supplied C Library. -You should consult your vendor's documentation to find out what has to be -done to enable \fIresolver\fP support. Note that your vendor's \fIresolver\fP -may be out of date with respect to the one shipped with \s-1BIND\s+1, and that -you might want to build \s-1BIND\s+1's resolver library and install it, and -its include files, into your system's compile/link path so that your own -network applications will be able to use the newer features. diff --git a/contrib/bind/doc/bog/files.me b/contrib/bind/doc/bog/files.me deleted file mode 100644 index ae755ff2fd1ce..0000000000000 --- a/contrib/bind/doc/bog/files.me +++ /dev/null @@ -1,1150 +0,0 @@ -.\" ++Copyright++ 1986, 1988, 1995 -.\" - -.\" Copyright (c) 1986, 1988, 1995 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)files.me 6.8 (Berkeley) 9/19/89 -.\" -.sh 1 "Files -.pp -The name server uses several files to load its data base. -This section covers the files and their formats needed for \fInamed\fP. -.sh 2 "Boot File" -.pp -This is the file that is first read when \fInamed\fP starts up. -This tells the server what type of server it is, -which -zones it has authority over and where to get its initial data. -The default location for this file is \fI/etc\|/named.boot\fP\|. -However this can be changed -by setting the \fIBOOTFILE\fP variable when you compile \fInamed\fP -or by specifying -the location on the command line when \fInamed\fP is started up. -.sh 3 "Domain" -.pp -A default domain may be specified for the name server -using a line such as -.(b l -.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i -\fIdomain Berkeley\fP\fB\|.\|\fP\fIEdu\fP -.)b -.re -Older name servers use this information when they receive a query for a name -without a ``\fB.\fP'' that is not known. Newer designs assume that the -resolver library will append its own idea of a ``default domain'' to any -unqualified names. Though the name server can still be compiled with -support for the \fIdomain\fP directive in the boot file, the default is to -leave it out and we strenuously recommend against its use. If you use this -feature, clients outside your local domain which send you requests about -unqualified names will have the implicit qualification of your domain rather -than theirs. The proper place for this function is on the client, in their -\fB/etc/resolv.conf\fP (or equivalent) file. Use of the \fIdomain\fP -directive in your boot file is strongly discouraged. -.sh 3 "Directory" -.pp -The \fIdirectory\fP directive specifies the directory in which the name server -should run, allowing the other file names in the boot file to use relative path -names. There can be only one \fIdirectory\fP directive and it should be given -before any other directives that specify file names. -.(b l -.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i -\fIdirectory /var/named\fP -.)b -.re -If you have more than a couple of named files to be maintained, you may wish -to place the named files in a directory such as /var/named and adjust the -directory command properly. The main purposes of this command are to make -sure named is in the proper directory when trying to include files by -relative path names with $INCLUDE and to allow named to run in a location -that is reasonable to dump core if it feels the urge. -.sh 3 "Primary Service" -.pp -The line in the boot file that designates the server as a primary master server -for a zone looks as follows: -.(b l -.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i -\fIprimary Berkeley\fP\fB\|.\|\fP\fIEdu ucbhosts\fP -.)b -.re -The first field specifies that the server is a primary one for the zone -stated in the second field. -The third field is the name of the file from which the data is read. -.pp -The above assumes that the zone you are specifying is a class \fIIN\fP -zone. If you wish to designate a different class you can append -\fI/class\fP to the first field, where \fIclass\fP is either the -integer value or the standard mnemonic for the class. For example the line -for a primary server for a hesiod class zone looks as follows: -.(b l -.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +.5i +.5i -\fIprimary/HS Berkeley\fP\fB\|.\|\fP\fIEdu hesiod.data\fP -.)b -.re -Note that this support for specifying other than class \fIIN\fP zones is a -compile-time option which your vendor may not have enabled when they built -your operating system. -.sh 3 "Secondary Service" -.pp -The line for a secondary server is similar to the primary except -that it lists addresses of other servers (usually primary servers) -from which the zone data will be obtained. -.(b l -.ta 0.5i +\w`secondary `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i -\fIsecondary Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP -.)b -.re -The first field specifies that the server is a secondary server for -the zone stated in the second field. -The two network addresses specify the name servers which have data for the -zone. Note that at least one of these will be a \fIprimary\fP, and, unless -you are using some protocol other than \s-1IP/DNS\s+1 for your zone transfer -mechanism, the others will all be other \fIsecondary\fP servers. Having your -secondary server pull data from other secondary servers is usually unwise, -since you can add delay to the propagation of zone updates if your network's -connectivity varies in pathological but common ways. The intended use for -multiple addresses on a \fIsecondary\fP declaration is when the \fIprimary\fP -server has multiple network interfaces and therefore multiple host addresses. -The secondary server gets its data across the network from one of the listed -servers. The server addresses are tried in the order listed. -If a filename is present after the list of primary servers, data for the zone -will be dumped into that file as a backup. -When the server is first started, the data is loaded from the backup file -if possible, and a primary server is then consulted to check that the zone -is still up-to-date. Note that listing your server as a \fIsecondary\fP -server does not necessarily make it one \(em the parent zone must -\fIdelegate\fP authority to your server as well as the primary and the -other secondaries, or you will be transferring a zone over for no reason; -no other server will have a reason to query you for that zone unless the -parent zone lists you as a server for the zone. -.pp -As with primary you may specify a secondary server for a class other than -\fIIN\fP by appending \fI/class\fP to the \fIsecondary\fP keyword, e.g., -\fIsecondary/HS\fP. -.sh 3 "Stub Service" -.pp -The line for a stub server is similar to a secondary. -(This feature is experimental as of 4.9.3.) -.(b l -.ta 0.5i +\w`stub `u +\w`berkeley.edu `u +\w`128.32.0.10 `u +\w`128.32.0.10 `u +.5i +.5i -\fIstub Berkeley\fP\fB\|.\|\fP\fIEdu 128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP \fIucbhosts.bak\fP -.)b -.re -The first field specifies that the server is a stub server for the zone stated -in the second field. -.pp -Stub zones are intended to ensure that a primary for a zone always has the -correct \fINS\fP records for children of that zone. If the primary is not -a secondary for a child zone it should be configured with stub zones for -all its children. Stub zones provide a mechanism to allow \fINS\fP records -for a zone to be specified in only one place. -.(b l -.ta 0.5i +\w`primary `u +\w`dms.csiro.au `u +\w`130.155.98.1 `u +.5i +.5i -\fIprimary CSIRO\fP\fB\|.\|\fP\fIAU \fIcsiro.dat\fP -\fIstub dms.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI16\fP\fB.\fP\fI1 \fIdms.stub\fP -\fIstub dap.CSIRO\fP\fB\|.\|\fP\fIAU 130\fP\fB.\fP\fI155\fP\fB.\fP\fI98\fP\fB.\fP\fI1 \fIdap.stub\fP -.)b -.re -.sh 3 "Cache Initialization" -.pp -All servers, including ``caching only'' servers, should have a line as -follows in the boot file to prime the name servers cache: -.(b l -\fIcache \fP\fB.\fP\fI root\fP\fB.\fP\fIcache\fP -.)b -Do not put anything into your \fIcache\fP files other than root server -information. -.pp -All cache files listed will be read in at named boot time and any values -still valid will be reinstated in the cache. -The root name server -information in the cache files will be used until a root query is -actually answered by one of the name servers in the cache file, after -which that answer will be used instead of the cache file until the answer -times out. -.pp -As with \fIprimary\fP and \fIsecondary\fP, you may specify a secondary -server for a class other than \fIIN\fP by appending \fI/class\fP to the -\fIcache\fP keyword, e.g., \fIclass/HS\fP. -.sh 3 "Forwarders" -.pp -Any server can make use of \fIforwarders\fP. A \fIforwarder\fP is another -server capable of processing recursive queries that is willing to try -resolving queries on behalf of other systems. The \fIforwarders\fP -command specifies forwarders by internet address as follows: -.(b l -\fIforwarders \fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI10 \fP\fI128\fP\fB.\fP\fI32\fP\fB.\fP\fI0\fP\fB.\fP\fI4\fP -.)b -.re -There are two main reasons for wanting to do so. First, some systems may -not have full network access and may be prevented from sending any IP -packets into the rest of the Internet and therefore must rely on a forwarder -which does have access to the full net. The second reason is that the -forwarder sees a union of all queries as they pass through its server and -therefore it builds up a very rich cache of data compared to the cache in a -typical workstation name server. In effect, the \fIforwarder\fP becomes a -meta-cache that all hosts can benefit from, thereby reducing the total -number of queries from that site to the rest of the net. -.pp -The effect of ``forwarders'' is to prepend some fixed addresses to the list -of name servers to be tried for every query. Normally that list is made up -only of higher-authority servers discovered via \fINS\fP record lookups for -the relevant domain. If the forwarders do not answer, then unless the -\fIslave\fP directive was given, the appropriate servers for the domains -will be queried directly. - -.sh 3 "Slave Servers" -.pp -Slave mode is used if the use of forwarders is the only possible way -to resolve queries due to lack of full net access or if you wish to prevent -the name server from using other than the listed forwarders. -Slave mode is activated by placing the simple command -.(b l -\fIoptions forward-only\fP -.)b -in the bootfile. If this option is used, then you must specify forwarders. -When in slave mode, the server will forward each query to each of the -forwarders until an answer is found or the list of forwarders is exhausted. -The server will not try to contact any remote name server other than those -named in the \fIforwarders\fP list. -.pp -So while \fIforwarders\fP prepends addresses to the ``server list'' for each -query, \fIoptions forward-only\fP causes the ``server list'' to contain -\fIonly\fP those addresses listed in the \fIforwarders\fP declarations. -Careless use of the \fIoptions forward-only\fP directive can cause really -horrible forwarding loops, since -you could end up forwarding queries only to some set of hosts which are also -slaves, and one or several of them could be forwarding queries back to you. -.pp -Use of the \fIoptions forward-only\fP directive should be considered very -carefully. Note that this same behaviour can be achieved using the deprecated -directive, \fIslave\fP. - -.sh 3 "Nonrecursive Servers" -.pp -\s-1BIND\s+1's separation of authoritative (zone) and nonauthoritiative (cache) -data has always been somewhat weak, and pollution of the former via the latter -has been known to occur. One way to prevent this, as well as to save memory on -servers carrying a lot of authoritative data (e.g., root servers) is to make -such servers ``nonrecursive.'' This can be achieved via the directive -.(b l -\fIoptions no-recursion\fP -.)b -in the bootfile. A server with this option enabled will not attempt to fetch -data to help answer queries \(em if you ask it for data it does not have, it -will send you a referral to a more authoritative server or, if it is itself -authoritative for the zone of the query, it will send you an negative answer. -.pp -A nonrecursive server can be named in an \s-1NS\ RR\s+1 but it cannot be listed -in the \fIresolv.conf\fP file. - -.sh 3 "Query Logging" -.pp -If the file system containing your \fIsyslog\fP file has quite a bit of space, -you can consider using the -.(b l -\fIoptions query-log\fP -.)b -directive in your bootfile. This will cause your name server to log every -query it receives, which when combined with a Perl or \s-1AWK\s+1 script to -postprocess the logs, can be a useful management tool. - -.sh 3 "Inverse Query Pseudosupport" -.pp -\s-1BIND\s+1 by default does not support inverse queries, and this has been -known to cause problems for certain microcomputer operating systems and for -older versions of \s-1BIND\s+1's \fInslookup\fP tool. You may decide that -rather than answering with ``operation not implemented,'' \fInamed\fP should -detect the most common inverse queries and answer them with bogus information. -It is better to upgrade your clients to stop depending on inverse queries, but -if that is not possible, you should use the -.(b l -\fIoptions fake-iquery\fP -.)b -directive in your bootfile. \fINOTE:\fP the responses are in fact bogus, in -that they contain \s-1ISO\s+18859 square brackets (\fB[\fP and \fB]\fP), so -your clients will not be able to do anything useful with these responses. It -has been observed that no client ever did anything useful with real inverse -query responses, either. - -.sh 3 "Setting Name Server Limits" -.pp -Some name server operations can be quite resource intensive, and in order to -tune your system properly it is sometimes necessary to change \s-1BIND\s+1's -internal quotas. This is accomplished via -.(b l -\fIlimit <name> <value>\fP -.)b -directives in the bootfile. Limits, and their default values, are as follows: -.(b I -\fIlimit transfers-in 10\fP -.)b -This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is -willing to start. Higher numbers yield faster convergence to primary servers -if your secondary server has hundreds or thousands of zones to maintain, but -setting this number too high can cause thrashing due to starvation of resources -such as network bandwidth or swap space. \fINOTE:\fP this limit can also be -expressed via the deprecated directive \fImax-fetch NN\fP. -.(b I -\fIlimit transfers-per-ns 2\fP -.)b -This is the number of simultaneous \fInamed-xfer\fP processes \s-1BIND\s+1 is -willing to initiate \fIto any given name server\fP. In most cases, you should -not need to change it. If your secondary server is pulling hundreds or -thousands of zones from a single primary server, increasing -\fItransfers-per-ns\fP may speed convergence. It should be kept as -small as possible, to avoid causing thrashing and resource starvation -on the primary server. -.(b I -\fIlimit datasize <system-dependent>\fP -.)b -Most systems have a quota that limits the size of the so-called ``data -segment,'' which is where \s-1BIND\s+1 keeps all of its authority and cache -data. \s-1BIND\s+1 will behave suboptimally (perhaps even exiting) if it runs -up against this quota. If your system supports a system call to change this -quota for a given process, you can ask \s-1BIND\s+1 to use that system call -via the \fIlimit datasize NN\fP directive. The value given here may be scaled -by postfixing \fIk\fP for 1024X, \fIm\fP for (1024^2)X, and \fIg\fP for -(1024^3)X. In 1995, the root servers all use \fIlimit datasize 64m\fP. - -.sh 3 "Zone Transfer Restrictions" -.pp -It may be the case that your organization does not wish to give complete -lists of your hosts to anyone on the Internet who can reach your name servers. -While it is still possible for people to ``iterate'' through your address -range, looking for \fIPTR\fP records, and build a list of your hosts the -``slow'' way, it is still considered reasonable to restrict your export of -zones via the zone transfer protocol. To limit the list of neighbors who -can transfer zones from your server, use the \fIxfrnets\fP directive. -.pp -This directive has the same syntax as \fIforwarders\fP except that you can -list network numbers in addition to host addresses. For example, you could -add the directive -.(b l -\fIxfrnets 16.0.0.0\fP -.)b -.re -if you wanted to permit only hosts on Class A network number 16 to transfer -zones from your server. This is not nearly granular enough, and a future -version of \s-1BIND\s+1 will permit such access-control to be specified on a -per-host basis rather than the current per-net basis. Note that while -addresses without explicit masks are assumed by this directive to be networks, -you can specify a mask which is as granular as you wish, perhaps including -all bits of the address such that only a single host is given transfer -permission. For example, consider -.(b l -\fIxfrnets 16.1.0.2&255.255.255.255\fP -.)b -which would permit only host \fI16.1.0.2\fP to transfer zones from you. Note -that no spaces are allowed surrounding the ``\fI&\fP'' character that -introduces a netmask. -.pp -The \fIxfrnets\fP directive may also be given as \fItcplist\fP for -compatibility with interim releases of \s-1BIND\s+1 4.9. - -.sh 3 "Sorting Addresses" -.pp -If there are multiple addresses available for a name server which \s-1BIND\s+1 -wants to contact, \s-1BIND\s+1 will try the ones it believes are ``closest'' -first. ``Closeness'' is defined in terms of similarity-of-address; that is, -if one address is on the same \fIsubnet\fP as some interface of the local host, -then that address will be tried first. Failing that, an address which is on -the same \fInetwork\fP will be tried first. Failing that, they will be tried -in a more-or-less random order unless the \fIsortlist\fP directive was given -in the \fInamed.boot\fP file. \fIsortlist\fP has a syntax similar to -\fIforwarders\fP, \fIxfrnets\fP, and \fIbogusns\fP \(em you give it a list -of dotted-quad networks and it uses these to ``prefer'' some remote name server -addresses over others. If no explicit mask is provided with each element of -a \fIsortlist\fP, one will be inferred based on the high order address bits. -.pp -If you are on a Class C net which has a Class B net between you and the rest -of the Internet, you could try to improve the name server's luck in getting -answers by listing the Class B network's number in a \fIsortlist\fP -directive. This should have the effect of trying ``closer'' servers before -the more ``distant'' ones. Note that this behaviour is new as of \s-1BIND -4.9\s+1. -.pp -The other and older effect of the \fIsortlist\fP directive is to cause -\s-1BIND\s+1 to sort the \fIA\fP records in any response it generates, so as -to put those which appear on the \fIsortlist\fP earlier than those which do -not. This is not as helpful as you might think, since many clients will -reorder the \fIA\fP records either at random or using \s-1LIFO\s+1; also, -consider the fact that the server won't be able to guess the client's network -topology, and so will not be able to accurately order for ``closeness'' to -all possible clients. Doing the ordering in the resolver is clearly superior. -.pp -In actual practice, this directive is used only rarely since it hardwires -information which changes rapidly; a network which is ``close'' today may -be ``distant'' next month. Since \s-1BIND\s+1 builds up a cache of the -remote name servers' response times, it will quickly converge on -``reasonable'' behaviour, which isn't the same as ``optimal'' but it's -close enough. Future directions for \s-1BIND\s+1 include choosing -addresses based on local interface metrics (on hosts that have more than -one) and perhaps on routing table information. We do not intend to solve -the generalized ``multihomed host'' problem, but we should be able to do a -little better than we're doing now. Likewise, we hope to see a higher -level resolver library that sorts responses using topology information that -only exists on the client's host. - -.sh 3 "Bogus Name Servers" -.pp -It happens occasionally that some remote name server goes ``bad''. You can -tell your name server to refuse to listen to or ask questions of certain -other name servers by listing them in a \fIbogusns\fP directive in your -\fInamed.boot\fP file. Its syntax is the same as \fIforwarders\fP, -\fIxfrnets\fP, and \fIsortlist\fP \(em you just give it a list of dotted-quad -Internet addresses. Note that zones delegated to such servers will not be -reachable from clients of your servers; thus you should use this directive -sparingly or not at all. - -.sh 3 "Segmented Boot Files" -.pp -If you are secondary for a lot of zones, you may find it convenient to split -your \fInamed.boot\fP file into a static portion which hardly ever changes -(directives such as \fIdirectory\fP, \fIsortlist\fP, \fIxfrnets\fP and -\fIcache\fP could go here), and dynamic portions that change frequently -(all of your \fIprimary\fP directives might go in one file, and all of your -\fIsecondary\fP directives might go in another file \(em and either or both -of these might be fetched automatically from some neighbor so that they can -change your list of secondary zones without requiring your active -intervention). You can accomplish this via the \fIinclude\fP directive, -which takes just a single file name as its argument. No quotes are needed -around the file name. The file name will be evaluated after the name server -has changed its working directory to that specified in the \fIdirectory\fP -directive, so you can use relative pathnames if your system supports them. - -.sh 2 "Resolver Configuration" -.pp -The configuration file's name is \fI/etc/resolv.conf\fP. -This file designates the name servers on the network that should -be sent queries. -The resolver will try to contact a name server on the localhost if it cannot -find its configuration file. You should install the configuration file -on every host anyway, since this is the only recommended way to specify a -system-level default domain, and you can still list the local host's address -if it runs a name server. -It is considered reasonable to create this file even if you run a local -server, since its contents will be cached by each client of the resolver -library when the client makes its first call to a resolver routine. -.pp -The \fIresolv.conf\fP file contains directives, one per line, of the -following forms: -.(l I -; comment -# another comment -domain \fIlocal-domain\fP -search \fIsearch-list\fP -nameserver \fIserver-address\fP -sortlist \fIsort-list\fP -options \fIoption-list\fP -.)l -Exactly one of the \fIdomain\fP or \fIsearch\fP directives should be given, -exactly once. -If the \fIsearch\fP directive is given, the first item in the given -\fIsearch-list\fP will override any previously-specified \fIlocal-domain\fP. -The \fInameserver\fP directive may be given up to three times; additional -\fInameserver\fP directives will be ignored. Comments may be given by -starting a line with a ``\fB\|;\|\fP'' or ``\fB\|#\|\fP''; note that -comments were not permitted in versions of the resolver earlier than the one -included with \s-1BIND 4.9\s+1 \(em so if your vendor's resolver supports -comments, you know they are really on the ball. -.pp -The \fIlocal-domain\fP will be appended to any query-name that does not -contain a ``\fB\|.\|\fP''. \fIlocal-domain\fP can be overridden on a -per-process basis by setting the \s-1LOCALDOMAIN\s+1 environment variable. -Note that \fIlocal-domain\fP processing can be disabled by setting an -option in the resolver. -.pp -The \fIsearch-list\fP is a list of domains which are tried, in order, -as qualifying domains for query-names which do not contain a ``\fB\|.\|\fP''. -Note that \fIsearch-list\fP processing can be disabled by setting an -option in the resolver. Also note that the environment variable -``\s-1LOCALDOMAIN\s+1'' can override this \fIsearch-list\fP on a per-process -basis. -.pp -The \fIserver-address\fP\|'s are aggregated and then used as the default -destination of queries generated through the resolver. In other words, -this is the way you tell the resolver which name servers it should use. It -is possible for a given client application to override this list, and this -is often done inside the name server (which is itself a \fIresolver\fP -client) and in test programs such as \fInslookup\fP. -Note that if you wish to list the -local host in your resolver configuration file, you should probably use its -primary Internet address rather than a local-host alias such as 127.0.0.1 or -0.0.0.0. This is due to a bug in the handling of connected \s-1SOCK_DGRAM\s+1 -sockets in some versions of the \s+1BSD\s-1 networking code. If you must use -an address-alias, you should prefer 0.0.0.0 (or simply ``0'') over 127.0.0.1, -though be warned that depending on the vintage of your \s-1BSD\s+1-derived -networking code, both of them are capable of failing in their own ways. -If your host's IP -implementation does not create a short-circuit route between the default -interface and the loopback interface, then you might also want to add a -static route (eg. in \fB/etc/rc.local\fP) to do so: -.(b l -\fIroute add myhost.domain.name localhost 1\fP -.)b -.pp -The \fIsort-list\fP is a list of IP address, netmask pairs. Addresses -returned by gethostbyname are sorted to the order specified by this list. -Any addresses that do not match the address netmask pair will be returned -after those that do. The netmask is optional and the natural netmask will be -used if not specified. -.pp -The \fIoption-list\fP is a list of options which each override some internal -resolver variable. Supported options at this time are: -.ip \fBdebug\fP -sets the \s-1RES_DEBUG\s+1 bit in \fB_res.options\fP. -.ip \fBndots:\fP\fIn\fP -sets the lower threshold (measured in ``number of dots'') on names given to -\fIres_query\fP() such that names with more than this number of dots will be -tried as absolute names before any \fIlocal-domain\fP or \fIsearch-list\fP -processing is done. The default for this internal variable is ``1''. -.\" .pp -.\" Finally, if the environment variable \s-1HOSTALIASES\s+1 is set, it is -.\" taken to contain the name of a file which in turn contains resolver-level -.\" aliases. These aliases are applied only to names which do not contain any -.\" ``\fB\|.\|\fP'' characters, and they are applied to query-names before the -.\" query is generated. Note that the resolver options governing the operation -.\" of \fIlocal-domain\fP and \fIsearch-list\fP do not apply to -.\" \s-1HOSTALIASES\s+1. - -.sh 2 "Cache Initialization File" -.sh 3 root.cache -.pp -The name server needs to know the servers that are the authoritative name -servers for the root domain of the network. To do this we have to prime the -name server's cache with the addresses of these higher authorities. The -location of this file is specified in the boot file. This file uses the -Standard Resource Record Format (aka. Masterfile Format) covered further on -in this paper. - -.sh 2 "Domain Data Files" -.pp -There are two standard files for specifying the data for a -domain. These are \fIhosts\fP and \fIhost.rev\fP. -These files use the Standard Resource Record Format covered later -in this paper. Note that the file names are arbitrary; many network -administrators prefer to name their zone files after the domains they -contain, especially in the average case which is where a given server -is primary and/or secondary for many different zones. -.sh 3 hosts -.pp -This file contains all the data about the machines in this zone. -The location of this file is specified in the boot file. -.sh 3 hosts.rev -.pp -This file specifies the IN-ADDR\|.\|ARPA domain. -This is a special domain for allowing address to name mapping. -As internet host addresses do not fall within domain boundaries, -this special domain was formed to allow inverse mapping. -The IN-ADDR\|.\|ARPA domain has four -labels preceding it. These labels correspond to the 4 octets of -an Internet address. -All four octets must be specified even if an octet contains zero. -The Internet address 128.32.0.4 is located in the domain -4\|.\|0\|.\|32\|.\|128\|.\|IN-ADDR\|.\|ARPA. -This reversal of the address is awkward to read but allows -for the natural grouping of hosts in a network. -.sh 3 named.local -.pp -This file specifies the \fIPTR\fP record for the local loopback interface, -better known as \fIlocalhost\fP, whose network address is 127.0.0.1. The -location of this file is specified in the boot file. It is vitally -important to the proper operation of every name server that the 127.0.0.1 -address have a \fIPTR\fP record pointing back to the name -``\fBlocalhost.\fP''. The name of this \fIPTR\fP record is always -``\fB1.0.0.127.\s-1IN-ADDR.ARPA\s+1\fP''. This is necessary if you want -your users to be able to use hostname-authentication (\fIhosts.equiv\fP or -\fI~/.rhosts\fP) on the name ``\fBlocalhost\fP''. As implied by this -\fIPTR\fP record, there should be a ``\fBlocalhost.\fP\fImy.dom.ain\fP'' -\fIA\fP record (with address 127.0.0.1) in every domain that contains hosts. -``\fBlocalhost.\fP'' will lose its trailing dot when -\fB1.0.0.127.in-addr.arpa\fP is queried for; then, the DEFNAMES and/or -DNSRCH resolver options will cause ``\fBlocalhost\fP'' to be evaluated as a -host name in the local domain, and that means the top domains (or ideally, -every domain) in your resolver's search path had better have something by -that name. -.sh 2 "Standard Resource Record Format" -.pp -The records in the name server data files are called resource records. -The Standard Resource Record Format (RR) is specified in RFC1035. -The following is a general description of these records: -.TS -l l l l l. -\fI{name} {ttl} addr-class Record Type Record Specific data\fP -.TE -Resource records have a standard format shown above. -The first field is always the name of the domain record -and it must always start in column 1. -For all RR's other than the first in a file, the name may be left blank; -in that case it takes on the name of the previous RR. -The second field is an optional time to live field. -This specifies how long this data will be stored in the data base. -By leaving this field blank the default time to live is specified -in the \fIStart Of Authority\fP resource record (see below). -The third field is the address class; currently, only one class is supported: -\fIIN\fP for internet addresses and other internet information. Limited -support is included for the \fIHS\fP class, which is for MIT/Athena ``Hesiod'' -information. -The fourth field states the type of the resource record. -The fields after that are dependent on the type of the RR. -Case is preserved in names and data fields when loaded into the name server. -All comparisons and lookups in the name server data base are case insensitive. -.bl -.b -The following characters have special meanings: -.ip ``\fB.\fP'' -A free standing dot in the name field refers to the root domain. -.ip ``@'' -A free standing @ in the name field denotes the current origin. -.ip "``\eX''" -Where X is any character other than a digit (0-9), -quotes that character so that its special meaning does not apply. -For example, ``\e.'' can be used to place a dot character in a label. -.ip "``\eDDD''" -Where each D is a digit, is the octet corresponding to the -decimal number described by DDD. -The resulting octet is assumed to be text and -is not checked for special meaning. -.ip "``( )''" -Parentheses are used to group data that crosses a line. -In effect, line terminations are not recognized within parentheses. -(At present, this notation only works for SOA RR's and is not optional.) -.ip "``;''" -Semicolon starts a comment; the remainder of the line is ignored. Note -that a completely blank line is also considered a comment, and ignored. -.ip "``*''" -An asterisk signifies wildcarding. Note that this is just another data -character whose special meaning comes about only during internal name -server search operations. Wildcarding is only meaningful for some RR -types (notably \fIMX\fP), and then only in the name field \(em not in -the data fields. -.pp -Anywhere a name appears \(em either in the name field or in some data field -defined to contain names \(em the current origin will be appended if the -name does not end in a ``\fB\|.\|\fP''. -This is useful for appending the current domain name to the data, -such as machine names, but may cause problems where you do not want -this to happen. -A good rule of thumb is that, if the name is not in the domain for which -you are creating the data file, end the name with a ``\fB.\fP''. -.sh 3 $INCLUDE -.pp -An include line begins with $INCLUDE, starting in column 1, -and is followed by a file name, and, optionally, by a new -temporary $ORIGIN to be used while reading this file. -This feature is -particularly useful for separating different types of data into multiple files. -An example would be: -.(b l -$INCLUDE /usr/local/adm/named/data/mail-exchanges -.)b -The line would be interpreted as a request to load the file -\fI/usr/local/adm/named/data/mail-exchanges\fP. The $INCLUDE command does not cause -data to be loaded into a different zone or tree. This is simply a way to -allow data for a given primary zone to be organized in separate files. -Not even the ``temporary $ORIGIN'' feature described above is sufficient -to cause your data to branch out into some other zone \(em zone boundaries -can only be introduced in the boot file. -.pp -A $INCLUDE file must have a name on its first RR. That is, the first -character of the first non-comment line must not be a space. The current -default name in the parent file \fIdoes not\fP carry into the $INCLUDE -file. -.sh 3 $ORIGIN -.pp -The origin is a way of changing the origin in a data file. The line starts -in column 1, and is followed by a domain origin. This seems like it could -be useful for putting more then one zone into a data file, but that's not -how it works. The name server fundamentally requires a given zone to map -entirely to some specific file. You should therefore be very careful to use -$ORIGIN only once at the top of a file, or, within a file, to change to a -``lower'' domain in the zone \(em never to some other zone altogether. -.sh 3 "SOA - Start Of Authority" -.(b L -.TS -l l l l l l. -\fIname {ttl} addr-class SOA Origin Person in charge\fP -@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ( - 1995122103 ; Serial - 10800 ; Refresh - 1800 ; Retry - 3600000 ; Expire - 259200 ) ; Minimum -.TE -.)b -The \fIStart of Authority, SOA,\fP record designates the start of a zone. -The name is the name of the zone and is often given as ``@'' since this -is always the current $ORIGIN and the SOA RR is usually the first record -of the primary zone file. -Origin is the name of the host on which this data file resides (in other -words, the \fIprimary master\fP server for this zone.) -Person in charge is the e-mail address for the person responsible -for the name server, with ``@'' changed to a ``.''. -The serial number is the version number of this data file and must be a -positive integer. -This number must be incremented whenever a change is made to the data. -Older servers permitted the use of a phantom ``.'' in this and other -numbers in a zone file; the meaning of n.m was ``n000m'' rather than the -more intuitive ``n*1000+m'' (such that 1.234 translated to 1000234 rather -than to 1234). This feature has been deprecated due to its -obscurity, unpredictability, and lack of necessity. -Note that using a ``YYYYMMDDNN'' notation you can still make 100 changes -per day until the year 4294. You should choose a notation that works for -you. If you're a clever \fIperl\fP programmer you could even use \fIRCS\fP -version numbers to help generate your zone serial numbers. -The refresh indicates how often, in seconds, the secondary name servers -are to check with the primary name server to see if an update is needed. -The retry indicates how long, in seconds, a secondary server should wait -before retrying a failed zone transfer. -Expire is the upper limit, in seconds, that a secondary name server -is to use the data before it expires for lack of getting a refresh. -Minimum is the default number of seconds to be used for the Time To Live -field on resource records which do not specify one in the zone file. -It is also an enforced minimum on Time To Live if it is specified on -some resource record (RR) in the zone. -There must be exactly one \fISOA\fP record per zone. -.sh 3 "NS - Name Server" -.TS -l l l l l. -\fI{name} {ttl} addr-class NS Name servers name\fP - IN NS ucbarpa\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB.\fP -.TE -The \fIName Server\fP record, \fINS\fP, lists a name server responsible -for a given domain, creating a \fIdelegation point\fP and a \fIsubzone\fP. -The first name field specifies the zone that is serviced by -the name server specified by the second name. -Every zone needs at least two name servers. -.bp \" ----PLACEMENT HACK---- -.sh 3 "A - Address" -.TS -l l l l l. -\fI{name} {ttl} addr-class A address\fP -ucbarpa IN A 128\fB.\fP32\fB.\fP0\fB.\fP4 - IN A 10\fB.\fP0\fB.\fP0\fB.\fP78 -.TE -The \fIAddress\fP record, \fIA\fP, lists the address for a given machine. -The name field is the machine name and the address is the network address. -There should be one \fIA\fP record for each address of the machine. -.sh 3 "HINFO - Host Information" -.TS -l l l l l l. -\fI{name} {ttl} addr-class HINFO Hardware OS\fP - IN HINFO VAX-11/780 UNIX -.TE -\fIHost Information\fP resource record, \fIHINFO\fP, is for host specific -data. This lists the hardware and operating system that are running at the -listed host. If you want to include a space in the machine name you must -quote the name (using ``"'' characters.) There could be one \fIHINFO\fP -record for each host, though for security reasons most domains don't have -any \fIHINFO\fP records at all. No application depends on them. -.(b L -.sh 3 "WKS - Well Known Services" -.TS -l l l l l l l. -\fI{name} {ttl} addr-class WKS address protocol list of services\fP - IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 UDP who route timed domain - IN WKS 128\fB.\fP32\fB.\fP0\fB.\fP10 TCP ( echo telnet - discard sunrpc sftp - uucp-path systat daytime - netstat qotd nntp - link chargen ftp - auth time whois mtp - pop rje finger smtp - supdup hostnames - domain - nameserver ) -.TE -The \fIWell Known Services\fP record, \fIWKS\fP, describes the well known -services supported by a particular protocol at a specified address. The -list of services and port numbers come from the list of services specified -in \fI/etc/services.\fP There should be only one \fIWKS\fP record per -protocol per address. Note that RFC1123 says of \fIWKS\fP records: -.)b -.(l L - 2.2 Using Domain Name Service - ... - An application SHOULD NOT rely on the ability to locate a WKS - record containing an accurate listing of all services at a - particular host address, since the WKS RR type is not often used - by Internet sites. To confirm that a service is present, simply - attempt to use it. - ... - 5.2.12 WKS Use in MX Processing: RFC-974, p. 5 - - RFC-974 [SMTP:3] recommended that the domain system be queried - for WKS ("Well-Known Service") records, to verify that each - proposed mail target does support SMTP. Later experience has - shown that WKS is not widely supported, so the WKS step in MX - processing SHOULD NOT be used. - ... - 6.1.3.6 Status of RR Types - ... - The TXT and WKS RR types have not been widely used by - Internet sites; as a result, an application cannot rely - on the existence of a TXT or WKS RR in most - domains. -.)l -.sh 3 "CNAME - Canonical Name" -.TS -l l l l l. -\fIalias {ttl} addr-class CNAME Canonical name\fP -ucbmonet IN CNAME monet -.TE -The \fICanonical Name\fP resource record, \fICNAME\fP, specifies an -alias or nickname for the official, or canonical, host name. -This record must be the only one associated with the alias name. -All other resource records must be -associated with the canonical name, not with the nickname. -Any resource records that include a domain name as their value -(e.g., NS or MX) \fImust\fP list the canonical name, not the nickname. -Similarly, a CNAME will be followed when searching for A RRs, but not -for MX RRs or NS RRs or most other types of RRs. CNAMEs are allowed -to point to other CNAMEs, but this is considered sloppy. -.pp -Nicknames are useful when a well known host changes its name. In that -case, it is usually a good idea to have a \fICNAME\fP record so that -people still using the old name will get to the right place. -.sh 3 "PTR - Domain Name Pointer" -.TS -l l l l l. -\fIname {ttl} addr-class PTR real name\fP -7.0 IN PTR monet\fB\|.\|\fPBerkeley\fB\|.\|\fPEdu\fB\|.\fP -.TE -A \fIDomain Name Pointer\fP record, \fIPTR\fP, allows special names to point -to some other location in the domain. The above example of a \fIPTR\fP -record is used in setting up reverse pointers for the special -\fIIN-ADDR\fP\fB\|.\|\fP\fIARPA\fP domain. This line is from the example -\fIhosts.rev\fP file. \fIPTR\fP records are needed by the -\fIgethostbyaddr\fP function. Note the trailing ``\fB\|.\|\fP'' which -prevents \s-1BIND\s+1 from appending the current \s-1$ORIGIN\s+1 to that -domain name. -.sh 3 "MX - Mail Exchange" -.TS -l l l l l l. -\fIname {ttl} addr-class MX preference value mail exchange\fP -Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN MX 0 Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP -*\fB\|.\|\fPIL\fB\|.\fP IN MX 0 RELAY\fB\|.\|\fPCS\fB\|.\|\fPNET\fB\|.\fP -.TE -\fIMail eXchange\fP records, \fIMX\fP, are used to specify a list of hosts -which are configured to receive mail sent to this domain name. Every name -which receives mail should have an \fIMX\fP since if one is not found at the -time mail is being delivered, an \fIMX\fP will be ``imputed'' with a cost -of 0 and a destination of the host itself. If you want a host to receive -its own mail, you should create an \fIMX\fP for your host's name, pointing -at your host's name. It is better to have this be explicit than to let it -be imputed by remote mailers. -In the first example, above, -Seismo\fB\|.\|\fPCSS\fB\|.\|\fPGOV\fB\|.\fP is a mail gateway that knows how -to deliver mail to Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP. These two -machines may have a private connection or use a different transport medium. -The preference value is the order that a mailer should follow when there is -more than one way to deliver mail to a single machine. Note that lower -numbers indicate higher precedence, and that mailers are supposed to randomize -same-valued \fIMX\fP hosts so as to distribute the load evenly if the costs -are equal. See RFC974 for more detailed information. -.pp -Wildcard names containing the character ``*'' may be used for mail routing -with \fIMX\fP records. There are likely to be servers on the network that -simply state that any mail to a domain is to be routed through a relay. -Second example, above, all mail to hosts in the domain IL is routed through -RELAY.CS.NET. This is done by creating a wildcard resource record, which -states that *.IL has an \fIMX\fP of RELAY.CS.NET. Wildcard \fIMX\fP records -are not very useful in practice, though, since once a mail message gets to -the gateway for a given domain it still has to be routed \fIwithin\fP that -domain and it is not currently possible to have an apparently-different set -of \fIMX\fP records inside and outside of a domain. If you won't be needing -any Mail Exchanges inside your domain, go ahead and use a wildcard. If you -want to use both wildcard ``top-level'' and specific ``interior'' \fIMX\fP -records, note that each specific record will have to ``end with'' a complete -recitation of the same data that is carried in the top-level record. This -is because the specific \fIMX\fP records will take precedence over the -top-level wildcard records, and must be able to perform the top-level's -if a given interior domain is to be able to receive mail from outside the -gateway. Wildcard \fIMX\fP records are very subtle and you should be careful -with them. -.sh 3 "TXT - Text" -.TS -l l l l l l. -\fIname {ttl} addr-class TXT string\fP -Munnari\fB\|.\|\fPOZ\fB\|.\|\fPAU\fB\|.\fP IN TXT "foo" -.TE -A \fITXT\fP record contains free-form textual data. The syntax of the text -depends on the domain where it is found; many systems use \fITXT\fP records -to encode local data in a stylized format. MIT Hesiod is one such system. -.sh 3 "RP - Responsible Person" -.TS -l l l l l l. -\fIowner {ttl} addr-class RP mbox-domain-name TXT-domain-name\fP -franklin IN RP ben.franklin.berkeley.edu. sysadmins.berkeley.edu. -.TE -.pp -The Responsible Person record, \fIRP\fP, identifies the name or group name of -the responsible person for a host. Often it is desirable to be able to -identify the responsible entity for a particular host. When that host -is down or malfunctioning, you would want to contact those parties -who might be able to repair the host. -.pp -The first field, \fImbox-domain-name\fP, is a domain name that specifies the -mailbox for the responsible person. Its format in a zone file uses -the \s-1DNS\s+1 convention for mailbox encoding, identical to that used for -the \fIPerson-in-charge\fP mailbox field in the SOA record. -In the example above, the \fImbox-domain-name\fP shows the encoding for -``\fB<ben@franklin.berkeley.edu>\fP''. -The root domain name (just ``\fB\|.\|\fP'') may be specified -to indicate that no mailbox is available. -.pp -The second field, \fITXT-domain-name\fP, is a domain name for which -\fITXT\fP records exist. A subsequent query can be performed to retrieve -the associated \fITXT\fP resource records at \fITXT-domain-name\fP. This -provides a level of indirection so that the entity can be referred to from -multiple places in the \s-1DNS\s+1. The root domain name (just -``\fB\|.\|\fP'') may be specified for \fITXT-domain-name\fI to indicate -that no associated \fITXT\fP RR exists. In the example above, -``\fBsysadmins.berkeley.edu.\fP'' is the name of a TXT record that might -contain some text with names and phone numbers. -.pp -The format of the \fIRP\fP record is class-insensitive. -Multiple \fIRP\fP records at a single name may be present in the database, -though they should have identical TTLs. -.pp -The \fIRP\fP record is still experimental; not all name servers implement -or recognize it. -.sh 3 "AFSDB - DCE or AFS Server" -.TS -l l l l l l. -\fIname {ttl} addr-class AFSDB subtype server host name\fP -toaster.com. IN AFSDB 1 jack.toaster.com. -toaster.com. IN AFSDB 1 jill.toaster.com. -toaster.com. IN AFSDB 2 tracker.toaster.com. -.TE -\fIAFSDB\fP records are used to specify the hosts that provide a style of -distributed service advertised under this domain name. A subtype value -(analogous to the ``preference'' value in the \fIMX\fP record) indicates -which style of distributed service is provided with the given name. -Subtype 1 indicates that the named host is an AFS (R) database server for -the AFS cell of the given domain name. Subtype 2 indicates that the -named host provides intra-cell name service for the DCE (R) cell named by -the given domain name. -In the example above, jack\fB\|.\|\fPtoaster\fB\|.\|\fPcom and -jill\fB\|.\|\fPtoaster\fB\|.\|\fPcom are declared to be AFS database -servers for the toaster\fB\|.\|\fPcom AFS cell, so that AFS clients -wishing service from toaster\fB\|.\|\fPcom are directed to those two hosts -for further information. The third record declares that -tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom houses a directory server for the -root of the DCE cell toaster\fB\|.\|\fPcom, so that DCE clients that wish -to refer to DCE services should consult with the host -tracker\fB\|.\|\fPtoaster\fB\|.\|\fPcom for further information. The -DCE sub-type of record is usually accompanied by a \fITXT\fP record for -other information specifying other details to be used in accessing the -DCE cell. RFC1183 contains more detailed information on the use of -this record type. -.pp -The \fIAFSDB\fP record is still experimental; not all name servers implement -or recognize it. - -.sh 3 "PX - Pointer to X.400/RFC822 mapping information" -.TS -l l l l l l l. -\fIname {ttl} addr-class PX prefer 822-dom X.400-dom\fP -*.ADMD-garr.X42D.it. IN PX 50 it. ADMD-garr.C-it. -*.infn.it. IN PX 50 infn.it. O.PRMD-infn.ADMD-garr.C-it. -*.it. IN PX 50 it. O-gate.PRMD-garr.ADMD-garr.C-it. -.TE -.pp -The \fIPX\fP records (\fIPointer to X.400/RFC822 mapping information\fP) -are used to specify address mapping rules between X.400 O/R addresses and -RFC822 style (domain-style) mail addresses. For a detailed description of the -mapping process please refer to RFC1327. -.pp -Mapping rules are of 3 different types: -.pp -1) mapping from X.400 to RFC822 (defined as "table 1 rules" in RFC1327) -.pp -2) mapping from RFC822 to X.400 (defined as "table 2 rules" in RFC1327) -.pp -3) encoding RFC822 into X.400 (defined as "gate table" in RFC1327) -.pp -All three types of mapping rules are specified using \fIPX\fP Resource -Records in DNS, although the \fIname\fP value is different: for case 1, the -\fIname\fP value is an X.400 domain in DNS syntax, whereas for cases 2 and -3 the \fIname\fP value is an RFC822 domain. Refer to RFC-1664 for details -on specifying an X.400 domain in DNS syntax and for the use of the -\fIX42D\fP keyword in it. Tools are available to convert from RFC1327 -tables format into DNS files syntax. \fIPreference\fP is analogous to the -\fIMX\fP RR Preference parameter: it is currently advised to use a fixed -value of 50 for it. \fI822-dom\fP gives the RFC822 part of the mapping -rules, and \fIX.400-dom\fP gives the X.400 part of the mapping rule (in DNS -syntax). It is currently advised always to use wildcarded \fIname\fP -values, as the RFC1327 tables specifications permit wildcard -specifications only. This is to keep compatibility with existing services -using static RFC1327 tables instead of DNS \fIPX\fP information. -.pp -Specifications of mapping rules from X.400 to RFC822 syntax requires the -creation of an appropriate X.400 domain tree into DNS, including thus specific -\fISOA\fP and \fINS\fP records for the domain itself. Specification of mapping -rules from RFC822 into X.400 can be embedded directly into the normal direct -\fIname\fP tree. -Again, refer to RFC1664 for details about organization of this structure. -.pp -Tools and library routines, based on the standard resolver ones, are available -to retrieve from DNS the appropriate mapping rules in RFC1327 or DNS syntax. -.pp -Once again, refer to RFC1664 to use the \fIPX\fP resource record, and be careful -in coordinating the mapping information you can specify in DNS with the same -information specified into the RFC1327 static tables. -.pp -The \fIPX\fP record is still experimental; not all servers implement or -recognize it. - -.sh 2 "Discussion about the TTL" -.pp -The Time To Live assigned to the records and to the zone via the -Minimum field in the SOA record is very important. High values will -lead to lower BIND network traffic and faster response time. Lower -values will tend to generate lots of requests but will allow faster -propagation of changes. -.pp -Only changes and deletions from the zone are affected by the TTLs. -Additions propagate according to the Refresh value in the SOA. -.pp -Experience has shown that sites use default TTLs for their zones varying -from around 0.5 day to around 7 days. You may wish to consider boosting -the default TTL shown in former versions of this guide from one day -(86400 seconds) to three days (259200 seconds). This will drastically -reduce the number of requests made to your name servers. -.pp -If you need fast propagation of changes and deletions, it might be wise -to reduce the Minimum field a few days before the change, then do the -modification itself and augment the TTL to its former value. -.pp -If you know that your zone is pretty stable (you mainly add new records -without deleting or changing old ones) then you may even wish to consider -a TTL higher than three days. -.pp -Note that in any case, it makes no sense to have records with a TTL -below the SOA Refresh delay, as Delay is the time required for secondaries -to get a copy of the newly modified zone. - -.sh 2 "About ``secure zones'' -.pp -Secure zones implement named security on a zone by zone basis. It is -designed to use a permission list of networks or hosts which may obtain -particular information from the zone. -.pp -In order to use zone security, \fInamed\fP must be compiled with SECURE_ZONES -defined and you must have at least one secure_zone TXT RR. Unless a -\fIsecure_zone\fP record exists for a given zone, no restrictions will be -applied to the data in that zone. The format of the secure_zone TXT RR is: -.lp -secure_zone\h'0.5i'addr-class\h'0.5i'TXT\h'0.5i'string -.pp -The addr-class may be either \fIHS\fP or \fIIN\fP. The syntax for the TXT -string is either ``network address:netmask'' or ``host IP address:H''. -.pp -``network address:netmask'' allows queries from an entire network. If the -netmask is omitted, named will use the default netmask for the network -address specified. -.pp -``host IP address:H'' allows queries from a host. The ``H'' after the ``:'' -is required to differentiate the host address from a network address. -Multiple secure_zone TXT RRs are allowed in the same zone file. -.pp -For example, you can set up a zone to only answer Hesiod requests from the -masked class B network 130.215.0.0 and from host 128.23.10.56 by adding the -following two TXT RR's: -.lp -secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``130.215.0.0:255.255.0.0'' -secure_zone\h'0.5i'HS\h'0.5i'TXT\h'0.5i'``128.23.10.56:H'' -.pp -This feature can be used to restrict access to a Hesiod password map or to -separate internal and external internet address resolution on a firewall -machine without needing to run a separate named for internal and external -address resolution. -.pp -Note that you will need to include your loopback interface (127.0.0.1) in -your secure_zone record, or your local clients won't be able to resolve -names. - -.sh 2 "About Hesiod, and HS-class Resource Records -.pp -Hesiod, developed by \s-1MIT\s+1 Project Athena, is an information service -built upon \s-1BIND\s+1. Its intent is similar to that of Sun's -\s-1NIS\s+1: to furnish information about users, groups, network-accessible -file systems, printcaps, and mail service throughout an installation. Aside -from its use of \s-1BIND\s+1 rather than separate server code another -important difference between Hesiod and \s-1NIS\s+1 is that Hesiod is not -intended to deal with passwords and authentication, but only with data that -are not security sensitive. Hesiod servers can be implemented by adding -resource records to \s-1BIND\s+1 servers; or they can be implemented as -separate servers separately administered. -.pp -To learn about and obtain Hesiod make an anonymous \s-1FTP\s+1 connection to -host \s-1ATHENA-DIST.MIT.EDU\s+1 and retrieve the compressed tar file -\fB/pub/ATHENA/hesiod.tar.Z\fP. You will not need the named and resolver -library portions of the distribution because their functionality has already -been integrated into \s-1BIND as of 4.9\s+1. To learn how Hesiod functions -as part of the Athena computing environment obtain the paper -\fB/pub/ATHENA/usenix/athena-changes.PS\fP from the above \s-1FTP\s+1 server -host. There is also a tar file of sample Hesiod resource files. -.pp -Whether one should use Hesiod class is open to question, since the same -services can probably be provided with class IN, type TXT and type -CNAME records. In either case, the code and documents for Hesiod will -suggest how to set up and use the service. -.pp -Note that while \s-1BIND\s+1 includes support for \fIHS\fP-class queries, -the zone transfer logic for non-\fIIN\fP-class zones is still experimental. - -.sh 2 "Sample Files" -.pp -The following section contains sample files for the name server. -This covers example boot files for the different types of servers -and example domain data base files. diff --git a/contrib/bind/doc/bog/intro.me b/contrib/bind/doc/bog/intro.me deleted file mode 100644 index 597fa440b2d30..0000000000000 --- a/contrib/bind/doc/bog/intro.me +++ /dev/null @@ -1,75 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)intro.me 6.2 (Berkeley) 2/28/88 -.\" -.sh 1 Introduction -.pp -The Berkeley Internet Name Domain (\s-1BIND\s+1) implements an Internet name -server for \s-2BSD\s+2-derived operating systems. The \s-1BIND\s+1 consists -of a server (or ``daemon'') called \fInamed\fP and a \fIresolver\fP library. -A name server is a network service that enables clients to name resources or -objects and share this information with other objects in the network. This -in effect is a distributed data base system for objects in a computer -network. The \s-1BIND\s+1 server runs in the background, servicing queries -on a well known network port. The standard port for UDP and TCP is specified -in \fI/etc/services\fP. The \fIresolver\fP is a set of routines residing -in a system library that provides the interface that programs can use to -access the domain name services. -.pp -BIND is fully integrated into BSD (4.3 and later releases) -network programs for use in storing and retrieving host names and address. -The system administrator can configure the system to use BIND as a -replacement to the older host table lookup of information in the network -hosts file \fI/etc/hosts\fP. The default configuration for BSD uses -BIND. diff --git a/contrib/bind/doc/bog/manage.me b/contrib/bind/doc/bog/manage.me deleted file mode 100644 index 6f17b80b7bb1d..0000000000000 --- a/contrib/bind/doc/bog/manage.me +++ /dev/null @@ -1,156 +0,0 @@ -.\" ++Copyright++ 1986, 1988, 1995 -.\" - -.\" Copyright (c) 1986, 1988, 1995 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)manage.me 6.6 (Berkeley) 9/19/89 -.\" $Id: manage.me,v 8.4 1995/12/22 10:20:24 vixie Exp $ -.\" -.sh 1 "Domain Management" -.pp -This section contains information for starting, controlling and debugging -\fInamed\fP. -.sh 2 /etc/rc.local -.pp -The hostname should be set to the full domain style name in -\fI/etc/rc.local\fP using \fIhostname\|(1)\fP. The following entry should -be added to \fI/etc/rc.local\fP to start up \fInamed\fP at system boot time: -.(b l -\fIif [ -f /usr/sbin/named ]; then - /usr/sbin/named\fP [options] \fI& echo -n ' named' >/dev/console\fP -\fIfi\fP -.)b -This usually directly follows the lines that start \fIsyslogd\fP. -\fBDo Not\fP attempt to run \fInamed\fP from \fIinetd\fP. -This will -continuously restart the name server and defeat the purpose of the cache. -.sh 2 /var/run/named.pid -.pp -When \fInamed\fP is successfully started up it writes its process id into -the file \fI/var/run/named.pid\fP. This is useful to programs that want to -send signals to \fInamed\fP. The name of this file may be changed by defining -\fIPIDFILE\fP to the new name when compiling \fInamed\fP. -.sh 2 /etc/hosts -.pp -The \fIgethostbyname\|()\fP library call can detect if \fInamed\fP is running. -If it is determined that \fInamed\fP is not running it will look in -\fI/etc/hosts\fP to resolve an address. -This option was added to allow \fIifconfig\|(8C)\fP to configure the machines -local interfaces and to enable a system manager to access the network -while the system is in single user mode. -It is advisable to put the local machines interface addresses and a couple of -machine names and address in -\fI/etc/hosts\fP so the system manager can rcp files from another machine -when the system is in single user mode. -The format of \fI/etc/hosts\fP has not changed. See \fIhosts\|(5)\fP -for more information. -Since the process of reading \fI/etc/hosts\fP is slow, -it is not advisable to use this option when the system is in multi user mode. - -.sh 2 Signals -.pp -There are several signals that can be sent to the \fInamed\fP process -to have it do tasks without restarting the process. -.sh 3 Reload -.pp -SIGHUP - -Causes \fInamed\fP to read \fInamed.boot\fP and reload the database. -This is useful when you have made a change to a ``primary'' data file -and you want \fInamed\fP\|'s internal database to reflect the change. -If you build \s-1BIND\s+1 with the \s-1FORCED_RELOAD\s+1 option, then -\s-1SIGHUP\s+1 also has the effect of scheduling all ``secondary'' zones -for serial-number checks, which could lead to zone transfers ahead of -the usual schedule. Normally serial-number compares are done only at -the intervals specified in the zone's \s-1SOA\s+1 record. -.sh 3 Debugging -.pp -When \fInamed\fP is running incorrectly, look first in -\fI/var/log/messages\fP and check for any messages logged by \fIsyslog\fP. -Next send it a signal to see what is happening. Unless you run it with the -``-d'' option, \fInamed\fP has very little to say on its standard output or -standard error. Everything \fInamed\fP has to say, it says to \fIsyslog\fP. -.pp -SIGINT - -Dumps the current data base and cache to -\fI/var/tmp/named_dump.db\fP -This should give you an indication to whether the data base was loaded -correctly. -The name of the dump file may be changed -by defining \fIDUMPFILE\fP to the new name when compiling \fInamed\fP. - -\fINote:\fP the following two signals only work when \fInamed\fP is built with -\fIDEBUG\fP defined. -.pp -SIGUSR1 - -Turns on debugging. Each following SIGUSR1 increments the debug level. -The output goes to \fI/var/tmp/named.run\fP -The name of this debug file may be changed -by defining \fIDEBUGFILE\fP to the new name before compiling \fInamed\fP. -.pp -SIGUSR2 - -Turns off debugging completely. - -For more detailed debugging, define DEBUG when compiling the resolver -routines into \fI/lib/libc.a\fP. -.pp -SIGWINCH - -Toggles tracing of all incoming queries if \fInamed\fP has been -compiled with \fIQRYLOG\fP defined. The trace is sent to syslog, and -is huge, but it is very useful for tracking down problems. - -To run with tracing of all queries specify the \fI-q\fP flag on the -command line. If you routinely log queries you will probably want to -analyze the results using the dnsstats stats script in the -contrib directory. -.pp -SIGIOT - -Dumps statistics data into \fI/var/tmp/named.stats\fP if the server -is built with \fISTATS\fP defined. Statistics are appended to the file. diff --git a/contrib/bind/doc/bog/named.boot.cache b/contrib/bind/doc/bog/named.boot.cache deleted file mode 100644 index 5e0e3d3481281..0000000000000 --- a/contrib/bind/doc/bog/named.boot.cache +++ /dev/null @@ -1,77 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)named.boot.cache 6.4 (Berkeley) 9/19/89 -.\" -.ne 13v -.sh 4 "Caching Only Server" -.(b L -.TS -l. -; -; Boot file for Caching Only Name Server -; -.TE -.TS -l l l -l -l l l. -; type domain source file or host -; -directory /usr/local/adm/named -cache \fB.\fP root\fB.\fPcache -primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal -.TE -.)b - - diff --git a/contrib/bind/doc/bog/named.boot.primary b/contrib/bind/doc/bog/named.boot.primary deleted file mode 100644 index 0f3c3ca9aa85b..0000000000000 --- a/contrib/bind/doc/bog/named.boot.primary +++ /dev/null @@ -1,78 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)named.boot.primary 6.4 (Berkeley) 9/19/89 -.\" -.ne 15v -.sh 3 "Boot Files" -.sh 4 "Primary Server" -.(b L -.TS -l. -; -; Boot file for Primary Name Server -; -.TE -.TS -l l l -l -l l l. -; type domain source file or host -; -directory /usr/local/adm/named -primary Berkeley\fB.\fPEdu ucbhosts -primary 32\fB.\fP128\fB.\fPin-addr\fB.\fParpa ucbhosts\fB.\fPrev -primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal -cache \fB.\fP root\fB.\fPcache -.TE -.)b diff --git a/contrib/bind/doc/bog/named.boot.secondary b/contrib/bind/doc/bog/named.boot.secondary deleted file mode 100644 index 64a607d58019e..0000000000000 --- a/contrib/bind/doc/bog/named.boot.secondary +++ /dev/null @@ -1,77 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)named.boot.secondary 6.4 (Berkeley) 9/19/89 -.\" -.ne 12v -.sh 4 "Secondary Server" -.(b L -.TS -l. -; -; Boot file for Secondary Name Server -; -.TE -.TS -l l l -l -l l l. -; type domain source file or host -; -directory /usr/local/adm/named -secondary Berkeley\fB.\fPEdu 128\fB.\fP32\fB.\fP0\fB.\fP4 128\fB.\fP32\fB.\fP0\fB.\fP10 ucbhosts.bak -secondary 32\fB.\fP128\fB.\fPin-addr\fB.\fParpa 128\fB.\fP32\fB.\fP0\fB.\fP4 128\fB.\fP32\fB.\fP0\fB.\fP10 ucbhosts.rev.bak -primary 0\fB.\fP0\fB.\fP127\fB.\fPin-addr\fB.\fParpa named\fB.\fPlocal -cache \fB.\fP root\fB.\fPcache -.TE -.)b diff --git a/contrib/bind/doc/bog/named.local b/contrib/bind/doc/bog/named.local deleted file mode 100644 index 209c5be8bae20..0000000000000 --- a/contrib/bind/doc/bog/named.local +++ /dev/null @@ -1,75 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)named.local 6.3 (Berkeley) 5/24/89 -.\" -.ne 13v -.sh 3 "named.local" -.(b L - -.TS -l l l l l s. -@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu. kjd\fB.\fPucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ( -.T& -l l l l l. - 1994072100 ; Serial - 10800 ; Refresh - 1800 ; Retry - 3600000 ; Expire - 259200 ) ; Minimum -.T& -l l l l l s. - IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ; pedantic -1 IN PTR localhost\fB.\fP -.TE -.)b diff --git a/contrib/bind/doc/bog/ns.me b/contrib/bind/doc/bog/ns.me deleted file mode 100644 index ec3ca3c7988e1..0000000000000 --- a/contrib/bind/doc/bog/ns.me +++ /dev/null @@ -1,96 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)ns.me 6.3 (Berkeley) 9/19/89 -.\" -.sh 1 "The Name Service" -.pp -The basic function of the name server is to provide information about network -objects by answering queries. The specifications for this name server are -defined in RFC1034, RFC1035 and RFC974. These documents can be found in -\fI/usr/src/etc/named/doc\fP in 4.3BSD or \fIftp\fPed from -\fBftp.rs.internic.net\fP. -It is also recommended that you read the related manual pages, -\fInamed\fP\|(8), -\fIresolver\fP\|(3), -and \fIresolver\fP\|(5). -.pp -The advantage of using a name server over the host table lookup for host -name resolution is to avoid the need for a single centralized clearinghouse -for all names. The authority for this information can be delegated to the -different organizations on the network responsible for it. -.pp -The host table lookup routines require that the master file for the entire -network be maintained at a central location by a few people. This works -fine for small networks where there are only a few machines and the -different organizations responsible for them cooperate. But this does not -work well for large networks where machines cross organizational boundaries. -.pp -With the name server, the network can be broken into a hierarchy of domains. -The name space is organized as a tree according to organizational or -administrative boundaries. -Each node, called a \fIdomain\fP, is given a label, and the name of the -domain is the concatenation of all the labels of the domains from -the root to the current domain, listed from right to left separated by dots. -A label need only be unique within its domain. -The whole space is partitioned into several areas called \fIzones\fP, -each starting at a domain and extending down to the leaf domains or to -domains where other zones start. -Zones usually represent administrative boundaries. -An example of a host address for a host at the University of California, -Berkeley would look as follows: -.(b -\fImonet\fP\|\fB.\fP\|\fIBerkeley\fP\|\fB.\fP\|\fIEDU\fP -.)b -The top level domain for educational organizations is EDU; -Berkeley is a subdomain of EDU and monet is the name of the host. diff --git a/contrib/bind/doc/bog/resolv.conf b/contrib/bind/doc/bog/resolv.conf deleted file mode 100644 index 1f15991f8e6ac..0000000000000 --- a/contrib/bind/doc/bog/resolv.conf +++ /dev/null @@ -1,67 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)resolv.conf 6.2 (Berkeley) 2/29/88 -.\" -.ne 6v -.\" .bp -.sh 3 "Remote Server / DNS Client" -.sh 4 "/etc/resolv.conf" -.(b L - -domain Berkeley\fB.\fPEdu -nameserver 128\fB.\fP32\fB.\fP0\fB.\fP4 -nameserver 128\fB.\fP32\fB.\fP0\fB.\fP10 -sortlist 130.155.160.0/255.255.240.0 130.155.0.0 - -.)b diff --git a/contrib/bind/doc/bog/root.cache b/contrib/bind/doc/bog/root.cache deleted file mode 100644 index 3bf572724f826..0000000000000 --- a/contrib/bind/doc/bog/root.cache +++ /dev/null @@ -1,102 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)root.cache 6.4 (Berkeley) 4/29/90 -.\" -.ne 38v -.sh 3 "root.cache" -.(b L - -; -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC registration services -; under anonymous FTP as -; file /domain/named.root -; on server FTP.RS.INTERNIC.NET -; -OR- under Gopher at RS.INTERNIC.NET -; under menu InterNIC Registration Services (NSI) -; submenu InterNIC Registration Archives -; file named.root -; -; last update: Oct 5, 1994 -; related version of root zone: 1994100500 -; -.TS -l l l l l. -\fB.\fP 604800 IN NS NS\fB.\fPINTERNIC\fB.\fPNET\fB.\fP -NS\fB.\fPINTERNIC\fB.\fPNET\fB.\fP 604800 IN A 198\fB.\fP41\fB.\fP0\fB.\fP4 -\fB.\fP 604800 IN NS NS1\fB.\fPISI\fB.\fPEDU\fB.\fP -NS1\fB.\fPISI\fB.\fPEDU\fB.\fP 604800 IN A 128\fB.\fP9\fB.\fP0\fB.\fP107 -\fB.\fP 604800 IN NS C\fB.\fPPSI\fB.\fPNET\fB.\fP -C\fB.\fPPSI\fB.\fPNET\fB.\fP 604800 IN A 192\fB.\fP33\fB.\fP4\fB.\fP12 -\fB.\fP 604800 IN NS TERP\fB.\fPUMD\fB.\fPEDU\fB.\fP -TERP\fB.\fPUMD\fB.\fPEDU\fB.\fP 604800 IN A 128\fB.\fP8\fB.\fP10\fB.\fP90 -\fB.\fP 604800 IN NS NS\fB.\fPNASA\fB.\fPGOV\fB.\fP -NS\fB.\fPNASA\fB.\fPGOV\fB.\fP 604800 IN A 128\fB.\fP102\fB.\fP16\fB.\fP10 - 604800 IN A 192\fB.\fP52\fB.\fP195\fB.\fP10 -\fB.\fP 604800 IN NS NS\fB.\fPISC\fB.\fPORG\fB.\fP -NS\fB.\fPISC\fB.\fPORG\fB.\fP 604800 IN A 192\fB.\fP5\fB.\fP5\fB.\fP241 -\fB.\fP 604800 IN NS NS\fB.\fPNIC\fB.\fPDDN\fB.\fPMIL\fB.\fP -NS\fB.\fPNIC\fB.\fPDDN\fB.\fPMIL\fB.\fP 604800 IN A 192\fB.\fP112\fB.\fP36\fB.\fP4 -\fB.\fP 604800 IN NS AOS\fB.\fPARL\fB.\fPARMY\fB.\fPMIL\fB.\fP -AOS\fB.\fPARL\fB.\fPARMY\fB.\fPMIL\fB.\fP 604800 IN A 128\fB.\fP63\fB.\fP4\fB.\fP82 - 604800 IN A 192\fB.\fP5\fB.\fP25\fB.\fP82 -\fB.\fP 604800 IN NS NIC\fB.\fPNORDU\fB.\fPNET\fB.\fP -NIC\fB.\fPNORDU\fB.\fPNET\fB.\fP 604800 IN A 192\fB.\fP36\fB.\fP148\fB.\fP17 -.TE -; End of File -.)b diff --git a/contrib/bind/doc/bog/setup.me b/contrib/bind/doc/bog/setup.me deleted file mode 100644 index fff765748f9a8..0000000000000 --- a/contrib/bind/doc/bog/setup.me +++ /dev/null @@ -1,88 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)setup.me 6.4 (Berkeley) 9/19/89 -.\" -.sh 1 "Setting up Your Own Domain" -.pp -When setting up a domain that is going to be on a public network the site -administrator should contact the organization in charge of the network and -request the appropriate domain registration form. An organization that -belongs to multiple networks (such as the \fIInternet\fP and -\fIBITNET\fP) should register with only one network. -.sh 2 "Internet" -.pp -Sites on the Internet who need information on setting up a domain should -contact the registrar for their network, which is one of the following: -.TS -l l. -MILnet \s-1HOSTMASTER\s+1@\s-1NIC\s+1\fB\|.\|\fP\s-1DDN\s+1\fB\|.\|\fP\s-1MIL\s+1 -other \s-1HOSTMASTER\s+1@\s-1INTERNIC\s+1\fB\|.\|\fP\s-1NET\s+1 -.TE -You may also want to be placed on the \s-1BIND\s+1 mailing list, which is a -mail group for people on the Internet who run \s-1BIND\s+1. The group -discusses future design decisions, operational problems, and other related -topic. The address to request being placed on this mailing list is: -.(b l -\fIbind-request\|@\|uunet\fP\fB\|.\|\fP\fIuu\fP\fB\|.\|\fP\fInet\fP -.)b -.sh 2 "Subdomains of Existing Domains" -.pp -If you want a subdomain of some existing domain, you should find the contact -point for the parent domain rather than asking one of the above top-level -registrars. There should be a convention that \fBregistrar\fP@\fIdomain\fP -or \fBhostmaster\fP@\fIdomain\fP for any given domain will always be an alias -for that domain's registrar (somewhat analogous to \fBpostmaster\fP), but -there is no such convention. Try it as a last resort, but first you should -examine the \fISOA\fP record for the domain and send mail to the ``responsible -person'' shown therein. You can also try \fIwhois\fP. diff --git a/contrib/bind/doc/bog/types.me b/contrib/bind/doc/bog/types.me deleted file mode 100644 index 9d14111214d3d..0000000000000 --- a/contrib/bind/doc/bog/types.me +++ /dev/null @@ -1,163 +0,0 @@ -.\" ++Copyright++ 1986, 1988, 1995 -.\" - -.\" Copyright (c) 1986, 1988, 1995 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)types.me 6.3 (Berkeley) 9/19/89 -.\" -.sh 1 "Types of Zones" -.pp -A ``zone'' is a point of delegation in the DNS tree. It contains all names -from a certain point ``downward'' except those which are delegated to other -zones. A ``delegation point'' has one or more \fINS\fP records in the -``parent zone'', which should be matched by equivalent \fINS\fP records at -the root of the ``delegated zone'' (i.e., the ``@'' name in the zone file). -.pp -Understanding the difference between a ``zone'' and a ``domain'' is crucial -to the proper operation of a name server. As an example, consider the -\s-1DEC.COM\s+1 \fIdomain\fP, which includes names such as -\s-1POBOX1.PA.DEC.COM\s+1 and \s-1QUABBIN.CRL.DEC.COM\s+1 even though -the \s-1DEC.COM\s+1 \fIzone\fP includes only \fIdelegations\fP for the -\s-1PA.DEC.COM\s+1 and \s-1CRL.DEC.COM\s+1 zones. A zone can map exactly -to a single domain, but could also include only part of a domain (the rest -of which could be delegated to other name servers). Technically speaking, -every name in the DNS tree is a ``domain'', even if it is ``terminal'', that -is, has no ``subdomains''. Technically speaking, every subdomain is a domain -and every domain except the root is also a subdomain. The terminology is not -intuitive and you would do well to read RFC's 1033, 1034, and 1035 to gain a -complete understanding of this difficult and subtle topic. -.pp -Though \s-1BIND\s+1 is a \fIDomain\fP Name Server, it deals primarily in terms -of \fIzones\fP. The \fIprimary\fP and \fIsecondary\fP declarations in the -\fInamed.boot\fP file specify \fIzones\fP, not \fIdomains\fP. When you ask -someone if they are willing to be a secondary server for your ``domain'', you -are actually asking for secondary service for some collection of \fIzones\fP. -.pp -Each zone will have one ``primary'' server, which loads the zone contents -from some local file which is edited by humans or perhaps generated -mechanically from some other local file which is edited by humans. Then -there will be some number of ``secondary'' servers, which load the zone -contents using the \s-1IP/DNS\s+1 protocol (that is, the secondary servers will -contact the primary and fetch the zone using \s-1IP/TCP\s+1). This set of -servers (the primary and all of the secondaries) should be listed in the -\fINS\fP records in the parent zone, which will constitute a ``delegation''. -This set of servers must also be listed in the zone file itself, usually -under the ``@'' name which is a magic cookie that means the ``top level'' -or ``root'' of current zone. You can list servers in the zone's -top-level ``@'' \fINS\fP records that are not in the parent's \fINS\fP -delegation, but you cannot list servers in the parent's delegation that are -not present in the zone's ``@''. Any servers listed in the \fINS\fP records -must be configured as authoritative (either primary or secondary) for the -zone. If a server listed in a \fINS\fP record is not authoritative, it -will respond with a ``lame delegation'' when queried. -.sh 1 "Types of Servers" -.pp -Servers do not really have ``types''. A server can be a primary for some -zones and a secondary for others, or it can be only a primary, or only a -secondary, or it can serve no zones and just answer queries via its ``cache''. -Previous versions of this document referred to servers as ``master'' and -``slave'' but we now feel that those distinctions \(em and the assignment of -a ``type'' to a name server \(em are not useful. -.sh 2 "Caching Only Server" -.pp -All servers are caching servers. This means that the server caches the -information that it receives for use until the data expires. A \fICaching -Only Server\fP is a server that is not authoritative for any zone. This -server services queries and asks other servers, who have the authority, for -the information needed. All servers keep data in their cache until the data -expires, based on a \fITTL\fP (``Time To Live'') field which is maintained -for all resource records. -.sh 2 "Remote Server" -.pp -A Remote Server is an option given to people who would like to use -a name server from their workstation or on a machine that has a limited -amount of memory and CPU cycles. -With this option you can run all of the networking programs that use -the name server without the name server running on the local machine. -All of the queries are serviced by a name server that is running on another -machine on the network. -A host which has an -\fI/etc/resolv.conf\fP file listing only remote hosts, and which does not -run a name server of its own, is sometimes called a Remote Server (because -the actual server is remote?) but more -often it is called simply a DNS Client. -This kind of host is technically not a ``server'', -since it has no cache and does not answer queries. -.sh 2 "Slave Server" -.pp -A Slave Server is a server that always forwards queries it cannot -satisfy from its cache, to a fixed list of \fIforwarding\fP servers -instead of interacting -with the name servers for the root and other domains. -The queries to the \fIforwarding servers\fP are recursive queries. -There may be one or more forwarding servers, and they are tried in turn -until the list is exhausted. -A Slave and forwarder configuration is typically used when you do not -wish all the servers at a given site to interact with the rest -of the Internet servers. A typical scenario would involve a number of -workstations and a departmental timesharing machine with Internet -access. The workstations might be -administratively prohibited from having Internet access. -To give the workstations the appearance of access to the Internet -domain system, the workstations could be Slave servers to the timesharing -machine which would forward the queries and interact with other -name servers to resolve the query before returning the answer. -An added benefit of using the forwarding feature is that the central -machine develops a much more complete cache of information that -all the workstations can take advantage of. The use of Slave mode -and forwarding is discussed further under the description of -the \fInamed\fP bootfile commands. -.pp -There is no prohibition against declaring a server to be a \fIslave\fP -even though it has \fIprimary\fP and/or \fIsecondary\fP zones as well; -the effect will still be that anything in the local server's cache or -zones will be answered, and anything else will be forwarded using the -\fIforwarders\fP list. diff --git a/contrib/bind/doc/bog/ucbhosts b/contrib/bind/doc/bog/ucbhosts deleted file mode 100644 index 2cb26355eb852..0000000000000 --- a/contrib/bind/doc/bog/ucbhosts +++ /dev/null @@ -1,118 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)ucbhosts 6.3 (Berkeley) 2/8/89 -.\" -.\" .ne 48v -.\" .bp -.sh 3 "Hosts" -.(b L -; -; @(#)ucb-hosts 1.2 (berkeley) 88/02/05 -; -.TS -l l l l l s. -@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPmonet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ( -.T& -l l l l l. - 1988020501 ; Serial - 10800 ; Refresh - 1800 ; Retry - 3600000 ; Expire - 259200 ) ; Minimum -.T& -l l l l s. - IN NS ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP - IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -localhost IN A 127\fB.\fP1 - ; note that 127.1 is the same as 127.0.0.1; see inet(3n) -ucbarpa IN A 128\fB.\fP32\fB.\fP4 - IN A 10\fB.\fP0\fB.\fP0\fB.\fP78 - IN HINFO VAX-11/780 UNIX -arpa IN CNAME ucbarpa -ernie IN A 128\fB.\fP32\fB.\fP6 - IN HINFO VAX-11/780 UNIX -ucbernie IN CNAME ernie -monet IN A 128\fB.\fP32\fB.\fP7 - IN A 128\fB.\fP32\fB.\fP130\fB.\fP6 - IN HINFO VAX-11/750 UNIX -ucbmonet IN CNAME monet -ucbvax IN A 10\fB.\fP2\fB.\fP0\fB.\fP78 - ; 128.32.10 means 128.32.0.10; see inet(3n) - IN A 128\fB.\fP32\fB.\fP10 - ; HINFO and WKS are widely unused, - ; but we'll show them as examples. - IN HINFO VAX-11/750 UNIX - IN WKS 128.32.0.10 TCP ( echo telnet - discard sunrpc sftp - uucp-path systat daytime - netstat qotd nntp - link chargen ftp - auth time whhois mtp - pop rje finger smtp - supdup hostnames - domain - nameserver ) -vax IN CNAME ucbvax -toybox IN A 128\fB.\fP32\fB.\fP131\fB.\fP119 - IN HINFO Pro350 RT11 -toybox IN MX 0 monet.Berkeley.Edu. -csrg IN MX 0 Ralph.CS - IN MX 0 Zhou.CS - IN MX 0 Painter.CS - IN MX 0 Riggle.CS - IN MX 0 Terry.CS - IN MX 0 Kevin.CS -.TE -.)b -.\" .bp diff --git a/contrib/bind/doc/bog/ucbhosts.rev b/contrib/bind/doc/bog/ucbhosts.rev deleted file mode 100644 index 16207afefede6..0000000000000 --- a/contrib/bind/doc/bog/ucbhosts.rev +++ /dev/null @@ -1,86 +0,0 @@ -.\" ++Copyright++ 1986, 1988 -.\" - -.\" Copyright (c) 1986, 1988 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)ucbhosts.rev 6.3 (Berkeley) 9/19/89 -.\" -.ne 22v -.sh 3 "host.rev" -.(b L - -; -; @(#)ucb-hosts.rev 1.1 (Berkeley) 86/02/05 -; -.TS -l l l l l s. -@ IN SOA ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP kjd\fB.\fPmonet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP ( -.T& -l l l l l. - 1986020501 ; Serial - 10800 ; Refresh - 1800 ; Retry - 3600000 ; Expire - 259200 ) ; Minimum -.T& -l l l l s. - IN NS ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP - IN NS ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -0\fB.\fP0 IN PTR Berkeley-net\fB.\fPBerkeley\fB.\fPEDU\fB.\fP - IN A 255\fB.\fP255\fB.\fP255\fB.\fP0 -0\fB.\fP130 IN PTR csdiv-net\fB.\fPBerkeley\fB.\fPEDU\fB.\fP -4\fB.\fP0 IN PTR ucbarpa\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -6\fB.\fP0 IN PTR ernie\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -7\fB.\fP0 IN PTR monet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -10\fB.\fP0 IN PTR ucbvax\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -6\fB.\fP130 IN PTR monet\fB.\fPBerkeley\fB.\fPEdu\fB.\fP -.TE -.)b diff --git a/contrib/bind/doc/html/acl.html b/contrib/bind/doc/html/acl.html deleted file mode 100644 index 57cf8690cb152..0000000000000 --- a/contrib/bind/doc/html/acl.html +++ /dev/null @@ -1,63 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND acl Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>acl</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -acl <VAR>name</VAR> { - <VAR><A HREF="address_list.html">address_match_list</A></VAR> -}; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The <CODE>acl</CODE> statement creates a named address match list. -It gets its name from a primary use of address match lists: Access -Control Lists (ACLs).</P> - -<P>Note that an address match list's name must be defined with -<CODE>acl</CODE> before it can be used elsewhere; no forward -references are allowed.</P> - -The following ACLs are built-in: - -<DL> -<DT><CODE>any</CODE> -<DD> -Allows all hosts. - -<DT><CODE>none</CODE> -<DD> -Denies all hosts. - -<DT><CODE>localhost</CODE> -<DD> -Allows the IP addresses of all interfaces on the system. - -<DT><CODE>localnets</CODE> -<DD> -Allows any host on a network for which the system has an interface. -</DL> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: acl.html,v 1.5 1999/09/15 20:28:00 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/address_list.html b/contrib/bind/doc/html/address_list.html deleted file mode 100644 index ec391383dfd66..0000000000000 --- a/contrib/bind/doc/html/address_list.html +++ /dev/null @@ -1,100 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Address Match Lists</TITLE> -</HEAD> -<BODY> - -<H2>BIND Configuration File Guide--Address Match Lists</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -<VAR>address_match_list</VAR> = 1*<VAR>address_match_element</VAR> - -<VAR>address_match_element</VAR> = [ "!" ] (<VAR><A HREF="docdef.html">address_match_list</A></VAR> / <VAR><A HREF="docdef.html">ip_address</A></VAR> / <VAR><A HREF="docdef.html">ip_prefix</A></VAR> / <VAR><A HREF="acl.html">acl_name</A></VAR> / <VAR><A HREF="docdef.html">"key" key_id</A></VAR>) ";" -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>Address match lists are primarily used to determine access control for -various server operations. They are also used to define priorities -for querying other nameservers and to set the addresses on which -<CODE>named</CODE> will listen for queries. -The elements which constitute an address match list can be any -of the following:</P> - -<UL> -<LI>an IP address (in dotted-decimal notation),</LI> - -<LI>an IP prefix (in the '/'-notation),</LI> - -<LI>a key ID, as defined by the -<A HREF="key.html"><CODE>key</CODE></A> statement, or - -<LI>the name of an address match list previously defined with -the <A HREF="acl.html"><CODE>acl</CODE></A> statment, or</LI> - -<LI>another <VAR>address_match_list</VAR></LI> -</UL> - -<P>Elements can be negated with a leading exclamation mark ("!"), and -the match list names "any", "none", "localhost" and "localnets" are -predefined. More information on those names can be found in the -description of the <A HREF="acl.html"><CODE>acl</CODE></A> statement. - -<P>The addition of the <CODE>key</CODE> -clause made the name of this syntactic element something of a -misnomer, since security keys can be used to validate access without -regard to a host or network address. Nonetheless, the term "address -match list" is still used throughout the documentation.</P> - -<P>When a given IP address or prefix is compared to an address match -list, the list is traversed in order until an element matches. The -interpretation of a match depends on whether the list is being used -for access control, defining <CODE>listen-on</CODE> ports, or as a -topology, and whether the element was negated.</P> - -<P>When used as an access control list, a non-negated match allows -access and a negated match denies access. If there is no match, -access is denied. The clauses <CODE>allow-query</CODE>, -<CODE>allow-transfer</CODE>, <CODE>allow-update</CODE> and -<CODE>blackhole</CODE> all use address match lists like this. -Similarly, the <CODE>listen-on</CODE> -option will cause the server to not accept queries on any of the -machine's addresses which do not match the list. - -<P>When used with the <CODE>topology</CODE> clause, a non-negated -match returns a distance based on its position on the list (the closer -the match is to the start of the list, the shorter the distance is -between it and the server). A negated match will be assigned the -maximum distance from the server. If there is no match, the address -will get a distance which is further than any non-negated list -element, and closer than any negated element.</P> - -<P>Because of the first-match aspect of the algorithm, an element that -defines a subset of another element in the list should come before the -broader element, regardless of whether either is negated. For -example, in <CODE>1.2.3/24; ! 1.2.3.13;</CODE> the 1.2.3.13 -element is completely useless, because the algorithm will match -any lookup for 1.2.3.13 to the 1.2.3/24 element. Using -<CODE>! 1.2.3.13; 1.2.3/24</CODE> fixes that problem by -having 1.2.3.13 blocked by the negation but all other 1.2.3.* hosts -fall through. - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: address_list.html,v 1.8 1999/09/15 20:28:00 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/comments.html b/contrib/bind/doc/html/comments.html deleted file mode 100644 index a064c1ceb6011..0000000000000 --- a/contrib/bind/doc/html/comments.html +++ /dev/null @@ -1,84 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Comment Syntax</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--Comment Syntax</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -/* This is a BIND comment as in C */ - -// This is a BIND comment as in C++ - -# This is a BIND comment as in common Unix shells and perl -</PRE> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>Comments may appear anywhere that whitespace may appear in a BIND -configuration file.</P> - -<P>C-style comments start with the two characters <CODE>/*</CODE> -(slash, star) and end with <CODE>*/</CODE> (star, slash). Because -they are completely delimited with these characters, they can be used -to comment only a portion of a line or to span multiple lines.</P> - -<P>C-style comments cannot be nested. For example, the following is -not valid because the entire comment ends with the first -<CODE>*/</CODE>: - -<PRE> -/* This is the start of a comment. - This is still part of the comment. -/* This is an incorrect attempt at nesting a comment. */ - This is no longer in any comment. */ -</PRE> - - -<P>C++-style comments start with the two characters <CODE>//</CODE> -(slash, slash) and continue to the end of the physical line. They -cannot be continued across multiple physical lines; to have one -logical comment span multiple lines, each line must use the -<CODE>//</CODE> pair. For example: - -<PRE> -// This is the start of a comment. The next line -// is a new comment, even though it is logically -// part of the previous comment. -</PRE> - -<P>Shell-style (or perl-style, if you prefer) comments start with the -character <CODE>#</CODE> (hash or pound or number or octothorpe or -whatever) and continue to the end of the physical line, like C++ -comments.</P> For example: - -<PRE> -# This is the start of a comment. The next line -# is a new comment, even though it is logically -# part of the previous comment. -</PRE> - -<P><STRONG>WARNING:</STRONG> you cannot use the <CODE>;</CODE> -(semicolon) character to start a comment such as you would in a zone -file. The semicolon indicates the end of a configuration statement, -so whatever follows it will be interpreted as the start of the next -statement.</P> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: comments.html,v 1.5 1999/09/15 20:28:00 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/config.html b/contrib/bind/doc/html/config.html deleted file mode 100644 index 97f3a1b037791..0000000000000 --- a/contrib/bind/doc/html/config.html +++ /dev/null @@ -1,97 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Configuration File Guide</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide</H2> - -<HR> - -<H3>Overview</H3> - -<P>BIND 8 is much more configurable than previous release of BIND. -There are entirely new areas of configuration, such as access control lists -and categorized logging. Many options that previously applied to all zones -can now be used selectively. These features, plus a consideration of future -configuration needs led to the creation of a new configuration file format. - -<H3>The Configuration File</H3> - -<H4><A HREF="example.html">Example Configuration</A></H4> - -<H4>Statements</H4> - -<P>A BIND 8 configuration consists of statements and comments. -Statements end with a semicolon. Many statements contain a block of -substatements, which are also terminated with a semicolon.</P> - -<P>The following statements are supported: -<DL> -<DT><CODE><A HREF="acl.html">acl</A></CODE> -<DD> -defines a named IP address matching list, for access control and other uses - -<DT><CODE><A HREF="include.html">include</A></CODE> -<DD> -includes a file - -<DT><CODE><A HREF="key.html">key</A></CODE> -<DD> -specifies key information for use in authentication and authorization - -<DT><CODE><A HREF="logging.html">logging</A></CODE> -<DD> -specifies what the server logs, and where the log messages are sent - -<DT><CODE><A HREF="options.html">options</A></CODE> -<DD> -controls global server configuration options and sets defaults for other -statements - -<DT><CODE><A HREF="controls.html">controls</A></CODE> -<DD> -declares control channels to be used by the <VAR>ndc</VAR> utility - -<DT><CODE><A HREF="server.html">server</A></CODE> -<DD> -sets certain configuration options on a per-server basis - -<DT><CODE><A HREF="trusted-keys.html">trusted-keys</A></CODE> -<DD> -defines DNSSEC keys that are preconfigured into the server and implicitly -trusted - -<DT><CODE><A HREF="zone.html">zone</A></CODE> -<DD> -defines a zone -</DL> - -<P>The <CODE>logging</CODE> and <CODE>options</CODE> statements may only -occur once per configuration. - -<H4>Comments</H4> - -The BIND 8 <A HREF="comments.html">comment syntax</A> allows for -comments to appear anywhere that whitespace may appear in a BIND -configuration file. To appeal to programmers of all kinds, they can -be written in C, C++, or shell/perl constructs. - -<H3>Converting from BIND 4.9.x</H3> - -<p>BIND 4.9.x configuration files can be converted to the new format by -using <code>src/bin/named/named-bootconf</code>, a shell script that is part of -the BIND 8.2.x source kits. - -<HR> - -<CENTER><P>[ <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: config.html,v 1.10 1999/09/15 20:28:01 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/controls.html b/contrib/bind/doc/html/controls.html deleted file mode 100644 index 92619264a7b18..0000000000000 --- a/contrib/bind/doc/html/controls.html +++ /dev/null @@ -1,70 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND controls Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>controls</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -controls { - [ inet <VAR><A HREF="docdef.html">ip_addr</A></VAR> - port <VAR><A HREF="docdef.html">ip_port</A></VAR> - allow { <VAR><A HREF="address_list.html">address_match_list</A></VAR>; }; ] - [ unix <VAR><A HREF="docdef.html">path_name</A></VAR> - perm <VAR><A HREF="docdef.html">number</A></VAR> - owner <VAR><A HREF="docdef.html">number</A></VAR> - group <VAR><A HREF="docdef.html">number</A></VAR>; ] -}; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The <CODE>controls</CODE> statement declares control channels -to be used by system -administrators to affect the operation of the local name server. These -control channels are used by the <CODE>ndc</CODE> utility to send commands -to and retrieve non-DNS results from a name server.</P> - -<P>A <CODE>unix</CODE> control channel is a FIFO in the file system, -and access to it is -controlled by normal file system permissions. -It is created by <CODE>named</CODE> with the specified file mode bits (see -the <CODE>chmod</CODE>(1) manual page), user and group owner. -Note that, unlike <CODE>chmod</CODE>, the mode bits specified for -<CODE>perm</CODE> will normally have a leading 0 so the number -is interpreted as octal. Also note that the user and group -ownership specified as <CODE>owner</CODE> and <CODE>group</CODE> -must be given as numbers, not names. -It is recommended that the -permissions be restricted to administrative personnel only, or else any -user on the system might be able to manage the local name server.</P> - -<P>An <CODE>inet</CODE> control channel is a TCP/IP socket accessible -to the Internet, created at the specified <VAR>ip_port</VAR> on the -specified <VAR>ip_addr</VAR>. -Modern <VAR>telnet</VAR> clients are capable of speaking directly to these -sockets, and the control protocol is ARPAnet-style text. It is recommended -that 127.0.0.1 be the only <VAR>ip_addr</VAR> used, and this only if you -trust all non-privileged users on the local host to manage your name -server.</P> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: controls.html,v 1.4 1999/09/15 20:28:01 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/docdef.html b/contrib/bind/doc/html/docdef.html deleted file mode 100644 index 0885c1f102cf1..0000000000000 --- a/contrib/bind/doc/html/docdef.html +++ /dev/null @@ -1,118 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Documentation Definitions</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--Documentation Definitions</H2> - -<HR> - -<H3>Syntactic Miscellany</H3> - -<P>Described below are elements used throughout the BIND configuration -file documentation. Elements which are only associated with one -statement are described only in the section describing that statement. - -<DL> -<DT><VAR>acl_name</VAR> -<DD> -The name of an <A HREF="address_list.html">address match list</A>, -as defined by the <A HREF="acl.html">acl</A> statement. - -<DT><VAR>address_match_list</VAR> -<DD> -A list of one or more <VAR>ip_address</VAR>, <VAR>ip_prefix</VAR> -<VAR>key_id</VAR> or <VAR>acl_name</VAR> elements, as described in the -<A HREF="address_list.html">Address Match Lists</A> section. - -<DT><VAR>dotted-decimal</VAR> -<DD> -One or more integers valued 0 through 255 separated only by dots -("."), such as <CODE>123</CODE> or <CODE>45.67</CODE> or -<CODE>89.123.45.67</CODE>. - -<DT><VAR>domain_name</VAR> -<DD> -A quoted string which will be used as a DNS name, for example -<CODE>"my.test.domain"</CODE>. - -<DT><VAR>path_name</VAR> -<DD> -A quoted string which will be used as a pathname, such as -<CODE>"zones/master/my.test.domain"</CODE>. - -<DT><VAR>ip_addr</VAR> -<DD> -An IP address in with exactly four elements in -<VAR>dotted-decimal</VAR> notation. - -<DT><VAR>ip_port</VAR> -<DD> -An IP port <VAR>number</VAR>. <VAR>number</VAR> is limited to 0 -through 65535, with values below 1024 typically restricted to -root-owned processes. In some cases an asterisk (``*'') character -can be used as a placeholder to select a random high-numbered port. - -<DT><VAR>ip_prefix</VAR> -<DD> -An IP network specified in <VAR>dotted-decimal</VAR> form, followed by "/" -and then the number of bits in the netmask. E.g. <CODE>127/8</CODE> is -the network <CODE>127.0.0.0</CODE> with netmask <CODE>255.0.0.0</CODE>. -<CODE>1.2.3.0/24</CODE> is network <CODE>1.2.3.0</CODE> with netmask -<CODE>255.255.255.0</CODE>. - -<DT><VAR>key_id</VAR> -<DD> -A string representing the name of a shared key, to be used for transaction -security. - -<DT><VAR>number</VAR> -<DD> -A non-negative integer with an entire range limited by the range of a -C language signed integer (2,147,483,647 on a machine with 32 bit -integers). Its acceptable value might further be limited by the -context in which it is used. - -<DT><VAR>size_spec</VAR> -<DD> -A <VAR>number</VAR>, the word <CODE>unlimited</CODE>, or the word -<CODE>default</CODE>. - -<P>The maximum value of <VAR>size_spec</VAR> is that of unsigned long -integers on the machine. <CODE>unlimited</CODE> requests unlimited use, or -the maximum available amount. <CODE>default</CODE> uses the limit that -was in force when the server was started.</P> - -<P>A <VAR>number</VAR> can optionally be followed by a scaling factor: -<CODE>K</CODE> or <CODE>k</CODE> for kilobytes, <CODE>M</CODE> or -<CODE>m</CODE> for megabytes, and <CODE>G</CODE> or <CODE>g</CODE> for -gigabytes, which scale by 1024, 1024*1024, and 1024*1024*1024 -respectively. - -<P>Integer storage overflow is currently silently ignored during -conversion of scaled values, resulting in values less than intended, -possibly even negative. Using <CODE>unlimited</CODE> is the best way -to safely set a really large number.</P> - -<DT><VAR>yes_or_no</VAR> -<DD> -Either <CODE>yes</CODE> or <CODE>no</CODE>. The words -<CODE>true</CODE> and <CODE>false</CODE> are also accepted, as are the -numbers <CODE>1</CODE> and <CODE>0</CODE>. - -</DL> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: docdef.html,v 1.8 1999/09/15 20:28:01 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/example.html b/contrib/bind/doc/html/example.html deleted file mode 100644 index a147828a25f0e..0000000000000 --- a/contrib/bind/doc/html/example.html +++ /dev/null @@ -1,65 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Configuration File Guide -- Example Config File</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide -- Example Config File</H2> - -<HR> - -<PRE> - -/* - * A simple BIND 8 configuration - */ - -logging { - category lame-servers { null; }; - category cname { null; }; -}; - -options { - directory "/var/named"; -}; - -controls { - inet * port 52 allow { localnets; }; // a BAD idea - unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default -}; - -zone "isc.org" in { - type master; - file "master/isc.org"; -}; - -zone "vix.com" in { - type slave; - file "slave/vix.com"; - masters { 10.0.0.53; }; -}; - -zone "." in { - type hint; - file "named.cache"; -}; - -zone "0.0.127.in-addr.arpa" in { - type master; - notify no; - file "master/127.0.0"; -}; -</PRE> - -<HR> - -<CENTER><P>[ <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: example.html,v 1.5 1999/09/15 20:28:01 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/include.html b/contrib/bind/doc/html/include.html deleted file mode 100644 index 421d97b58ea7e..0000000000000 --- a/contrib/bind/doc/html/include.html +++ /dev/null @@ -1,57 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND include Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>include</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -include <VAR><A HREF="docdef.html">path_name</A></VAR>; -</PRE> - -<HR> - -<A Name="#Usage"><H3>Definition and Usage</H3></A> - -<P>The <CODE>include</CODE> statement inserts the specified file at -the point that the <CODE>include</CODE> statement is encountered. It -cannot be used within another statement, though, so a line such as -<PRE> -acl internal_hosts { include "internal_hosts.acl"; }; -</PRE> -is not allowed.</P> - -<P>Use <CODE>include</CODE> to break the configuration up into -easily-managed chunks. For example: - -<PRE> -include "/etc/security/keys.bind"; -include "/etc/acls.bind"; -</PRE> - -<P>could be used at the top of a BIND configuration file in order to -include any ACL or key information.</P> - -<P>Be careful not to type -"<CODE>#include</CODE>", like you would in a C -program, because "<CODE>#</CODE>" is used to start a -comment.</P> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: include.html,v 1.7 1999/09/15 20:28:01 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/index.html b/contrib/bind/doc/html/index.html deleted file mode 100644 index f19464b23ff9d..0000000000000 --- a/contrib/bind/doc/html/index.html +++ /dev/null @@ -1,65 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND Version 8 Online Documentation</TITLE> -</HEAD> - -<BODY> -<H2>BIND Version 8 Online Documentation</H2> - -<H3>BIND 8 Highlights</H3> - -<UL> -<LI>DNS Dynamic Updates -(<A HREF=http://ds.internic.net/rfc/rfc2136.txt>RFC 2136</A>)</LI> -<LI>DNS Change Notification -(<A HREF=http://ds.internic.net/rfc/rfc1996.txt>RFC 1996</A>)</LI> -<LI>Completely new configuration syntax</LI> -<LI>Flexible, categorized logging system</LI> -<LI>IP-address-based access control for queries, zone transfers, and -updates that may be specified on a zone-by-zone basis</LI> -<LI>More efficient zone transfers</LI> -<LI>Improved performance for servers with thousands of zones</LI> -<LI>The server no longer forks for outbound zone transfers</LI> -<LI>Many bug fixes</LI> -</UL> - -<H3><A HREF="config.html">Configuration File Guide</A></H3> - -<H3><A HREF="master.html">Master File Format</A></H3> - -<H3>Kits</H3> -<UL> -<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/cur"> -The latest production release</A></LI> -<LI><A HREF="ftp://ftp.isc.org/isc/bind/src/testing"> -The latest public test release</A></LI> -</UL> - -<H3>Bug Reports and Comments</H3> -<P>Send bug reports to -<A HREF="mailto:bind-bugs@isc.org">bind-bugs@isc.org</A>. - -<H3>DNS Related Newsgroups</H3> -<UL> -<LI><A HREF="news:comp.protocols.dns.bind">Using BIND</A></LI> -<LI><A HREF="news:comp.protocols.dns.ops">DNS Operations</A></LI> -<LI><A HREF="news:comp.protocols.dns.std">DNS Standards</A></LI> -</UL> - -<H3><A HREF="http://www.isc.org/">The Internet Software Consortium</A></H3> - -BIND is supported by the Internet Software Consortium, and -although it is free for use and redistribution and incorporation into -vendor products and export and anything else you can think of, it -costs money to produce. That money comes from ISPs, hardware and -software vendors, companies who make extensive use of the software, -and generally kind hearted folk such as yourself. - -<HR> -<ADDRESS> -Last Updated: $Id: index.html,v 1.5 1998/11/24 01:44:43 marka Exp $ -</ADDRESS> - -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/key.html b/contrib/bind/doc/html/key.html deleted file mode 100644 index bf2e3d1592a3d..0000000000000 --- a/contrib/bind/doc/html/key.html +++ /dev/null @@ -1,57 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND key Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>key</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -key <VAR>key_id</VAR> { - algorithm <VAR>algorithm_id</VAR>; - secret <VAR>secret_string</VAR>; -}; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The <CODE>key</CODE> statement defines a key ID which can be used -in a <A HREF="server.html"><CODE>server</CODE></A> statement to -associate an authentication method with a particular name server. - -<P>A key ID must be created with the <CODE>key</CODE> -statement before it can be used in a <CODE>server</CODE> -definition or an address match list.</P> - -<P>The <VAR>algorithm_id</VAR> is a string that specifies a -security/authentication algorithm. The only supported -algorithm is "hmac-md5". - -<P><VAR>secret_string</VAR> is the secret to be used by the algorithm, -and is treated as a base-64 encoded string. This may be generated -using dnskeygen or another utility or created manually. - -<P>The <CODE>key</CODE> statement is intended for use in transaction -security. Unless included in a <A HREF="server.html"><CODE>server</CODE></A> -statement, it is not used to sign any requests. It is used to verify -requests matching the <VAR>key_id</VAR> and <VAR>algorithm_id</VAR>, -and sign replies to those requests. -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: key.html,v 1.10 1999/09/15 20:28:02 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/logging.html b/contrib/bind/doc/html/logging.html deleted file mode 100644 index 10e2168b5c0f2..0000000000000 --- a/contrib/bind/doc/html/logging.html +++ /dev/null @@ -1,369 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND logging Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide -- <CODE>logging</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -logging { - [ channel <VAR>channel_name</VAR> { - ( file <VAR><A HREF="docdef.html">path_name</A></VAR> - [ versions ( <VAR>number</VAR> | unlimited ) ] - [ size <VAR><A HREF="docdef.html">size_spec</A></VAR> ] - | syslog ( kern | user | mail | daemon | auth | syslog | lpr | - news | uucp | cron | authpriv | ftp | - local0 | local1 | local2 | local3 | - local4 | local5 | local6 | local7 ) - | null ); - - [ severity ( critical | error | warning | notice | - info | debug [ <VAR>level</VAR> ] | dynamic ); ] - [ print-category <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ print-severity <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ print-time <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - }; ] - - [ category <VAR>category_name</VAR> { - <VAR>channel_name</VAR>; [ <VAR>channel_name</VAR>; ... ] - }; ] - ... -}; -</PRE> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The <CODE>logging</CODE> statement configures a wide variety of -logging options for the nameserver. Its <CODE>channel</CODE> phrase -associates output methods, format options and severity levels with -a name that can then be used with the <CODE>category</CODE> phrase to -select how various classes of messages are logged.</P> - -<P>Only one <CODE>logging</CODE> statement is used to define as many -channels and categories as are wanted. If there are multiple logging -statements in a configuration, the first defined determines the logging, -and warnings are issued for the others. If there is no logging statement, -the logging configuration will be:</P> - -<PRE> - logging { - category default { default_syslog; default_debug; }; - category panic { default_syslog; default_stderr; }; - category packet { default_debug; }; - category eventlib { default_debug; }; - }; -</PRE> - -The logging configuration is established as soon as the -<CODE>logging</CODE> statement is parsed. If you want to redirect -messages about processing of the entire configuration file, the -<CODE>logging</CODE>statement must appear first. Even if you do not -redirect configuration file parsing messages, we recommend -always putting the <CODE>logging</CODE> statement first so that this -rule need not be consciously recalled if you ever do need want the -parser's messages relocated. - -<H4>The <CODE>channel</CODE> phrase</H4> - -<P>All log output goes to one or more "channels"; you can make as many -of them as you want.</P> - -<P>Every channel definition must include a clause that says whether -messages selected for the channel go to a file, to a particular syslog -facility, or are discarded. It can optionally also limit the message -severity level that will be accepted by the channel (default is -"info"), and whether to include a <CODE>named</CODE>-generated time -stamp, the category name and/or severity level (default is not to -include any).</P> - -<P>The word <CODE>null</CODE> as the destination option for the -channel will cause all messages sent to it to be discarded; other -options for the channel are meaningless.</P> - -<P>The <CODE>file</CODE> clause can include limitations both on how -large the file is allowed to become, and how many versions of the file -will be saved each time the file is opened. - -<P>The <CODE>size</CODE> option for files is simply a hard ceiling on -log growth. If the file ever exceeds the size, -<CODE>named</CODE> will just not write anything more to it until the -file is reopened; exceeding the size does not automatically trigger a -reopen. The default behavior is to not limit the size of the file.</P> - -<P>If you use the <CODE>version</CODE> logfile option, -<CODE>named</CODE> will retain that many backup versions of the file -by renaming them when opening. For example, if you choose to keep 3 -old versions of the file "lamers.log" then just before it is opened -lamers.log.1 is renamed to lames.log.2, lamers.log.0 is renamed to -lamers.log.1, and lamers.log is renamed to lamers.log.0. No rolled -versions are kept by default; any existing log file is simply -appended. The <CODE>unlimited</CODE> keyword is synonymous with -<CODE>99</CODE> in current BIND releases.</P> - -<P>Example usage of the size and versions options: - -<PRE> - channel an_example_level { - file "lamers.log" versions 3 size 20m; - print-time yes; - print-category yes; - }; -</PRE> - -<P>The argument for the <CODE>syslog</CODE> clause is a syslog -facility as described in the <CODE>syslog</CODE> manual page. How -<CODE>syslogd</CODE> will handle messages sent to this facility is -described in the <CODE>syslog.conf</CODE> manual page. If you have a -system which uses a very old version of <CODE>syslog</CODE> that only -uses two arguments to the <CODE>openlog()</CODE> function, this -clause is silently ignored.</P> - -<P>The <CODE>severity</CODE> clause works like <CODE>syslog</CODE>'s -"priorities", except that they can also be used if you are writing -straight to a file rather than using <CODE>syslog</CODE>. Messages -which are not at least of the severity level given will not be -selected for the channel; messages of higher severity levels will be -accepted.</P> - -<P>If you are using <CODE>syslog</CODE>, the -<CODE>syslog.conf</CODE> priorities will also determine what -eventually passes through. For example, defining a channel facility -and severity as <CODE>daemon</CODE> and <CODE>debug</CODE> but only -logging <CODE>daemon.warning</CODE> via <CODE>syslog.conf</CODE> will -cause messages of severity <CODE>info</CODE> and <CODE>notice</CODE> -to be dropped. If the situation were reversed, with -<CODE>named</CODE> writing messages of only <CODE>warning</CODE> or -higher, <CODE>syslogd</CODE> would print all messages it received -from the channel.</P> - -<P>The server can supply extensive debugging information when it is in -debugging mode. If the server's global debug level is greater than -zero, debugging mode will be active. The global debug level is -set either by starting the <CODE>named</CODE> server with the "-d" -flag followed by a positive integer, or by sending the running server the -SIGUSR1 signal (for example, by using "ndc trace"). The global debug -level can be set to zero, and debugging mode turned off, by sending -the server the SIGUSR2 signal ("ndc notrace"). All debugging messages -in the server have a debug level, and higher debug levels give more -more detailed output. -Channels that specify a specific debug severity, e.g. - -<PRE> - channel specific_debug_level { - file "foo"; - severity debug 3; - }; -</PRE> - -<P>will get debugging output of level 3 or less any time the -server is in debugging mode, regardless of the global debugging level. -Channels with <code>dynamic</code> severity use the server's global -level to determine what messages to print. - -<P>If <CODE>print-time</CODE> has been turned on, the date and -time will be logged. <CODE>print-time</CODE> may be specified for a -syslog channel, but is usually pointless since syslog also prints the -date and time. If <CODE>print-category</CODE> is requested, -then the category of the message will be logged as well. Finally, if -<CODE>print-severity</CODE> is on, the severity level of the -message will be logged. The <CODE>print-</CODE> options may be used -in any combination, and will always be printed in the following order: -time, category, severity. Here is an example where all three -<CODE>print-</CODE> options are on: - -<PRE> - 28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries. -</PRE> - -<P>There are four predefined channels that are used for -<CODE>named</CODE>'s default logging as follows. How they are used -used is described in the next section, The <CODE>category</CODE> phrase. - -<PRE> - channel default_syslog { - syslog daemon; # send to syslog's daemon facility - severity info; # only send priority info and higher - }; - - channel default_debug { - file "named.run"; # write to named.run in the working directory - # Note: stderr is used instead of "named.run" - # if the server is started with the "-f" option. - severity dynamic; # log at the server's current debug level - }; - - channel default_stderr { # writes to stderr - file "<stderr>"; # this is illustrative only; there's currently - # no way of specifying an internal file - # descriptor in the configuration language. - severity info; # only send priority info and higher - }; - - channel null { - null; # toss anything sent to this channel - }; -</PRE> - -<P>Once a channel is defined, it cannot be redefined. Thus you cannot -alter the built-in channels directly, but you can modify the default -logging by pointing categories at channels you have defined.</P> - -<H4>The <CODE>category</CODE> phrase</H4> - -<P>There are many categories, so you can send the logs you want to see -wherever you want, without seeing logs you don't want. If you don't specify -a list of channels for a category, log messages in that category will -be sent to the <CODE>default</CODE> category instead. If you don't specify -a default category, the following "default default" is used: - -<PRE> - category default { default_syslog; default_debug; }; -</PRE> - -<P>As an example, let's say you want to log security events to a file, -but you also want keep the default logging behavior. You'd specify the -following: - -<PRE> - channel my_security_channel { - file "my_security_file"; - severity info; - }; - category security { my_security_channel; default_syslog; default_debug; }; -</PRE> - -<P>To discard all messages in a category, specify the -<CODE>null</CODE> channel: - -<PRE> - category lame-servers { null; }; - category cname { null; }; -</PRE> - -<P>The following -categories are available:</P> - -<DL> -<DT><CODE>default</CODE> -<DD> -The catch-all. Many things still aren't classified into categories, -and they all end up here. Also, if you don't specify any channels for -a category, the default category is used instead. If you do not -define the default category, the following definition is used: -<CODE>category default { default_syslog; default_debug; };</CODE> - -<DT><CODE>config</CODE> -<DD> -High-level configuration file processing. - -<DT><CODE>parser</CODE> -<DD> -Low-level configuration file processing. - -<DT><CODE>queries</CODE> -<DD> -A short log message is generated for every query the server receives. - -<DT><CODE>lame-servers</CODE> -<DD> -Messages like "Lame server on ..." - -<DT><CODE>statistics</CODE> -<DD> -Statistics. - -<DT><CODE>panic</CODE> -<DD> -If the server has to shut itself down due to an internal problem, it -will log the problem in this category as well as in the problem's native -category. If you do not define the panic category, the following definition -is used: <CODE>category panic { default_syslog; default_stderr; };</CODE> - -<DT><CODE>update</CODE> -<DD> -Dynamic updates. - -<DT><CODE>ncache</CODE> -<DD> -Negative caching. - -<DT><CODE>xfer-in</CODE> -<DD> -Zone transfers the server is receiving. - -<DT><CODE>xfer-out</CODE> -<DD> -Zone transfers the server is sending. - -<DT><CODE>db</CODE> -<DD> -All database operations. - -<DT><CODE>eventlib</CODE> -<DD> -Debugging info from the event system. Only one channel may be specified for -this category, and it must be a file channel. If you do not define the -eventlib category, the following definition is used: <CODE>category eventlib -{ default_debug; };</CODE> - -<DT><CODE>packet</CODE> -<DD> -Dumps of packets received and sent. Only one channel may be specified for -this category, and it must be a file channel. If you do not define the -packet category, the following definition is used: <CODE>category packet -{ default_debug; };</CODE> - -<DT><CODE>notify</CODE> -<DD> -The NOTIFY protocol. - -<DT><CODE>cname</CODE> -<DD> -Messages like "... points to a CNAME". - -<DT><CODE>security</CODE> -<DD> -Approved/unapproved requests. - -<DT><CODE>os</CODE> -<DD> -Operating system problems. - -<DT><CODE>insist</CODE> -<DD> -Internal consistency check failures. - -<DT><CODE>maintenance</CODE> -<DD> -Periodic maintenance events. - -<DT><CODE>load</CODE> -<DD> -Zone loading messages. - -<DT><CODE>response-checks</CODE> -<DD> -Messages arising from response checking, such as -"Malformed response ...", "wrong ans. name ...", -"unrelated additional info ...", "invalid RR type ...", and "bad referral ...". - -</DL> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: logging.html,v 1.12 1999/09/30 17:58:35 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/master.html b/contrib/bind/doc/html/master.html deleted file mode 100644 index ff4ba0a20a60f..0000000000000 --- a/contrib/bind/doc/html/master.html +++ /dev/null @@ -1,166 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>Master File Format</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration Guide -- Master File Format</H2> - -<HR> - -<P> -The Master File Format was initially defined in -<A HREF=http://ds.internic.net/rfc/rfc1035.txt>RFC 1035</A> -and has subsequently been extended. -<P> -While the Master File Format is class independent all records in a -Master File must be of the same class. - -<H3>Master File Directives</H3> -<H4>$ORIGIN</H4> -Syntax: <CODE>$ORIGIN <domain-name> [<comment>]</CODE> -<P> -<CODE>$ORIGIN</CODE> set the domain name that will be appended to any -unqualified records. -When a zone is first read in there is an implict <CODE>$ORIGIN</CODE> -<zone-name>. -The current <CODE>$ORIGIN</CODE> is appended to the domain specified in the -<CODE>$ORIGIN</CODE> argument if it is not absolute. - -<PRE> -$ORIGIN EXAMPLE. -$ORIGIN MYZONE -WWW CNAME MAIN-SERVER -</PRE> -is equivlent to -<PRE> -WWW.MYZONE.EXAMPLE. CNAME MAIN-SERVER.MYZONE.EXAMPLE. -</PRE> - -<H4>$INCLUDE</H4> -Syntax: <CODE>$INCLUDE <filename> [<origin>] [<comment>]</CODE> -<P> -Read and process the file filename as if it was included into the file at this -point. If origin is specified the file is processed with <CODE>$ORIGIN</CODE> -set to that value otherwise the current <CODE>$ORIGIN</CODE> is used. -<I>NOTE: The behaviour when <origin> is specified differs from that -described in -<A HREF=http://ds.internic.net/rfc/rfc1035.txt>RFC 1035</A>.</I> -<P> -The origin and current domain revert to the values they were prior to the -<CODE>$INCLUDE</CODE> once the file has been read. -<H4>$TTL</H4> -Syntax: <CODE>$TTL <default-ttl> [<comment>]</CODE> -<P> -Set the default Time To Live (TTL) for subsequent records with undefined -TTL's. Valid TTL's are of the range 0-2147483647. -<P> -<CODE>$TTL</CODE> is defined in -<A HREF=http://ds.internic.net/rfc/rfc2308.txt>RFC 2308</A>. -<H3>BIND Master File Extentions</H3> -<H4>$GENERATE</H4> -Syntax: <CODE>$GENERATE <range> <lhs> <type> <rhs> -[<comment>]</CODE> -<P> -<CODE>$GENERATE</CODE> is used to create a series of resource records -that only differ from each other by an iterator. <CODE>$GENERATE</CODE> -can be used to easily generate the sets of records required to support -sub /24 reverse delegations described in -<A HREF=http://ds.internic.net/rfc/rfc2317.txt>RFC 2317: Classless IN-ADDR.ARPA delegation</A>. - -<PRE> -$ORIGIN 0.0.192.IN-ADDR.ARPA. -$GENERATE 1-2 0 NS SERVER$.EXAMPLE. -$GENERATE 1-127 $ CNAME $.0 -</PRE> -is equivalent to -<PRE> -0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE. -0.0.0.192.IN-ADDR.ARPA NS SERVER2.EXAMPLE. -1.0.0.192.IN-ADDR.ARPA CNAME 1.0.0.0.192.IN-ADDR.ARPA. -2.0.0.192.IN-ADDR.ARPA CNAME 2.0.0.0.192.IN-ADDR.ARPA. -... -127.0.0.192.IN-ADDR.ARPA CNAME 127.0.0.0.192.IN-ADDR.ARPA. -</PRE> -<DL> -<DT>range</DT> -<DD> -This can be one of two forms: -<I>start</I>-<I>stop</I> -or -<I>start</I>-<I>stop</I>/<I>step</I>. If the first form is -used then step is set to 1. All of start, stop and step must be positive. -<DT>lhs</DT> -<DD> -Lhs describes the owner name of the resource records to be created. -Any single $ symbols within the LHS side are replaced by the iterator value. -To get a $ in the output use \$. If the lhs is not absolute -the current $ORIGIN is appended to the name, when appropriate. -You can also apply an offset to the iterator by using ${offset} where -offset is a decimal value to add to the iterator. -And you can also change the format of the iterator by using a printf -like string. The format is ${offset,width,radix} where offset is as before -(use 0 for no change), width is the minimum field width (always zero padded) -radix is one of d, o, x, or X to change the radix to decimal, octal, hex, or hex -with capital letters. -The default is ${0,1,d}. -For example: ${16,3} will add 16 to the iterator and be replaced by -a 3 digit decimal representation. ${0,2,x} will be replaced by a 2 digit -hex representation. To get a { character inserted into the text -immediately after the iterator, use $\{. -<DT>type</DT> -<DD> -At present the only supported types are A, AAAA, PTR, CNAME and NS. -<DT>rhs</DT> -<DD> -Rhs is the data. It is processed similarly to the lhs. -<DD> -</DL> -<H2>Resource Records</H2> -Syntax: <CODE>{<domain>|@|<blank>} -[<ttl>] [<class>] <type> <rdata> -[<comment>]</CODE> -<P> -All resource records have the same basic syntax. -<DL> -<DT><CODE>domain</CODE></DT> -<DD> -Specify the domain name for this record. If it is not absolute the -current <CODE>$ORIGIN</CODE> is appended. -<DT><CODE>@</CODE></DT> -<DD> -Use the current <CODE>$ORIGIN</CODE> for the domain name for this record. -<DT><CODE>blank</CODE></DT> -<DD> -Use the last specified domainname. -<DT><CODE>ttl</CODE></DT> -<DD> -This specifies how long this record will be cached by caching servers. -The valid range is 0-2147483647. -<DT><CODE>class</CODE></DT> -<DD> -Specify the class of this record. This is usually redundent as the -class of a zone is specfied in the configuration file prior to reading -the zone file. -<DT><CODE>type</CODE></DT> -<DD> -Specify the type of this record. This describes the contents of the rdata -section. -<DT><CODE>rdata</CODE></DT> -<DD> -This is the value of the resource record. -</DL> -<H2>Time Values: Alternate Specification format (BIND Enhancement)</H2> -<P> -Many time values within the MASTER file may be specified in multiples -of weeks, days, hours, minutes and seconds rather than just seconds. -<P> -The format for this is <CODE>#w#d#h#m#s</CODE>. To specify 1 week you would -use <CODE>1w</CODE> or two weeks and 1 hour <CODE>2w1h</CODE>. -<P> -This format applies to TTL values, and SOA REFRESH, RETRY, EXPIRE and MINIMUM -values. -</P> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/options.html b/contrib/bind/doc/html/options.html deleted file mode 100644 index e3e09efdb3729..0000000000000 --- a/contrib/bind/doc/html/options.html +++ /dev/null @@ -1,814 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND options Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide -- <CODE>options</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -options { - [ version <VAR>version_string</VAR>; ] - [ directory <VAR>path_name</VAR>; ] - [ named-xfer <VAR>path_name</VAR>; ] - [ dump-file <VAR>path_name</VAR>; ] - [ memstatistics-file <VAR>path_name</VAR>; ] - [ pid-file <VAR>path_name</VAR>; ] - [ statistics-file <VAR>path_name</VAR>; ] - [ auth-nxdomain <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ deallocate-on-exit <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ fake-iquery <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ fetch-glue <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ has-old-clients <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ host-statistics <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ multiple-cnames <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ recursion <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ rfc2308-type1 <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ use-id-pool <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ treat-cr-as-space <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ... ] }; - [ forward ( only | first ); ] - [ forwarders { [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; [ <VAR><A HREF="docdef.html">in_addr</A></VAR> ; ... ] ] }; ] - [ check-names ( master | slave | response ) ( warn | fail | ignore); ] - [ allow-query { <VAR>address_match_list</VAR> }; ] - [ allow-transfer { <VAR>address_match_list</VAR> }; ] - [ allow-recursion { <VAR>address_match_list</VAR> }; ] - [ blackhole { <VAR>address_match_list</VAR> }; ] - [ listen-on [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR>address_match_list</VAR> }; ] - [ query-source [ address ( <VAR><A HREF="docdef.html">ip_addr</A></VAR> | * ) ] [ port ( <VAR><A HREF="docdef.html">ip_port</A></VAR> | * ) ] ; ] - [ lame-ttl <VAR>number</VAR>; ] - [ max-transfer-time-in <VAR>number</VAR>; ] - [ max-ncache-ttl <VAR>number</VAR>; ] - [ min-roots <VAR>number</VAR>; ] - [ serial-queries <VAR>number</VAR>; ] - [ transfer-format ( one-answer | many-answers ); ] - [ transfers-in <VAR>number</VAR>; ] - [ transfers-out <VAR>number</VAR>; ] - [ transfers-per-ns <VAR>number</VAR>; ] - [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ] - [ maintain-ixfr-base <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ max-ixfr-log-size <VAR>number</VAR>; ] - [ coresize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ] - [ datasize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ] - [ files <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ] - [ stacksize <VAR><A HREF="docdef.html">size_spec</A></VAR> ; ] - [ cleaning-interval <VAR>number</VAR>; ] - [ heartbeat-interval <VAR>number</VAR>; ] - [ interface-interval <VAR>number</VAR>; ] - [ statistics-interval <VAR>number</VAR>; ] - [ <A HREF="#topology">topology</A> { <VAR>address_match_list</VAR> }; ] - [ <A HREF="#sortlist">sortlist</A> { <VAR>address_match_list</VAR> }; ] - [ rrset-order { <VAR>order_spec</VAR> ; [ <VAR>order_spec</VAR> ; ... ] ] }; -}; -</PRE> -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The options statement sets up global options to be used by -BIND. This statement may appear at only once in a -configuration file; if more than one occurrence is found, the -first occurrence determines the actual options used, -and a warning will be generated. If there is no options statement, -an options block with each option set to its default will be used.</P> - -<H4>Pathnames</H4> - -<DL> -<DT><CODE>version</CODE> -<DD> -The version the server should report via the <VAR>ndc</VAR> command -or via a query of name <CODE>version.bind</CODE> in class <I>chaos</I>. -The default is the real version number of the server, but some server -operators prefer the string <CODE>"surely you must be joking"</CODE>. - -<DT><CODE>directory</CODE> -<DD> -The working directory of the server. Any non-absolute -pathnames in the configuration file will be taken as relative to this -directory. The default location for most server output files -(e.g. "named.run") is this directory. If a directory is not -specified, the working directory defaults to ".", the directory from which the -server was started. The directory specified should be an absolute path. - -<DT><CODE>named-xfer</CODE> -<DD> -The pathname to the named-xfer program that the server uses for -inbound zone transfers. If not specified, the default is -system dependent (e.g. "/usr/sbin/named-xfer"). - -<DT><CODE>dump-file</CODE> -<DD> -The pathname of the file the server dumps the database to when it -receives <CODE>SIGINT</CODE> signal (<CODE>ndc dumpdb</CODE>). If not -specified, the default is "named_dump.db". - -<DT><CODE>memstatistics-file</CODE> -<DD> -The pathname of the file the server writes memory usage statistics to, on exit, -if <CODE>deallocate-on-exit</CODE> is <CODE>yes</CODE>. If not -specified, the default is "named.memstats". - -<DT><CODE>pid-file</CODE> -<DD> -The pathname of the file the server writes its process ID in. If not -specified, the default is operating system dependent, but is usually -"/var/run/named.pid" or "/etc/named.pid". The pid-file is used by -programs like "ndc" that want to send signals to the running -nameserver. - -<DT><CODE>statistics-file</CODE> -<DD> -The pathname of the file the server appends statistics to when it -receives <CODE>SIGILL</CODE> signal (<CODE>ndc stats</CODE>). If not -specified, the default is "named.stats". -</DL> - -<A name="BooleanOptions"><H4>Boolean Options</H4></A> - -<DL> -<DT><CODE>auth-nxdomain</CODE> -<DD> -If <CODE>yes</CODE>, the <CODE>AA</CODE> bit is always set on -NXDOMAIN responses, even if the server is not actually authoritative. -The default is <CODE>yes</CODE>. Do not turn off -<CODE>auth-nxdomain</CODE> unless you are sure you know what you are -doing, as some older software won't like it. - -<DT><CODE>deallocate-on-exit</CODE> -<DD> -If <CODE>yes</CODE>, the server will painstakingly deallocate every object it -it allocated, when it exits, and then write a memory usage report to -the <CODE>memstatistics-file</CODE>. The default is <CODE>no</CODE>, because -it is faster to let the operating system clean up. -<CODE>deallocate-on-exit</CODE> is handy for detecting memory leaks. - -<DT><CODE>dialup</CODE> -<DD> -If <CODE>yes</CODE>, the server treats all zones as if they are -doing zone transfers across a dial on demand dialup link, which can -be brought up by traffic originating from this server. This has -different effects according to zone type and concentrates the zone -maintenance so that it all happens in a short interval, once every -<CODE>heartbeat-interval</CODE> and hopefully during the one call. -It also suppresses some of the normal zone maintainance traffic. -The default is <CODE>no</CODE>. The <CODE>dialup</CODE> -option may also be specified in the <CODE>zone</CODE> statement, in which -case it overrides the <CODE>options dialup</CODE> statement. - -<P> -If the zone is a <CODE>master</CODE> zone, the server will send out -NOTIFY request to all the slaves. This will trigger the "zone up to -date checking" in the slave (providing it supports NOTIFY), allowing -the <CODE>slave</CODE> to verify the zone while the call us up. - -<P> -If the zone is a <CODE>slave</CODE> or <CODE>stub</CODE> zone, the server -will suppress the regular "zone up to date" queries and only perform -them when the <CODE>heartbeat-interval</CODE> expires. - -<DT><CODE>fake-iquery</CODE> -<DD> -If <CODE>yes</CODE>, the server will simulate the obsolete DNS query type -IQUERY. The default is <CODE>no</CODE>. - -<DT><CODE>fetch-glue</CODE> -<DD> -If <CODE>yes</CODE> (the default), the server will fetch "glue" resource -records it doesn't have when constructing the additional data section of -a response. <CODE>fetch-glue no</CODE> can be used in conjunction with -<CODE>recursion no</CODE> to prevent the server's cache from growing or -becoming corrupted (at the cost of requiring more work from the client). - -<DT><CODE>has-old-clients</CODE> -<DD> -Setting the option to <CODE>yes</CODE> is equivalent to setting the follow -three options <CODE>auth-nxdomain yes;</CODE>, <CODE>maintain-ixfr-base -yes;</CODE> and <CODE>rfc2308-type1 no;</CODE>. -The use of <CODE>has-old-clients</CODE> with <CODE>auth-nxdomain</CODE>, -<CODE>maintain-ixfr-base</CODE> and <CODE>rfc2308-type1</CODE> is order -dependant. - -<DT><CODE>host-statistics</CODE> -<DD> -If <CODE>yes</CODE>, statistics are kept for every host that the -the nameserver interacts with. The default is <CODE>no</CODE>. <I>Note:</I> -turning on <CODE>host-statistics</CODE> can consume huge amounts of memory. - -<DT><CODE>maintain-ixfr-base</CODE> -<DD> -If <CODE>yes</CODE>, a transaction log is kept for -Incremental Zone Transfer. The default is <CODE>no</CODE>. - -<DT><CODE>multiple-cnames</CODE> -<DD> -If <CODE>yes</CODE>, multiple CNAME resource records will be -allowed for a domain name. The default is <CODE>no</CODE>. Allowing -multiple CNAME records is against standards and is not recommended. -Multiple CNAME support is available because previous versions of BIND -allowed multiple CNAME records, and these records have been used for load -balancing by a number of sites. - -<DT><CODE>notify</CODE> -<DD> -If <CODE>yes</CODE> (the default), DNS NOTIFY messages are sent when a -zone the server is authoritative for changes. The use of NOTIFY -speeds convergence between the master and its slaves. Slave servers -that receive a NOTIFY message, and understand it, will contact the -master server for the zone to see if they need to do a zone transfer. If -they do, they will initiate it immediately. The <CODE>notify</CODE> -option may also be specified in the <CODE>zone</CODE> statement, in which -case it overrides the <CODE>options notify</CODE> statement. - -<DT><CODE>recursion</CODE> -<DD> -If <CODE>yes</CODE>, and a DNS query requests recursion, the -server will attempt to do all the work required to answer the query. -If recursion is not on, the server will return a referral to the -client if it doesn't know the answer. The default is <CODE>yes</CODE>. -See also <CODE>fetch-glue</CODE> above. - -<DT><CODE>rfc2308-type1</CODE> -<DD> -If <CODE>yes</CODE>, the server will send NS records along with the SOA -record for negative answers. -You need to set this to <CODE>no</CODE> if you have an old BIND -server using you as a forwarder that does not understand negative answers -which contain both SOA and NS records or you have an old version of sendmail. -The correct fix is to upgrade the broken server or sendmail. -The default is <CODE>no</CODE>. - -<DT><CODE>use-id-pool</CODE> -<DD> -If <CODE>yes</CODE>, the server will keep track of its own outstanding -query ID's to avoid duplication and increase randomness. This will result -in 128KB more memory being consumed by the server. -The default is <CODE>no</CODE>. - -<DT><CODE>treat-cr-as-space</CODE> -<DD> -If <CODE>yes</CODE>, the server will treat '\r' characters the same way it -treats a ' ' or '\t'. This may be necessary when loading zone files on a -UNIX system that were generated on an NT or DOS machine. The default is <CODE>no</CODE>. - -</DL> - -<A NAME="Also-notify"><H4>Also-Notify</H4></A> - -<DT><CODE>also-notify</CODE> -<P> -Defines a global list of IP addresses that also get sent NOTIFY messages -whenever a fresh copy of the zone is loaded. This helps to ensure that -copies of the zones will quickly converge on ``stealth'' servers. -If an <CODE>also-notify</CODE> list is given in a <CODE>zone</CODE> -statement, it will override the <CODE>options also-notify</CODE> statement. -When a <CODE>zone notify</CODE> statement is set to <CODE>no</CODE>, -the IP addresses in the global <CODE>also-notify</CODE> list will not get -sent NOTIFY messages for that zone. -The default is the empty list (no global notification list). - -<A NAME="Forwarding"><H4>Forwarding</H4></A> - -<P>The forwarding facility can be used to create a large site-wide -cache on a few servers, reducing traffic over links to external -nameservers. It can also be used to allow queries by servers that do -not have direct access to the Internet, but wish to look up exterior -names anyway. Forwarding occurs only on those queries for which the -server is not authoritative and does not have the answer in its cache. - -<DL> -<DT><CODE>forward</CODE> -<DD> -This option is only meaningful if the <CODE>forwarders</CODE> list is -not empty. A value of <CODE>first</CODE>, the default, causes the -server to query the forwarders first, and if that doesn't answer the -question the server will then look for the answer itself. If -<CODE>only</CODE> is specified, the server will only query the -forwarders. - -<DT><CODE>forwarders</CODE> -<DD> -Specifies the IP addresses to be used for forwarding. The default is the -empty list (no forwarding). -</DL> - -<P>Forwarding can also be configured on a per-zone basis, allowing for -the global forwarding options to be overridden in a variety of ways. -You can set particular zones to use different forwarders, or have -different <CODE>forward only/first</CODE> behavior, or to not forward -at all. See the <A HREF="zone.html"><CODE>zone</CODE></A> statement -for more information. - -<P>Future versions of BIND 8 will provide a more powerful forwarding -system. The syntax described above will continue to be supported. - -<a name="NameChecking"><H4>Name Checking</H4></a> - -<P>The server can check domain names based upon their expected client contexts. -For example, a domain name used as a hostname can be checked for compliance -with the RFCs defining valid hostnames. - -<P>Three checking methods are available: - -<DL> -<DT><CODE>ignore</CODE> -<DD> -No checking is done. - -<DT><CODE>warn</CODE> -<DD> -Names are checked against their expected client contexts. Invalid names are -logged, but processing continues normally. - -<DT><CODE>fail</CODE> -<DD> -Names are checked against their expected client contexts. Invalid names are -logged, and the offending data is rejected. -</DL> - -<P>The server can check names three areas: master zone files, slave -zone files, and in responses to queries the server has initiated. If -<CODE>check-names response fail</CODE> has been specified, and -answering the client's question would require sending an invalid name -to the client, the server will send a REFUSED response code to the -client. - -<P>The defaults are: - -<PRE> - check-names master fail; - check-names slave warn; - check-names response ignore; -</PRE> - -<P><CODE>check-names</CODE> may also be specified in the -<A HREF="zone.html"><CODE>zone</CODE></A> -statement, in which case it overrides the <CODE>options check-names</CODE> -statement. When used in a <CODE>zone</CODE> statement, the area is not -specified (because it can be deduced from the zone type). - -<A name="AccessControl"><H4>Access Control</H4></A> - -<P>Access to the server can be restricted based on the IP address of the -requesting system. See -<VAR><A HREF="address_list.html">address_match_list</A></VAR> for details -on how to specify IP address lists. - -<DL> -<DT><CODE>allow-query</CODE> -<DD> -Specifies which hosts are allowed to ask ordinary questions. -<CODE>allow-query</CODE> may also be specified in the -<CODE>zone</CODE> statement, in which case it overrides the -<CODE>options allow-query</CODE> statement. If not specified, the default is -to allow queries from all hosts. - -<DT><CODE>allow-transfer</CODE> -<DD> -Specifies which hosts are allowed to receive zone transfers from the -server. <CODE>allow-transfer</CODE> may also be specified in the -<CODE>zone</CODE> statement, in which case it overrides the -<CODE>options allow-transfer</CODE> statement. If not specified, the default -is to allow transfers from all hosts. - -<DT><CODE>allow-recursion</CODE> -<DD> -Specifies which hosts are allowed to make recursive queries through this -server. If not specified, the default is to allow recursive queries from -all hosts. - -<DT><CODE>blackhole</CODE> -<DD> -Specifies a list of addresses that the server will not accept queries from -or use to resolve a query. Queries from these addresses will not be -responded to. -</DL> - -<H4>Interfaces</H4> - -<P>The interfaces and ports that the server will answer queries from may -be specified using the <CODE>listen-on</CODE> option. <CODE>listen-on</CODE> -takes an optional port, and an -<VAR><A HREF="address_list.html">address_match_list</A></VAR>. The server will -listen on all interfaces allowed by the address match list. If a port is -not specified, port 53 will be used. - -<P>Multiple <CODE>listen-on</CODE> statements are allowed. For example, - -<PRE> - listen-on { 5.6.7.8; }; - listen-on port 1234 { !1.2.3.4; 1.2/16; }; -</PRE> - -will enable the nameserver on port 53 for the IP address 5.6.7.8, and -on port 1234 of an address on the machine in net 1.2 that is not -1.2.3.4. - -<P>If no <CODE>listen-on</CODE> is specified, the server will listen on port -53 on all interfaces. - -<H4>Query Address</H4> - -<P>If the server doesn't know the answer to a question, it will query -other nameservers. <CODE>query-source</CODE> specifies the address -and port used for such queries. If <CODE>address</CODE> is -<CODE>*</CODE> or is omitted, a wildcard IP address -(<CODE>INADDR_ANY</CODE>) will be used. If <CODE>port</CODE> is -<CODE>*</CODE> or is omitted, a random unprivileged port will be used. -The default is - -<PRE> - query-source address * port *; -</PRE> - -<P>Note: <CODE>query-source</CODE> currently applies only to UDP queries; -TCP queries always use a wildcard IP address and a random unprivileged -port. - -<A name="ZoneTransfers"><H4>Zone Transfers</H4></A> - -<DL> -<DT><CODE>max-transfer-time-in</CODE> -<DD> -Inbound zone transfers (<CODE>named-xfer</CODE> processes) running -longer than this many minutes will be terminated. The default is 120 -minutes (2 hours). - -<DT><CODE>transfer-format</CODE> -<DD> -The server supports two zone transfer methods. -<CODE>one-answer</CODE> uses one DNS message per resource record -transferred. <CODE>many-answers</CODE> packs as many resource records -as possible into a message. <CODE>many-answers</CODE> is more -efficient, but is only known to be understood by BIND 8.1+ and patched -versions of BIND 4.9.5. The default is <CODE>one-answer</CODE>. -<CODE>transfer-format</CODE> may be -overridden on a per-server basis by using the <CODE>server</CODE> statement. - -<DT><CODE>transfers-in</CODE> -<DD> -The maximum number of inbound zone transfers that can be running -concurrently. The default value is 10. Increasing -<CODE>transfers-in</CODE> may speed up the convergence of slave zones, -but it also may increase the load on the local system. - -<DT><CODE>transfers-out</CODE> -<DD> -This option will be used in the future to limit the number of -concurrent outbound zone transfers. It is checked for syntax, but is -otherwise ignored. - -<DT><CODE>transfers-per-ns</CODE> -<DD> -The maximum number of inbound zone transfers (<CODE>named-xfer</CODE> -processes) that can be concurrently transferring from a given remote -nameserver. The default value is 2. Increasing -<CODE>transfers-per-ns</CODE> may speed up the convergence of slave -zones, but it also may increase the load on the remote nameserver. -<CODE>transfers-per-ns</CODE> may be overridden on a per-server basis -by using the <CODE>transfers</CODE> phrase of the <CODE>server</CODE> -statement. - -<DT><CODE>transfer-source</CODE> -<DD> -<CODE>transfer-source</CODE> determines which local address will be bound -to the TCP connection used to fetch all zones transferred inbound by the -server. If not set, it defaults to a system controlled value which will -usually be the address of the interface ``closest to'' the remote end. -This address must appear in the remote end's <CODE>allow-transfer</CODE> -option for the zone being transferred, if one is specified. This statement -sets the <CODE>transfer-source</CODE> for all zones, but can be overridden -on a per-zone basis by including a <CODE>transfer-source</CODE> statement -within the zone block in the configuration file. - -<DT><CODE>serial-queries</CODE> -<DD> -Slave servers will periodically query master servers to find out if zone -serial numbers have changed. Each such query uses a minute amount of the -slave server's network bandwidth, but more importantly each query uses a -small amount of <I>memory</I> in the slave server while waiting for the -master server to respond. The <CODE>serial-queries</CODE> option sets the -maximum number of concurrent serial-number queries allowed to be outstanding -at any given time. The default is four (4). -<B>Note:</B> -If a server loads a large (tens or hundreds of thousands) number of slave -zones, this limit should be raised to the high hundreds or low -thousands -- otherwise the slave server may never actually become aware of -zone changes in the master servers. Beware, though, that setting this limit -arbitrarily high can spend a considerable amount of your slave server's -network, CPU, and memory resources. As with all tunable limits, this one -should be changed gently and monitored for its effects. -</DL> - -<H4>Resource Limits</H4> - -<P>The server's usage of many system resources can be limited. Some -operating systems don't support some of the limits. On such systems, -a warning will be issued if the unsupported limit is used. Some -operating systems don't support limiting resources, and on these systems -a <CODE>cannot set resource limits on this system</CODE> message will -be logged. - -<P>Scaled values are allowed when specifying resource limits. For -example, <CODE>1G</CODE> can be used instead of -<CODE>1073741824</CODE> to specify a limit of one gigabyte. -<CODE>unlimited</CODE> requests unlimited use, or the maximum -available amount. <CODE>default</CODE> uses the limit that was in -force when the server was started. See -<VAR><A HREF="docdef.html">size_spec</A></VAR> for more details. - -<DL> -<DT><CODE>coresize</CODE> -<DD> -The maximum size of a core dump. The default is <CODE>default</CODE>. - -<DT><CODE>datasize</CODE> -<DD> -The maximum amount of data memory the server may use. The default is -<CODE>default</CODE>. - -<DT><CODE>files</CODE> -<DD> -The maximum number of files the server may have open concurrently. -The default is <CODE>unlimited</CODE>. <I>Note:</I> on some operating -systems the server cannot set an unlimited value and cannot determine -the maximum number of open files the kernel can support. On such -systems, choosing <CODE>unlimited</CODE> will cause the server to use -the larger of the <CODE>rlim_max</CODE> for <CODE>RLIMIT_NOFILE</CODE> -and the value returned by <CODE>sysconf(_SC_OPEN_MAX)</CODE>. If the -actual kernel limit is larger than this value, use <CODE>limit -files</CODE> to specify the limit explicitly. - -<DT><CODE>max-ixfr-log-size</CODE> -<DD> -The <CODE>max-ixfr-log-size</CODE> will be used in a future release of -the server to limit the size of the -transaction log kept for Incremental Zone Transfer. - -<DT><CODE>stacksize</CODE> -<DD> -The maximum amount of stack memory the server may use. The default is -<CODE>default</CODE>. -</DL> - -<H4>Periodic Task Intervals</H4> - -<DL> -<DT><CODE>cleaning-interval</CODE> -<DD> -The server will remove expired resource records from the cache every -<CODE>cleaning-interval</CODE> minutes. The default is 60 minutes. If set -to 0, no periodic cleaning will occur. - -<DT><CODE>heartbeat-interval</CODE> -<DD> -The server will perform zone maintenance tasks for all zones marked -<CODE>dialup yes</CODE> whenever this interval expires. -The default is 60 minutes. Reasonable values are up to 1 day (1440 minutes). -If set to 0, no zone maintenance for these zones will occur. -<DT><CODE>interface-interval</CODE> -<DD> -The server will scan the network interface list every -<CODE>interface-interval</CODE> minutes. The default is 60 minutes. -If set to 0, interface scanning will only occur when the configuration -file is loaded. After the scan, listeners will be started on any new -interfaces (provided they are allowed by the <CODE>listen-on</CODE> -configuration). Listeners on interfaces that have gone away will be -cleaned up. - -<DT><CODE>statistics-interval</CODE> -<DD> -Nameserver statistics will be logged every <CODE>statistics-interval</CODE> -minutes. The default is 60. If set to 0, no statistics will be logged. -</DL> - -<H4><A NAME="topology">Topology</A></H4> - -<P>All other things being equal, when the server chooses a nameserver -to query from a list of nameservers, it prefers the one that is -topologically closest to itself. The <CODE>topology</CODE> statement -takes an <VAR><A HREF="address_list.html">address_match_list</A></VAR> -and interprets it in a special way. Each top-level list element is -assigned a distance. Non-negated elements get a distance based on -their position in the list, where the closer the match is to the start -of the list, the shorter the distance is between it and the server. A -negated match will be assigned the maximum distance from the server. -If there is no match, the address will get a distance which is further -than any non-negated list element, and closer than any negated -element. For example, - -<PRE> - topology { - 10/8; - !1.2.3/24; - { 1.2/16; 3/8; }; - }; -</PRE> - -<P>will prefer servers on network 10 the most, followed by hosts on -network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception -of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least -of all. - -<P>The default topology is - -<PRE> - topology { localhost; localnets; }; -</PRE> - -<H4><A NAME="sortlist">Resource Record sorting</A></H4> - -<P> -When returning multiple RRs, -the nameserver will normally return them in -<B>Round Robin</B>, -i.e. after each request, the first RR is put to the end of the list. -As the order of RRs is not defined, this should not cause any problems. -</P> -<P> -The client resolver code should re-arrange the RRs as appropriate, -i.e. using any addresses on the local net in preference to other addresses. -However, not all resolvers can do this, or are not correctly configured. -</P> -<P> -When a client is using a local server, the sorting can be performed in the -server, based on the client's address. -This only requires configuring the nameservers, not all the clients. -</P> -<P> -The sortlist statement takes an address match list and interprets it even -more specially than the <A HREF="#topology">topology</A> statement does. -</P> -<P> -Each top level statement in the sortlist must itself be an explicit -address match list with one or two elements. The first element -(which may be an IP address, an IP prefix, an ACL name or nested -address match list) of each top level list is checked against the -source address of the query until a match is found. -</P> -<P> -Once the source address of the query has been matched, if the top level -statement contains only one element, the actual primitive element that -matched the source address is used to select the address in the response -to move to the beginning of the response. If the statement is a list -of two elements, the second element is treated like the address -match list in a topology statement. Each top level element is assigned -a distance and the address in the response with the minimum distance is -moved to the beginning of the response. -</P> -<P> -In the following example, any queries received from any of the addresses -of the host itself will get responses preferring addresses on any of -the locally connected networks. Next most preferred are addresses on -the 192.168.1/24 network, and after that either the 192.168.2/24 or -192.168.3/24 network with no preference shown between these two networks. -Queries received from a host on the 192.168.1/24 network will prefer -other addresses on that network to the 192.168.2/24 and 192.168.3/24 -networks. Queries received from a host on the 192.168.4/24 or the -192.168.5/24 network will only prefer other addresses on their -directly connected networks. -<PRE> -sortlist { - { localhost; // IF the local host - { localnets; // THEN first fit on the - 192.168.1/24; // following nets - { 192,168.2/24; 192.168.3/24; }; }; }; - { 192.168.1/24; // IF on class C 192.168.1 - { 192.168.1/24; // THEN use .1, or .2 or .3 - { 192.168.2/24; 192.168.3/24; }; }; }; - { 192.168.2/24; // IF on class C 192.168.2 - { 192.168.2/24; // THEN use .2, or .1 or .3 - { 192.168.1/24; 192.168.3/24; }; }; }; - { 192.168.3/24; // IF on class C 192.168.3 - { 192.168.3/24; // THEN use .3, or .1 or .2 - { 192.168.1/24; 192.168.2/24; }; }; }; - { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net - }; -}; -</PRE> -The following example will give reasonable behaviour for the local host -and hosts on directly connected networks. It is similar to the behavior -of the address sort in BIND 4.9.x. Responses sent to queries from the -local host will favor any of the directly connected networks. Responses -sent to queries from any other hosts on a directly connected network will -prefer addresses on that same network. Responses to other queries will -not be sorted. -<PRE> -sortlist { - { localhost; localnets; }; - { localnets; }; -}; -</PRE> -<!-- - * XXX - it would be nice to have an ACL called "source" that matched the - * source address of a query so that a host could be configured to - * automatically prefer itself, and an ACL called "sourcenet", that - * would return the primitive IP match element that matched the source - * address so that you could do: - * { localnets; { sourcenet; { other stuff ...}; }; - * and automatically get similar behaviour to what you get with: - * { localnets; }; ---> -</P> - -<a name="RrsetOrder"> -<H4>RRset Ordering</H4> - -<P>When multiple records are returned in an answer it may be useful to -configure the order the records are placed into the response. For example the -records for a zone might be configured to always be returned in the order they -are defined in the zone file. Or perhaps a <i>random</i> shuffle of the -records as they are returned is wanted. The <var>rrset-order</var> statement -permits configuration of the ordering made of the records in a multiple record -response. The default, if no ordering is defined, is a cyclic ordering (round -robin). - -<P>An <var>order_spec</var> is defined as follows: - -<PRE> - [ <var>class</var> class_name ][ <var>type</var> type_name ][ <var>name</var> "FQDN" ] <var>order</var> ordering -</PRE> - -<P>If no <var>class</var> is specified, the default is <code>ANY</code>. If no -<var>type</var> is specified, the default is <code>ANY</code>. If no -<var>name</var> is specified, the default is <code>"*"</code>. - -<P>The legal values for <code>ordering</code> are: - -<DL> -<DT><code>fixed</code> -<DD>Records are returned in the order they are defined in the zone file. - -<DT><code>random</code> -<DD>Records are returned in some random order. - -<DT><code>cyclic</code> -<DD>Records are returned in a round-robin order. - -</DL> - - -<P>For example: - -<PRE> - rrset-order { - class IN type A name "rc.vix.com" order random; - order cyclic; - }; -</PRE> - -<P>will cause any responses for type <VAR>A</VAR> records in class -<VAR>IN</VAR> that have "rc.vix.com" as a suffix, to always be returned in -random order. All other records are returned in cyclic order. - -<P>If multiple <code>rrset-order</code> statements appear, they are not -combined--the last one applies. - -<P>If no <code>rrset-order</code> statement is specified, a default one -of: - -<pre> - rrset-order { class ANY type ANY name "*" order cyclic ; }; -</pre> - -<P>is used. - -<H4>Tuning</H4> - -<DL> -<DT><CODE>lame-ttl</CODE> -<DD> -Sets the number of seconds to cache a lame server indication. -0 disables caching. Default is 600 (10 minutes). Maximum value is 1800 (30 minutes). -<DT><CODE>max-ncache-ttl</CODE> -<DD> -To reduce network traffic and increase performance the server stores negative -answers. <CODE>max-ncache-ttl</CODE> is used to set a maximum retention time -for these answers in the server is seconds. The default <CODE>max-ncache-ttl</CODE> is -10800 seconds (3 hours). <CODE>max-ncache-ttl</CODE> cannot exceed the -maximum retention time for ordinary (positive) answers (7 days) and will be -silently truncated to 7 days if set to a value which is greater that 7 days. -<DT><CODE>min-roots</CODE> -<DD> -The minimum number of root servers that is required for a -request for the root servers to be accepted. Default 2. -</DL> -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: options.html,v 1.36 1999/10/13 20:57:05 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/server.html b/contrib/bind/doc/html/server.html deleted file mode 100644 index eba350ba3f366..0000000000000 --- a/contrib/bind/doc/html/server.html +++ /dev/null @@ -1,69 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND server Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>server</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -server <VAR><A HREF="docdef.html">ip_addr</A></VAR> { - [ bogus <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ support-ixfr <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ transfers <VAR><A HREF="docdef.html">number</A></VAR>; ] - [ transfer-format ( one-answer | many-answers ); ] - [ keys { <VAR><A HREF="key.html">key_id</A></VAR> [<VAR>key_id</VAR> ... ] }; ] -}; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<P>The server statement defines the characteristics to be -associated with a remote name server.</P> - -<P>If you discover that a server is giving out bad data, marking it as -<CODE>bogus</CODE> will prevent further queries to it. The default value of -<CODE>bogus</CODE> is <CODE>no</CODE>. - -<P>The server supports two zone transfer methods. The first, -<CODE>one-answer</CODE>, uses one DNS message per resource record -transferred. <CODE>many-answers</CODE> packs as many resource records -as possible into a message. <CODE>many-answers</CODE> is more -efficient, but is only known to be understood by BIND 8.1 and patched -versions of BIND 4.9.5. You can specify which method to use for a -server with the <CODE>transfer-format</CODE> option. If -<CODE>transfer-format</CODE> is not specified, the <CODE>transfer-format</CODE> -specified by the <CODE>options</CODE> statement will be used. - -<P>The <CODE>transfers</CODE> will be used in a future release of the server -to limit the number of concurrent in-bound zone transfers from the specified -server. It is checked for syntax but is otherwise ignored. - -<P>The <CODE>keys</CODE> clause is used to identify a -<VAR>key_id</VAR> defined by the <CODE>key</CODE> statement, to be -used for transaction security when talking to the remote server. -The <CODE>key</CODE> statememnt must come before the <CODE>server</CODE> -statement that references it. When a request is sent to the remote server, -a request signature will be generated using the key specified here and -appended to the message. A request originating from the remote server is not -required to be signed by this key. - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: server.html,v 1.10 1999/09/15 20:28:02 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/trusted-keys.html b/contrib/bind/doc/html/trusted-keys.html deleted file mode 100644 index acf2beda8c75e..0000000000000 --- a/contrib/bind/doc/html/trusted-keys.html +++ /dev/null @@ -1,58 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND trusted-keys Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>trusted-keys</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -trusted-keys { - [ <VAR><A HREF="docdef.html">domain_name</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ] -}; - -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -The <CODE>trusted-keys</CODE> -statement is for use with DNSSEC-style security, originally specified -in RFC 2065. DNSSEC is meant to -provide three distinct services: key distribution, data origin -authentication, and transaction and request authentication. A -complete description of DNSSEC and its use is beyond the scope of this -document, and readers interested in more information should start with -<A HREF="http://info.internet.isi.edu/in-notes/rfc/files/rfc2065.txt"> -RFC 2065</A> and then continue with the -<A HREF="http://www.ietf.org/ids.by.wg/dnssec.html"> -Internet Drafts</A>.</P> - -<P>Each trusted key is associated with a domain name. Its attributes are -the non-negative integral <VAR>flags</VAR>, <VAR>protocol</VAR>, and -<VAR>algorithm</VAR>, as well as a base-64 encoded string representing -the key.</P> - -A trusted key is added when a public key for a non-authoritative zone is -known, but cannot be securely obtained through DNS. This occurs when -a signed zone is a child of an unsigned zone. Adding the trusted -key here allows data signed by that zone to be considered secure.</P> - -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: trusted-keys.html,v 1.4 1999/09/15 20:28:02 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/html/zone.html b/contrib/bind/doc/html/zone.html deleted file mode 100644 index 8d90a45ee875b..0000000000000 --- a/contrib/bind/doc/html/zone.html +++ /dev/null @@ -1,244 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> -<HTML> -<HEAD> - <TITLE>BIND zone Statement</TITLE> -</HEAD> - -<BODY> -<H2>BIND Configuration File Guide--<CODE>zone</CODE> Statement</H2> - -<HR> - -<A NAME="Syntax"><H3>Syntax</H3></A> - -<PRE> -zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { - type master; - file <VAR><A HREF="docdef.html">path_name</A></VAR>; - [ forward ( only | first ); ] - [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] - [ check-names ( warn | fail | ignore ); ] - [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; - [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ] - [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ] -}; - -zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { - type ( slave | stub ); - [ file <VAR><A HREF="docdef.html">path_name</A></VAR>; ] - [ ixfr-base <VAR><A HREF="docdef.html">path_name</A></VAR>; ] - masters [ port <VAR><A HREF="docdef.html">ip_port</A></VAR> ] { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; - [ forward ( only | first ); ] - [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] - [ check-names ( warn | fail | ignore ); ] - [ allow-update { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ allow-query { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ allow-transfer { <VAR><A HREF="address_list.html">address_match_list</A></VAR> }; ] - [ transfer-source <VAR><A HREF="docdef.html">ip_addr</A></VAR>; ] - [ dialup <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ max-transfer-time-in <VAR>number</VAR>; ] - [ notify <VAR><A HREF="docdef.html">yes_or_no</A></VAR>; ] - [ also-notify { <VAR><A HREF="docdef.html">ip_addr</A></VAR>; [ <VAR>ip_addr</VAR>; ... ] }; - [ pubkey <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR><A HREF="docdef.html">number</A></VAR> <VAR>string</VAR>; ] -}; - -zone <VAR><A HREF="docdef.html">domain_name</A></VAR> [ ( in | hs | hesiod | chaos ) ] { - type forward; - [ forward ( only | first ); ] - [ forwarders { [ <VAR><A HREF="docdef.html">ip_addr</A></VAR> ; [ <VAR>ip_addr</VAR> ; ... ] ] }; ] - [ check-names ( warn | fail | ignore ); ] -}; - -zone "." [ ( in | hs | hesiod | chaos ) ] { - type hint; - file <VAR><A HREF="docdef.html">path_name</A></VAR>; - [ check-names ( warn | fail | ignore ); ] -}; -</PRE> - -<HR> - -<A NAME="Usage"><H3>Definition and Usage</H3></A> - -<H4>Zone Types</H4> - -<DL> -<DT><CODE>master</CODE> -<DD> -The server has a master copy of the data for the zone and will be able -to provide authoritative answers for it. - - -<DT><CODE>slave</CODE> -<DD> -A <CODE>slave</CODE> zone is a replica of a master zone. The -<CODE>masters</CODE> list specifies one or more IP addresses that the -slave contacts to update its copy of the zone. If a <CODE>port</CODE> -is specified then checks to see if the zone is current and zone transfers -will be done to the port given. If <CODE>file</CODE> -is specified, the replica will be written to this file whenever -the zone is changed, and reloaded from this file on a server restart. -Use of -<CODE>file</CODE> is recommended, since it often speeds server startup -and eliminates a needless waste of bandwidth. Note that for large numbers -(in the tens or hundreds of thousands) of zones per server, it is best to -use a two level naming scheme for zone file names. For example, a slave -server for the zone <CODE>vix.com</CODE> might place the zone contents into -a file called <CODE>"vi/vix.com"</CODE> where <CODE>vi/</CODE> is just the -first two letters of the zone name. (Most operating systems behave very -slowly if you put 100K files into a single directory.) - -<DT><CODE>stub</CODE> -<DD> -A <CODE>stub</CODE> zone is like a slave zone, except that it replicates -only the NS records of a master zone instead of the entire zone. - -<DT><CODE>forward</CODE> -<DD> -A <CODE>forward</CODE> zone is used to <A HREF="options.html#Forwarding"> -direct all queries</A> in it to other servers. The specification of -options in such a zone will override any global options -declared in the <A HREF="options.html#Forwarding">options</A> statement. - -<P>If either no <CODE>forwarders</CODE> statement is present in the -zone or an empty list for <CODE>forwarders</CODE> is given, no -forwarding will be done for the zone, cancelling the effects of any -<CODE>forwarders</CODE> in the <CODE>options</CODE> statement. -Thus if you want to use this -type of zone to change the behavior of the global <CODE>forward</CODE> -option, and not the servers used, you also need to respecify the -global forwarders. - -<DT><CODE>hint</CODE> -<DD> -The initial set of root nameservers is specified using a -<CODE>hint</CODE> zone. When the server starts up, it uses the root hints -to find a root nameserver and get the most recent list of root nameservers. -</DL> - -<P>Note: previous releases of BIND used the term <EM>primary</EM> for a -master zone, <EM>secondary</EM> for a slave zone, and <EM>cache</EM> for -a hint zone.</P> - -<H4>Class</H4> - -<P>The zone's name may optionally be followed by a class. If a class -is not specified, class <CODE>in</CODE> (for "internet"), is assumed. -This is correct for the vast majority of cases. - -<P>The <CODE>hesiod</CODE> class is for an information service from MIT's -Project Athena. It is used to share information about various systems -databases, such as users, groups, printers and so on. More -information can be found at -<A HREF="ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS">MIT</A>. -The keyword <CODE>hs</CODE> is a synonym for <CODE>hesiod</CODE>.</P> - -<P>Another MIT development was CHAOSnet, a LAN protocol created in the -mid-1970s. It is still sometimes seen on LISP stations and other -hardware in the AI community, and zone data for it can be specified -with the -<CODE>chaos</CODE> class.</P> - -<H4>Options</H4> - -<DL> -<DT><CODE>check-names</CODE> -<DD> -See <A HREF="options.html#NameChecking">Name Checking</A>. - -<DT><CODE>allow-query</CODE> -<DD> -See the description of <CODE>allow-query</CODE> in the -<A HREF="options.html#AccessControl">Access Control</A> section. Note that -this should in general be <I>more restrictive</I> than the similar global -option of the same name; otherwise, confusing and nonworthwhile delegations -will be returned. - -<DT><CODE>allow-update</CODE> -<DD> -Specifies which hosts are allowed to submit Dynamic DNS updates to the -server. The default is to deny updates from all hosts. - -<DT><CODE>allow-transfer</CODE> -<DD> -See the description of <CODE>allow-transfer</CODE> in -the <A HREF="options.html#AccessControl">Access Control</A> section. - -<DT><CODE>transfer-source</CODE> -<DD> -<CODE>transfer-source</CODE> determines which local address will be bound to -the TCP connection used to fetch this zone. If not set, it defaults to a -system controlled value which will usually be the address of the interface -``closest to'' the remote end. This address must appear in the remote end's -<CODE>allow-transfer</CODE> option for this zone if one is specified. - -<DT><CODE>ixfr-base</CODE> -<DD> -<CODE>ixfr-base</CODE> -specifies the file name used for IXFR transaction log file. - -<DT><CODE>max-transfer-time-in</CODE> -<DD> -See the description of <CODE>max-transfer-time-in</CODE> in -the <A HREF="options.html#ZoneTransfers">Zone Transfers</A> section. - -<DT><CODE>dialup</CODE> -<DD> -See the description of <CODE>dialup</CODE> in -the <A HREF="options.html#BooleanOptions">Boolean Options</A> section. - -<DT><CODE>notify</CODE> -<DD> -See the description of <CODE>notify</CODE> in -the <A HREF="options.html#BooleanOptions">Boolean Options</A> section. - -<DT><CODE>also-notify</CODE> -<DD> -<CODE>also-notify</CODE> is only meaningful if <CODE>notify</CODE> is -active for this zone. The set of machines that will receive a DNS -NOTIFY message for this zone is made up of all the listed nameservers -for the zone (other than the primary master) plus any IP addresses -specified with <CODE>also-notify</CODE>. <CODE>also-notify</CODE> is not -meaningful for <CODE>stub</CODE> zones. The default is the empty list. - -<DT><CODE>forward</CODE> -<DD> -<CODE>forward</CODE> is only meaningful if the zone has a -<CODE>forwarders</CODE> list. The <CODE>only</CODE> value causes the -lookup to fail after trying the <CODE>forwarders</CODE> and getting no -answer, while <CODE>first</CODE> would allow a normal lookup to be tried. - -<DT><CODE>forwarders</CODE> -<DD> -The <CODE>forwarders</CODE> option in a zone is used to override the -list of global forwarders. If it is not specified in a zone of type -<CODE>forward</CODE>, <STRONG>no</STRONG> forwarding is done for the -zone; the global options are not used. - -<DT><CODE>pubkey</CODE> -<DD> -A pubkey represents a public key for this zone. It is needed when this is the -top level authoritative zone served by this server and there is no chain of -trust to a <A HREF="trusted-keys.html">trusted key</A>. It is considered -secure, so that data that it signs will be considered secure. The DNSSEC -flags, protocol, and algorithm are specified, as well as a base-64 encoded -string representing the key. - -</DL> -<HR> - -<CENTER><P>[ <A HREF="config.html">BIND Config. File</A> -| <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> -| <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> - -<HR> -<ADDRESS> -Last Updated: $Id: zone.html,v 1.23 1999/09/30 17:58:41 cyarnell Exp $ -</ADDRESS> -</BODY> -</HTML> diff --git a/contrib/bind/doc/man/Makefile b/contrib/bind/doc/man/Makefile deleted file mode 100644 index b792ef92675cc..0000000000000 --- a/contrib/bind/doc/man/Makefile +++ /dev/null @@ -1,423 +0,0 @@ -## Portions Copyright (c) 1993 by Digital Equipment Corporation. -## -## Permission to use, copy, modify, and distribute this software for any -## purpose with or without fee is hereby granted, provided that the above -## copyright notice and this permission notice appear in all copies, and that -## the name of Digital Equipment Corporation not be used in advertising or -## publicity pertaining to distribution of the document or software without -## specific, written prior permission. -## -## THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -## WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -## CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -## SOFTWARE. - -## Portions Copyright (c) 1996,1999 by Internet Software Consortium -## -## Permission to use, copy, modify, and distribute this software for any -## purpose with or without fee is hereby granted, provided that the above -## copyright notice and this permission notice appear in all copies. -## -## THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -## ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -## CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -## SOFTWARE. - -# -# Makefile to install the BIND manual entries. -# -# Default Configuration: -# There are a set of default assignments immediately following this -# note. These defaults are for BSD4.4, BSD/386, other net2-alikes, -# and will install manual entries with following characteristics: -# o They will be catable (i.e., passed through nroff) -# o They will be installed in the directories -# /usr/share/man/catN, where N is 1, 3, 5, 7, 8 -# o They will have an extension of `.0' -# -# Don't change these defaults. Instead, following the default configuration -# are sets of commented values for particular systems that can be used -# to override the default values. -# - -# -# Target directory for the manual directory tree. Eg., may be used to -# specify the path of an NFS-mounted directory for common files. -# -DESTDIR= - -# -# Default location for manual section directories. -# -DESTMAN= /usr/share/man - -# -# Install manuals in ${MANDIR}N. For systems that generate catable manual -# entries on the fly, use -# MANDIR = man -# -MANDIR = cat - -# -# Default extension for manual entries. To install the manual entries under -# their `real' extensions use -# CATEXT = $$N -# -CATEXT = 0 - -# -# Command to install manual entries -# -INSTALL= install - -# -# `install' options to set Owner and Group for manual entries. Eg. for -# BSD `install' use -# MAN_OWNER = -o bin -# MAN_GROUP = -g bin -# -MAN_OWNER = -MAN_GROUP = - -SHELL= /bin/sh - -INDOT= -XFER_INDOT= -# -# Uppercase versions of the above variables (`INDOT_U' and `XFER_INDOT_U') -# are defined for use in `.TH' lines. -# - -# -# Command used to generate a manual entry. By default this produces catable -# manual entries. -# -# For systems that store manuals in MDOC form (eg modern BSD systems) and -# can generate catable manual entries on the fly the following assignment -# can be used. -# MANROFF = cat -# -MANROFF = ( tbl | nroff -mandoc ) - -# -# Default extensions for installed manual entries. The following variables -# have been defined to allow BIND's manual entries to be installed in the -# right place for a given platform. -# -# CMD_EXT = extension for user commands (eg, dig) -# LIB_NETWORK_EXT = extension for network library routines (eg, -# gethostbyname) -# FORMAT_EXT = extension for files describing file formats -# (eg, resolver) -# DESC_EXT = extension for descriptive files (eg, mailaddr) -# SYS_OPS_EXT = extension system operation and maintenance commands -# and applications. (eg, named, named-xfer, syslog) -# -# Associated with each variable is an additional variable with the suffix -# `_DIR' that specifies the suffix to ${MANDIR}. It's needed because on -# some systems, eg., Ultrix, multiple subsections (eg 3x, 3m 3n) are -# stored in generic manual section directories (eg., man3). -# -# Associated with each variable is an additional variable with the suffix -# `_U' which gives the upper case form of the variable for use in `.TH' -# commands. Useful for platforms (such as Solaris 2) that include letters -# in manual sections. -# -CMD_EXT = 1 -CMD_EXT_DIR = ${CMD_EXT} -LIB_NETWORK_EXT = 3 -LIB_NETWORK_EXT_DIR = ${LIB_NETWORK_EXT} -FORMAT_EXT = 5 -FORMAT_EXT_DIR = ${FORMAT_EXT} -DESC_EXT = 7 -DESC_EXT_DIR = ${DESC_EXT} -SYS_OPS_EXT = 8 -SYS_OPS_EXT_DIR = ${SYS_OPS_EXT} - -# -# Additional variables are defined for cross-references within manual -# entries: -# SYSCALL_EXT = extension for system calls -# BSD_SYSCALL_EXT = extension for BSD-specifc system calls. On some -# systems (eg Ultrix) these appear in section 2. -# On other system (eg SunOS 5) these are implemented -# via a BSD-compatibility library and appear in -# section 3. -# LIB_C_EXT = extension for C library routines (eg, signal) -# -SYSCALL_EXT = 2 -SYSCALL_EXT_DIR = ${SYSCALL_EXT} -BSD_SYSCALL_EXT = 2 -BSD_SYSCALL_EXT_DIR = ${BSD_SYSCALL_EXT} -LIB_C_EXT = 3 -LIB_C_EXT_DIR = ${LIB_C_EXT} - -###################################################################### -# -# No user changes needed past this point. -# -###################################################################### -# -# This sed command is used to update the manual entries so they refer to -# the appropriate section of the manual for a given platform. -# -EXT_SED_CMD = INDOT_U=`echo "${INDOT}"|tr "[a-z]" "[A-Z]"`; \ - export INDOT_U; \ - XFER_INDOT_U=`echo "${XFER_INDOT}"|tr "[a-z]" "[A-Z]"`; \ - export XFER_INDOT_U; \ - CMD_EXT_U=`echo "${CMD_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export CMD_EXT_U; \ - SYS_OPS_EXT_U=`echo "${SYS_OPS_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export SYS_OPS_EXT_U; \ - LIB_NETWORK_EXT_U=`echo "${LIB_NETWORK_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export LIB_NETWORK_EXT_U; \ - FORMAT_EXT_U=`echo "${FORMAT_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export FORMAT_EXT_U; \ - DESC_EXT_U=`echo "${DESC_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export DESC_EXT_U; \ - SYSCALL_EXT_U=`echo "${SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export SYSCALL_EXT_U; \ - BSD_SYSCALL_EXT_U=`echo "${BSD_SYSCALL_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export BSD_SYSCALL_EXT_U; \ - LIB_C_EXT_U=`echo "${LIB_C_EXT}"|tr "[a-z]" "[A-Z]"`; \ - export LIB_C_EXT_U; \ - sed -e "s/@INDOT@/${INDOT}/g" \ - -e "s/@INDOT_U@/$${INDOT_U}/g" \ - -e "s/@XFER_INDOT@/${XFER_INDOT}/g" \ - -e "s/@XFER_INDOT_U@/$${XFER_INDOT_U}/g" \ - -e "s/@CMD_EXT@/${CMD_EXT}/g" \ - -e "s/@CMD_EXT_U@/$${CMD_EXT_U}/g" \ - -e "s/@LIB_NETWORK_EXT@/${LIB_NETWORK_EXT}/g" \ - -e "s/@LIB_NETWORK_EXT_U@/$${LIB_NETWORK_EXT_U}/g" \ - -e "s/@FORMAT_EXT@/${FORMAT_EXT}/g" \ - -e "s/@FORMAT_EXT_U@/$${FORMAT_EXT_U}/g" \ - -e "s/@DESC_EXT@/${DESC_EXT}/g" \ - -e "s/@DESC_EXT_U@/$${DESC_EXT_U}/g" \ - -e "s/@SYS_OPS_EXT@/${SYS_OPS_EXT}/g" \ - -e "s/@SYS_OPS_EXT_U@/$${SYS_OPS_EXT_U}/g" \ - -e "s/@SYSCALL_EXT@/${SYSCALL_EXT}/g" \ - -e "s/@SYSCALL_EXT_U@/$${SYSCALL_EXT_U}/g" \ - -e "s/@BSD_SYSCALL_EXT@/${BSD_SYSCALL_EXT}/g" \ - -e "s/@BSD_SYSCALL_EXT_U@/$${BSD_SYSCALL_EXT_U}/g" \ - -e "s/@LIB_C_EXT@/${LIB_C_EXT}/g" \ - -e "s/@LIB_C_EXT_U@/$${LIB_C_EXT_U}/g" - -# -# Command used to produce manual entries -# -MK_MANFILE = ( ${EXT_SED_CMD} | ${MANROFF} ) - -# -# Extensions for the generated manual entries -# -OUT_EXT = lst -CMD_OUT_EXT = ${OUT_EXT}${CMD_EXT} -LIB_NETWORK_OUT_EXT = ${OUT_EXT}${LIB_NETWORK_EXT} -FORMAT_OUT_EXT = ${OUT_EXT}${FORMAT_EXT} -DESC_OUT_EXT = ${OUT_EXT}${DESC_EXT} -SYS_OPS_OUT_EXT = ${OUT_EXT}${SYS_OPS_EXT} - -# -# User command manual entries -# -CMD_BASE = dig host dnsquery dnskeygen -CMD_SRC_EXT = 1 -CMD_SRC = dig.${CMD_SRC_EXT} \ - host.${CMD_SRC_EXT} \ - dnsquery.${CMD_SRC_EXT} \ - dnskeygen.${CMD_SRC_EXT} -CMD_OUT = dig.${CMD_OUT_EXT} \ - host.${CMD_OUT_EXT} \ - dnsquery.${CMD_OUT_EXT} \ - dnskeygen.${CMD_OUT_EXT} - -# -# named manual entries -# -NAMED_BASE = named ndc -SYS_OPS_SRC_EXT = 8 -NAMED_SRC = named.${SYS_OPS_SRC_EXT} ndc.${SYS_OPS_SRC_EXT} -NAMED_OUT = named.${SYS_OPS_OUT_EXT} ndc.${SYS_OPS_OUT_EXT} - -# -# named-xfer manual entry -# -NAMED_XFER_BASE = named-xfer -NAMED_XFER_SRC = named-xfer.${SYS_OPS_SRC_EXT} -NAMED_XFER_OUT = named-xfer.${SYS_OPS_OUT_EXT} - -# -# named-bootconf manual entry -# -NAMED_BOOTCONF_BASE = named-bootconf -NAMED_BOOTCONF_SRC = named-bootconf.${SYS_OPS_SRC_EXT} -NAMED_BOOTCONF_OUT = named-bootconf.${SYS_OPS_OUT_EXT} - -# -# nslookup manual entry -# -NSLOOKUP_BASE = nslookup -NSLOOKUP_SRC = nslookup.${SYS_OPS_SRC_EXT} -NSLOOKUP_OUT = nslookup.${SYS_OPS_OUT_EXT} - -# -# nsupdate manual entry -# -NSUPDATE_BASE = nsupdate -NSUPDATE_SRC = nsupdate.${SYS_OPS_SRC_EXT} -NSUPDATE_OUT = nsupdate.${SYS_OPS_OUT_EXT} - -# -# Network library routines manual entries -# -LIB_NETWORK_BASE = gethostbyname inet_cidr resolver hesiod getnetent \ - tsig getaddrinfo inet_cidr getipnodebyname -LIB_NETWORK_SRC_EXT = 3 -LIB_NETWORK_SRC = gethostbyname.${LIB_NETWORK_SRC_EXT} \ - inet_cidr.${LIB_NETWORK_SRC_EXT} \ - resolver.${LIB_NETWORK_SRC_EXT} \ - hesiod.${LIB_NETWORK_SRC_EXT} \ - getnetent.${LIB_NETWORK_SRC_EXT} \ - tsig.${LIB_NETWORK_SRC_EXT} \ - getaddrinfo.${LIB_NETWORK_SRC_EXT} \ - getnameinfo.${LIB_NETWORK_SRC_EXT} \ - getipnodebyname.${LIB_NETWORK_SRC_EXT} -LIB_NETWORK_OUT = gethostbyname.${LIB_NETWORK_OUT_EXT} \ - inet_cidr.${LIB_NETWORK_OUT_EXT} \ - resolver.${LIB_NETWORK_OUT_EXT} \ - hesiod.${LIB_NETWORK_OUT_EXT} \ - getnetent.${LIB_NETWORK_OUT_EXT} \ - tsig.${LIB_NETWORK_OUT_EXT} \ - getaddrinfo.${LIB_NETWORK_OUT_EXT} \ - getnameinfo.${LIB_NETWORK_OUT_EXT} \ - getipnodebyname.${LIB_NETWORK_OUT_EXT} - -# -# File format manual entries -# -FORMAT_BASE = resolver irs.conf named.conf -FORMAT_SRC_EXT = 5 -FORMAT_SRC = resolver.${FORMAT_SRC_EXT} \ - irs.conf.${FORMAT_SRC_EXT} \ - named.conf.${FORMAT_SRC_EXT} -FORMAT_OUT = resolver.${FORMAT_OUT_EXT} \ - irs.conf.${FORMAT_OUT_EXT} \ - named.conf.${FORMAT_OUT_EXT} - -# -# Feature Description manual entries -# -DESC_BASE = hostname mailaddr -DESC_SRC_EXT = 7 -DESC_SRC = hostname.${DESC_SRC_EXT} mailaddr.${DESC_SRC_EXT} -DESC_OUT = hostname.${DESC_OUT_EXT} mailaddr.${DESC_OUT_EXT} - -.SUFFIXES: .${CMD_SRC_EXT} .${CMD_OUT_EXT} \ - .${SYS_OPS_SRC_EXT} .${SYS_OPS_OUT_EXT} \ - .${LIB_NETWORK_SRC_EXT} .${LIB_NETWORK_OUT_EXT} \ - .${FORMAT_SRC_EXT} .${FORMAT_OUT_EXT} \ - .${DESC_SRC_EXT} .${DESC_OUT_EXT} - -.${CMD_SRC_EXT}.${CMD_OUT_EXT}: - @echo "$*.${CMD_SRC_EXT} -> $*.${CMD_OUT_EXT}" - @${MK_MANFILE} <$*.${CMD_SRC_EXT} >$*.${CMD_OUT_EXT} - -.${SYS_OPS_SRC_EXT}.${SYS_OPS_OUT_EXT}: - @echo "$*.${SYS_OPS_SRC_EXT} -> $*.${SYS_OPS_OUT_EXT}" - @${MK_MANFILE} <$*.${SYS_OPS_SRC_EXT} >$*.${SYS_OPS_OUT_EXT} - -.${LIB_NETWORK_SRC_EXT}.${LIB_NETWORK_OUT_EXT}: - @echo "$*.${LIB_NETWORK_SRC_EXT} -> $*.${LIB_NETWORK_OUT_EXT}" - @${MK_MANFILE} <$*.${LIB_NETWORK_SRC_EXT} >$*.${LIB_NETWORK_OUT_EXT} - -.${FORMAT_SRC_EXT}.${FORMAT_OUT_EXT}: - @echo "$*.${FORMAT_SRC_EXT} -> $*.${FORMAT_OUT_EXT}" - @${MK_MANFILE} <$*.${FORMAT_SRC_EXT} >$*.${FORMAT_OUT_EXT} - -.${DESC_SRC_EXT}.${DESC_OUT_EXT}: - @echo "$*.${DESC_SRC_EXT} -> $*.${DESC_OUT_EXT}" - @${MK_MANFILE} <$*.${DESC_SRC_EXT} >$*.${DESC_OUT_EXT} - -OUTFILES = ${CMD_OUT} ${NAMED_OUT} ${NAMED_XFER_OUT} ${NSLOOKUP_OUT} \ - ${NSUPDATE_OUT} ${LIB_NETWORK_OUT} ${FORMAT_OUT} ${DESC_OUT} \ - ${NAMED_BOOTCONF_OUT} - -all: ${OUTFILES} - -install: ${OUTFILES} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR} - @set -x; N=${CMD_EXT}; for f in ${CMD_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${CMD_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR}/$${f}.${CATEXT}; \ - done - @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${SYS_OPS_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${INDOT}$${f}.${CATEXT}; \ - done - @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_XFER_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${SYS_OPS_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${XFER_INDOT}$${f}.${CATEXT}; \ - done - @set -x; N=${SYS_OPS_EXT}; for f in ${NAMED_BOOTCONF_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${SYS_OPS_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/${XFER_INDOT}$${f}.${CATEXT}; \ - done - @set -x; N=${SYS_OPS_EXT}; for f in ${NSLOOKUP_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${SYS_OPS_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/$${f}.${CATEXT}; \ - done - @set -x; N=${SYS_OPS_EXT}; for f in ${NSUPDATE_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${SYS_OPS_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR}/$${f}.${CATEXT}; \ - done - @set -x; N=${LIB_NETWORK_EXT}; for f in ${LIB_NETWORK_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${LIB_NETWORK_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR}/$${f}.${CATEXT}; \ - done - @set -x; N=${FORMAT_EXT}; for f in ${FORMAT_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${FORMAT_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR}/$${f}.${CATEXT}; \ - done - @set -x; N=${DESC_EXT}; for f in ${DESC_BASE}; do \ - ${INSTALL} -c -m 444 ${MAN_OWNER} ${MAN_GROUP} \ - $${f}.${DESC_OUT_EXT} \ - ${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}/$${f}.${CATEXT}; \ - done - -${DESTDIR}${DESTMAN}/${MANDIR}${CMD_EXT_DIR} \ -${DESTDIR}${DESTMAN}/${MANDIR}${SYS_OPS_EXT_DIR} \ -${DESTDIR}${DESTMAN}/${MANDIR}${LIB_NETWORK_EXT_DIR} \ -${DESTDIR}${DESTMAN}/${MANDIR}${FORMAT_EXT_DIR} \ -${DESTDIR}${DESTMAN}/${MANDIR}${DESC_EXT_DIR}: - mkdir $@ - -links: FRC - @set -ex; ln -s SRC/*.[0-9] . - -depend: - -clean: - rm -f *~ *.BAK *.CKP *.orig - rm -f ${OUTFILES} - -FRC: diff --git a/contrib/bind/doc/man/dig.1 b/contrib/bind/doc/man/dig.1 deleted file mode 100644 index 47284c2d2833f..0000000000000 --- a/contrib/bind/doc/man/dig.1 +++ /dev/null @@ -1,683 +0,0 @@ -.\" $Id: dig.1,v 8.4 1999/10/15 21:29:58 vixie Exp $ -.\" -.\" ++Copyright++ 1993 -.\" - -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" Distributed with 'dig' version 2.0 from University of Southern -.\" California Information Sciences Institute (USC-ISI). -.\" -.\" dig.1 2.0 (USC-ISI) 8/30/90 -.\" -.Dd August 30, 1990 -.Dt DIG @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm dig -.Nd send domain name query packets to name servers -.Sh SYNOPSIS -.Nm dig -.Op Ic @ Ns Ar server -.Ar domain -.Op Aq Ar query-type -.Op Aq Ar query-class -.Op Ic + Ns Aq Ar query-option -.Op Fl Aq Ar dig-option -.Op Ar %comment -.Sh DESCRIPTION -.Ic Dig -(domain information groper) is a flexible command line tool -which can be used to gather information from the Domain -Name System servers. -.Ic Dig -has two modes: simple interactive mode -for a single query, and batch mode which executes a query for -each in a list of several query lines. All query options are -accessible from the command line. -.Pp -The usual simple use of -.Ic dig -will take the form: -.Pp -.Bd -ragged -offset indent-two -.Ic dig @ Ns Ar server domain query-type query-class -.Ed -.Pp -where: -.Bl -tag -width Fl -.It Ar server -may be either a domain name or a dot-notation -Internet address. If this optional field is omitted, -.Ic dig -will attempt to use the default name server for your machine. -.sp 1 -.Em Note: -If a domain name is specified, this will be resolved -using the domain name system resolver (i.e., BIND). If your -system does not support DNS, you may -.Em have -to specify a -dot-notation address. Alternatively, if there is a server -at your disposal somewhere, all that is required is that -.Pa /etc/resolv.conf -be present and indicate where the default -name servers reside, so that -.Ar server -itself can be resolved. See -.Xr resolver @FORMAT_EXT@ -for information on -.Pa /etc/resolv.conf . -.Sy WARNING: -Changing -.Pa /etc/resolv.conf -will affect both the standard resolver library and -.Pq potentially -several programs which use it. -As an option, the user may set the -environment variable -.Ev LOCALRES -to name a file which is to -be used instead of -.Pa /etc/resolv.conf -.Po Ns Ev LOCALRES -is specific to the -.Ic dig -resolver and is not referenced by the standard resolver -.Pc . -If the -.Ev LOCALRES -variable is not set or the specified file -is not readable, then -.Pa /etc/resolv.conf -will be used. -.It Ar domain -is the domain name for which you are requesting information. -See the -.Fl x -option (documented in the -.Sx OTHER OPTIONS -subsection of this section) for convenient way to specify inverse address -query. -.It Ar query-type -is the type of information (DNS query type) that -you are requesting. If omitted, the default is -.Dq Ar a -.Pq Dv T_A = Ar address . -The following types are recognized: -.Pp -.Bl -hang -width "hinfo T_HINFO " -compact -.It Ar a\ \ \ \ \ \ Dv T_A -network address -.It Ar any\ \ \ \ Dv T_ANY -all/any information about specified domain -.It Ar mx\ \ \ \ \ Dv T_MX -mail exchanger for the domain -.It Ar ns\ \ \ \ \ Dv T_NS -name servers -.It Ar soa\ \ \ \ Dv T_SOA -zone of authority record -.It Ar hinfo\ \ Dv T_HINFO -host information -.It Ar axfr\ \ \ Dv T_AXFR -zone transfer (must ask an authoritative server) -.It Ar txt\ \ \ \ Dv T_TXT -arbitrary number of strings -.El -.Pp -(See RFC 1035 for the complete list.) -.It Ar query-class -is the network class requested in the query. If -omitted, the default is -.Dq Ar in -.Pq Dv C_IN = Ar Internet . -The following classes are recognized: -.Pp -.Bl -tag -width "hinfo T_HINFO " -compact -.It Ar in\ \ \ \ \ Dv C_IN -Internet class domain -.It Ar any\ \ \ \ Dv C_ANY -all/any class information -.El -.Pp -(See RFC 1035 for the complete list.) -.Pp -.Em Note: -.Dq Ar Any -can be used to specify a -.Em class -and/or a -.Em type -of query. -.Ic Dig -will parse the first occurrence of -.Dq Ar any -to mean -.Ar query-type = Dv T_ANY . -To specify -.Ar query-class = Dv C_ANY , -you must either specify -.Dq any -twice, or set -.Ar query-class -using the -.Fl c -option (see below). -.El -.Ss OTHER OPTIONS -.Bl -tag -width Fl -.It % Ns Ar ignored-comment -.Dq % -is used to included an argument that is simply not -parsed. This may be useful if running -.Ic dig -in batch -mode. Instead of resolving every -.Ar @server-domain-name -in a list of queries, you can avoid the overhead of doing -so, and still have the domain name on the command line -as a reference. Example: -.Pp -.Bd -ragged -offset indent-two -.Ic dig @128.9.0.32 %venera.isi.edu mx isi.edu -.Ed -.Pp -.It Fl Aq Ar dig option -.Dq Fl -is used to specify an option which affects the operation of -.Ic dig . -The following options are currently -available (although not guaranteed to be useful): -.Bl -tag -width Fl -.It Fl x Ar dot-notation-address -Convenient form to specify inverse address mapping. -Instead of -.Dq Ic dig 32.0.9.128.in-addr.arpa , -one can simply -.Dq Ic dig -x 128.9.0.32 . -.It Fl f Ar file -File for -.Ic dig -batch mode. The file contains a list -of query specifications -( -.Ns Ic dig -command lines) which are to be executed successively. Lines beginning with -.Sq \&; , -.Sq # , -or -.Sq \en -are ignored. Other options -may still appear on command line, and will be in -effect for each batch query. -.It Fl T Ar time -Time in seconds between start of successive -queries when running in batch mode. Can be used -to keep two or more batch -.Ic dig -commands running -roughly in sync. Default is zero. -.It Fl p Ar port -Port number. Query a name server listening to a -non-standard port number. Default is 53. -.It Fl P Ns Bq Ar ping-string -After query returns, execute a -.Xr ping @SYS_OPS_EXT@ -command for response time comparison. This rather -unelegantly makes a call to the shell. The last -three lines of statistics is printed for the -command: -.Pp -.Bd -ragged -offset indent-two -.Ic ping Fl s server_name 56 3 -.Ed -.Pp -If the optional -.Dq Ar ping_string -is present, it -replaces -.Dq Ic ping Fl s -in the shell command. -.It Fl t Ar query-type -Specify type of query. May specify either an -integer value to be included in the type field -or use the abbreviated mnemonic as discussed -above (i.e., -.Ar mx = Dv T_MX ) . -.It Fl c Ar query-class -Specify class of query. May specify either an -integer value to be included in the class field -or use the abbreviated mnemonic as discussed -above (i.e., in = C_IN). -.It Fl k Ar keydir:keyname -Sign the query with the TSIG key named keyname -that is in the directory keydir. -.It Fl envsav -This flag specifies that the -.Ic dig -environment -(defaults, print options, etc.), after -all of the arguments are parsed, should be saved -to a file to become the default environment. -This is useful if you do not like the standard set of -defaults and do not desire to include a -large number of options each time -.Ic dig -is used. The environment consists of resolver state -variable flags, timeout, and retries as well as the flags detailing -.Ic dig -output (see below). -If the shell environment variable -.Ev LOCALDEF -is set to the name of a file, this is where the default -.Ic dig -environment is saved. If not, the file -.Dq Pa DiG.env -is created in the current working directory. -.Pp -.Em Note: -.Ev LOCALDEF -is specific to the -.Ic dig -resolver, -and will not affect operation of the standard -resolver library. -.Pp -Each time -.Ic dig -is executed, it looks for -.Dq Pa ./DiG.env -or the file specified by the shell environment variable -.Ev LOCALDEF . -If such file exists and is readable, then the -environment is restored from this file before any arguments are parsed. -.It Fl envset -This flag only affects batch query runs. When -.Dq Fl envset -is specified on a line in a -.Ic dig -batch file, the -.Ic dig -environment after the arguments are parsed -becomes the default environment for the duration of -the batch file, or until the next line which specifies -.Dq Fl envset . -.It Xo -.Fl Op Cm no -.Ns Cm stick -.Xc -This flag only affects batch query runs. -It specifies that the -.Ic dig -environment (as read initially -or set by -.Dq Fl envset -switch) is to be restored before each query (line) in a -.Ic dig -batch file. -The default -.Dq Fl nostick -means that the -.Ic dig -environment does not stick, hence options specified on a single line -in a -.Ic dig -batch file will remain in effect for -subsequent lines (i.e. they are not restored to the -.Dq sticky -default). -.El -.It Ic + Ns Aq Ar query-option -.Dq + -is used to specify an option to be changed in the query packet or to change -.Ic dig -output specifics. Many of these are the same parameters accepted by -.Xr nslookup @SYS_OPS_EXT@ . -If an option requires a parameter, the form is as follows: -.Pp -.Bd -ragged -offset indent-two -.Ic + -.Ns Ar keyword -.Ns Op = Ns Ar value -.Ed -.Pp -Most keywords can be abbreviated. Parsing of the -.Dq + -options is very simplistic \(em a value must not be -separated from its keyword by white space. The following -keywords are currently available: -.Pp -Keyword Abbrev. Meaning [default] -.Pp -.Bl -tag -width "[no]primary (ret) " -compact -.It Xo -.Op Cm no -.Ns Cm debug\ \ \ \ -.Pq Cm deb -.Xc -turn on/off debugging mode -.Bq Cm deb -.It Xo -.Op Cm no -.Ns Cm d2\ \ \ \ \ \ \ \ \ \ -.Xc -turn on/off extra debugging mode -.Bq Cm nod2 -.It Xo -.Op Cm no -.Ns Cm recurse\ \ -.Pq Cm rec -.Xc -use/don't use recursive lookup -.Bq Cm rec -.It Xo -.Cm retry= Ns Ar # -.Cm \ \ \ \ \ -.Pq Cm ret -.Xc -set number of retries to # -.Bq 4 -.It Xo -.Cm time= Ns Ar # -.Cm \ \ \ \ \ \ -.Pq Cm ti -.Xc -set timeout length to # seconds -.Bq 4 -.It Xo -.Op Cm no -.Ns Cm ko -.Xc -keep open option (implies vc) -.Bq Cm noko -.It Xo -.Op Cm no -.Ns Cm vc -.Xc -use/don't use virtual circuit -.Bq Cm novc -.It Xo -.Op Cm no -.Ns Cm defname\ \ -.Pq Cm def -.Xc -use/don't use default domain name -.Bq Cm def -.It Xo -.Op Cm no -.Ns Cm search\ \ \ -.Pq Cm sea -.Xc -use/don't use domain search list -.Bq Cm sea -.It Xo -.Cm domain= Ns Ar NAME\ \ -.Pq Cm do -.Xc -set default domain name to -.Ar NAME -.It Xo -.Op Cm no -.Ns Cm ignore\ \ \ -.Pq Cm i -.Xc -ignore/don't ignore trunc. errors -.Bq Cm noi -.It Xo -.Op Cm no -.Ns Cm primary\ \ -.Pq Cm pr -.Xc -use/don't use primary server -.Bq Cm nopr -.It Xo -.Op Cm no -.Ns Cm aaonly\ \ \ -.Pq Cm aa -.Xc -authoritative query only flag -.Bq Cm noaa -.It Xo -.Op Cm no -.Ns Cm cmd -.Xc -echo parsed arguments -.Bq Cm cmd -.It Xo -.Op Cm no -.Ns Cm stats\ \ \ \ -.Pq Cm st -.Xc -print query statistics -.Bq Cm st -.It Xo -.Op Cm no -.Ns Cm Header\ \ \ -.Pq Cm H -.Xc -print basic header -.Bq Cm H -.It Xo -.Op Cm no -.Ns Cm header\ \ \ -.Pq Cm he -.Xc -print header flags -.Bq Cm he -.It Xo -.Op Cm no -.Ns Cm ttlid\ \ \ \ -.Pq Cm tt -.Xc -print TTLs -.Bq Cm tt -.It Xo -.Op Cm no -.Ns Cm cl -.Xc -print class info -.Bq Cm nocl -.It Xo -.Op Cm no -.Ns Cm qr -.Xc -print outgoing query -.Bq Cm noqr -.It Xo -.Op Cm no -.Ns Cm reply\ \ \ \ -.Pq Cm rep -.Xc -print reply -.Bq Cm rep -.It Xo -.Op Cm no -.Ns Cm ques\ \ \ \ \ -.Pq Cm qu -.Xc -print question section -.Bq Cm qu -.It Xo -.Op Cm no -.Ns Cm answer\ \ \ -.Pq Cm an -.Xc -print answer section -.Bq Cm an -.It Xo -.Op Cm no -.Ns Cm author\ \ \ -.Pq Cm au -.Xc -print authoritative section -.Bq Cm au -.It Xo -.Op Cm no -.Ns Cm addit\ \ \ \ -.Pq Cm ad -.Xc -print additional section -.Bq Cm ad -.It Cm pfdef -set to default print flags -.It Cm pfmin -set to minimal default print flags -.It Cm pfset= Ns Ar # -set print flags to # -(# can be hex/octal/decimal) -.It Cm pfand= Ns Ar # -bitwise and print flags with # -.It Cm pfor= Ns Ar # -bitwise or print flags with # -.El -.Pp -The -.Cm retry -and -.Cm time -options affect the retransmission strategy used by the resolver -library when sending datagram queries. The algorithm is as follows: -.Pp -.Bd -literal -offset indent -for i = 0 to retry - 1 - for j = 1 to num_servers - send_query - wait((time * (2**i)) / num_servers) - end -end -.Ed -.Pp -(Note: -.Ic dig -always uses a value of 1 for -.Dq Li num_servers . ) -.El -.Ss DETAILS -.Ic Dig -once required a slightly modified version of the BIND -.Xr resolver @LIB_NETWORK_EXT@ -library. As of BIND 4.9, BIND's resolver has been augmented to work -properly with -.Ic dig . -Essentially, -.Ic dig -is a straight-forward -(albeit not pretty) effort of parsing arguments and setting appropriate -parameters. -.Ic Dig -uses -.Xr resolver @LIB_NETWORK_EXT@ -routines -.Fn res_init , -.Fn res_mkquery , -.Fn res_send -as well as accessing the -.Ft _res -structure. -.Sh ENVIRONMENT -.Bl -tag -width "LOCALRES " -compact -.It Ev LOCALRES -file to use in place of Pa /etc/resolv.conf -.It Ev LOCALDEF -default environment file -.El -.Pp -See also the explanation of the -.Fl envsav , -.Fl envset , -and -.Xo -.Fl Op Cm no -.Ns Cm stick -.Xc -options, above. -.Sh FILES -.Bl -tag -width "/etc/resolv.conf " -compact -.It Pa /etc/resolv.conf -initial domain name and name server addresses -.It Pa \./DiG.env -default save file for default options -.El -.Sh SEE ALSO -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ , -.Xr nslookup @SYS_OPS_EXT@ . -.Sh STANDARDS -RFC 1035. -.Sh AUTHOR -Steve Hotz -hotz@isi.edu -.Sh ACKNOWLEDGMENTS -.Ic Dig -uses functions from -.Xr nslookup @SYS_OPS_EXT@ -authored by Andrew Cherenson. -.Sh BUGS -.Ic Dig -has a serious case of "creeping featurism" -- the result of -considering several potential uses during it's development. It would -probably benefit from a rigorous diet. Similarly, the print flags -and granularity of the items they specify make evident their -rather ad hoc genesis. -.Pp -.Ic Dig -does not consistently exit nicely (with appropriate status) -when a problem occurs somewhere in the resolver -.Po Sy NOTE: -most of the common exit cases are handled -.Pc . -This is particularly annoying when running in -batch mode. If it exits abnormally (and is not caught), the entire -batch aborts; when such an event is trapped, -.Ic dig -simply -continues with the next query. diff --git a/contrib/bind/doc/man/dnskeygen.1 b/contrib/bind/doc/man/dnskeygen.1 deleted file mode 100644 index 4b3c4069bab9a..0000000000000 --- a/contrib/bind/doc/man/dnskeygen.1 +++ /dev/null @@ -1,132 +0,0 @@ -.\" Copyright (c) 1996,1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.\" $Id: dnskeygen.1,v 8.5 1999/02/23 05:20:18 vixie Exp $ -.\" -.Dd December 2, 1998 -.Dt DNSKEYGEN @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm dnskeygen -.Nd generate public, private, and shared secret keys for DNS Security -.Sh SYNOPSIS -.Nm dnskeygen -.Oo Fl -.Op Cm DHR -.Ar size -.Oc -.Op Fl F -.Fl Op Cm zhu -.Op Cm Fl a -.Op Cm Fl c -.Op Cm Fl p Ar num -.Op Cm Fl s Ar num -.Fl n Ar name -.Sh DESCRIPTION -.Ic Dnskeygen -(DNS Key Generator) is a tool to generate and maintain keys for DNS Security -within the DNS (Domain Name System). -.Nm Dnskeygen -can generate public and private keys to authenticate zone data, and shared -secret keys to be used for Request/Transaction signatures. -.Bl -tag -width Fl -.It Fl D -Dnskeygen will generate a -.Ic DSA/DSS -key. -.Dq size -must be one of [512, 576, 640, 704, 768, 832, 896, 960, 1024]. -.It Fl H -Dnskeygen will generate an -.Ic HMAC-MD5 -key. -.Dq size -must be between 128 and 504. -.It Fl R -Dnskeygen will generate an -.Ic RSA -key. -.Dq size -must be between 512 and 4096. -.It Fl F -.Ic (RSA only) -Use a large exponent for key generation. -.It Fl z Fl h Fl u -These flags define the type of key being generated: Zone (DNS validation) key, -Host (host or service) key or User (e.g. email) key, respectively. -Each key is only allowed to be one of these. -.It Fl a -Indicates that the key -.Ic CANNOT -be used for authentication. -.It Fl c -Indicates that the key -.Ic CANNOT -be used for encryption. -.It Fl p Ar num -Sets the key's protocol field to -.Ar num -; the default is -.Ic 3 -(DNSSEC) if -.Dq Fl z -or -.Dq Fl h -is specified and -.Ic 2 -(EMAIL) otherwise. Other accepted values are -.Ic 1 -(TLS), -.Ic 4 -(IPSEC), and -.Ic 255 -(ANY). -.It Fl s Ar num -Sets the key's strength field to -.Ar num; -the default is -.Sy 0. -.It Fl n Ar name -Sets the key's name to -.Ar name. -.El -.Ss DETAILS -.Ic Dnskeygen -stores each key in two files: -.Pa K<name>+<alg>+<footprint>.private -and -.Pa K<name>+<alg>+<footprint>.key -The file -.Pa K<name>+<alg>+<footprint>.private -contains the private key in a portable format. The file -.Pa K<name>+<alg>+<footprint>.key -contains the public key in the DNS zone file format: -.Pp -.D1 Ar <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus> -.Pp -.Sh ENVIRONMENT -No environmental variables are used. -.Sh SEE ALSO -.Em RFC 2065 -on secure DNS and the -.Em TSIG -Internet Draft. -.Sh AUTHOR -Olafur Gudmundsson (ogud@tis.com). -.Sh ACKNOWLEDGMENTS -The underlying cryptographic math is done by the DNSSAFE and/or Foundation -Toolkit libraries. -.Sh BUGS -None are known at this time diff --git a/contrib/bind/doc/man/dnsquery.1 b/contrib/bind/doc/man/dnsquery.1 deleted file mode 100644 index 2662ab40170ca..0000000000000 --- a/contrib/bind/doc/man/dnsquery.1 +++ /dev/null @@ -1,178 +0,0 @@ -.\" $Id: dnsquery.1,v 8.3 1999/01/08 18:54:21 vixie Exp $ -.\" -.\"Copyright (c) 1995,1996,1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.\" -.Dd March 10, 1990 -.Dt DNSQUERY @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm dnsquery -.Nd query domain name servers using resolver -.Sh SYNOPSIS -.Nm dnsquery -.Op Fl n Ar nameserver -.Op Fl t Ar type -.Op Fl c Ar class -.Op Fl r Ar retry -.Op Fl p Ar period -.Op Fl d -.Op Fl s -.Op Fl v -.Ar host -.Sh DESCRIPTION -The -.Ic dnsquery -program is a general interface to nameservers via -BIND resolver library calls. The program supports -queries to the nameserver with an opcode of QUERY. -This program is intended to be a replacement or -supplement to programs like nstest, nsquery and -nslookup. All arguments except for -.Ar host -and -.Ar nameserver -are treated without case-sensitivity. -.Sh OPTIONS -.Bl -tag -width Fl -.It Fl n Ar nameserver -The nameserver to be used in the query. Nameservers can appear as either -Internet addresses of the form -.Ar w.x.y.z -or can appear as domain names. -(Default: as specified in -.Pa /etc/resolv.conf . ) -.It Fl t Ar type -The type of resource record of interest. Types include: -.Bl -tag -width "AFSDB " -compact -offset indent -.It Ar A -address -.It Ar NS -nameserver -.It Ar CNAME -canonical name -.It Ar PTR -domain name pointer -.It Ar SOA -start of authority -.It Ar WKS -well-known service -.It Ar HINFO -host information -.It Ar MINFO -mailbox information -.It Ar MX -mail exchange -.It Ar RP -responsible person -.It Ar MG -mail group member -.It Ar AFSDB -DCE or AFS server -.It Ar ANY -wildcard -.El -.Pp -Note that any case may be used. (Default: -.Ar ANY . ) -.It Fl c Ar class -The class of resource records of interest. -Classes include: -.Bl -tag -width "CHAOS " -compact -offset indent -.It Ar IN -Internet -.It Ar HS -Hesiod -.It Ar CHAOS -Chaos -.It Ar ANY -wildcard -.El -.Pp -Note that any case may be used. (Default: -.Ar IN . ) -.It Fl r Ar retry -The number of times to retry if the nameserver is -not responding. (Default: 4.) -.It Fl p Ar period -Period to wait before timing out. (Default: -.Dv RES_TIMEOUT . ) -.It Fl d -Turn on debugging. This sets the -.Dv RES_DEBUG -bit of the resolver's -.Ft options -field. (Default: no debugging.) -.It Fl s -Use a -.Em stream -rather than a packet. This uses a TCP stream connection with -the nameserver rather than a UDP datagram. This sets the -.Dv RES_USEVC -bit of the resolver's -.Ft options -field. (Default: UDP datagram.) -.It Fl v -Synonym for the -.Dq Fl s -flag. -.It Ar host -The name of the host (or domain) of interest. -.El -.Sh FILES -.Bl -tag -width "<arpa/nameser.h> " -compact -.It Pa /etc/resolv.conf -to get the default ns and search lists -.It Pa <arpa/nameser.h> -list of usable RR types and classes -.It Pa <resolv.h> -list of resolver flags -.El -.Sh DIAGNOSTICS -If the resolver fails to answer the query and debugging has not been -turned on, -.Ic dnsquery -will simply print a message like: -.Dl Query failed (rc = 1) : Unknown host -.Pp -The value of the return code is supplied by -.Ft h_errno . -.Sh SEE ALSO -.Xr nslookup @SYS_OPS_EXT@ , -.Xr nstest @CMD_EXT@ , -.Xr nsquery @CMD_EXT@ , -.Xr named @SYS_OPS_EXT@ , -.Xr resolver @FORMAT_EXT@ . -.Sh AUTHOR -Bryan Beecher -.Sh BUGS -Queries of a class other than -.Ar IN -can have interesting results -since ordinarily a nameserver only has a list of root nameservers -for class -.Ar IN -resource records. -.Pp -.Ic Dnsquery -uses a call to -.Fn inet_addr -to determine if the argument -for the -.Dq Fl n -option is a valid Internet address. Unfortunately, -.Fn inet_addr -seems to cause a segmentation fault with some (bad) -IP addresses (e.g., 1.2.3.4.5). diff --git a/contrib/bind/doc/man/dnssigner.1 b/contrib/bind/doc/man/dnssigner.1 deleted file mode 100644 index 1fb4ce4623c23..0000000000000 --- a/contrib/bind/doc/man/dnssigner.1 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Copyright (c) 1996 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.\" $Id: dnssigner.1,v 8.2 1997/03/14 02:29:42 vixie Exp $ -.\" -.Dd October 25, 1996 -.Dt DNSSIGNER @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm dnssigner -.Nd add signatures to DNS zone files -.Sh SYNOPSIS -.Nm dnssigner -.Op Cm signer-name Ar default_signer -.Op Cm boot-file Ar file -.Op Cm debug-file Ar file -.Op Cm out-dir Ar directory -.Op Cm seq-no Ar number -.Oo -.Cm expiration-time -.Oo Po Cm + -.Ns \&| -.Ns Cm = -.Pc Oc -.Ns Ar time -.Oc -.Op Cm hide -.Op Cm noaxfr -.Op Cm nosign -.Op Cm verify -.Op Cm update-zonekey -.Op Fl d Ns Ar level -.Sh DESCRIPTION -.Ic Dnssigner -(Sign DNS zone database) is a tool to generate signatures -for DNS (Domain Name System) resource records. It also generates -NXT records for each zone. -.Pp -.Bl -tag -width Fl -.It Cm signer-name Ar default_signer -Specifies a name of the key to use if no signer is defined using the -.Em Li $SIGNER -directive in the boot files. -.It Cm boot-file Ar file -Specifies the control file for -.Ic dnssigner , -which is in the same format as the BIND-4 -.Pa named.boot -file. -.It Cm debug-file Ar file -Redirect debug output to the specified -.Ar file ; -default is -.Pa signer_out -in the current directory. -.It Cm out-dir Ar directory -Write signed files to thie specified -.Ar directory ; -default is to use -.Pa /tmp . -.Pp -.Sy NOTE : -Specify the full path to this directory; relative paths may not work. -.It Xo Cm expiration-time -.Oo Po Cm + -.Ns \&| -.Ns Cm = -.Pc Oc -.Ns Ar time -.Xc -Time when the signature records are to -expire. Using either -.Dq Cm = -or -.Em no -sign before the -.Ar time -argument -.Po i.e., -.Do Op Cm = -.Ns Ar time -.Dc -.Pc , -the -.Ar time -is interpreted as an absolute time in seconds when the records will expire. -.Po Sy NOTE : - All such times are interpreted as Universal Times. -.Pc -With -.Dq Cm + -specified -.Pq i.e., Dq Cm + Ns Ar time , -the -.Ar time -time is interpreted as an offset into the future. -.Pp -If not specified on the command line, the default -.Cm expiration-time -is 3600*24*30 sec (30 days). -.It Cm seq-no Ar number -Force the serial number in the SOA records to the specified value. -If this parameter is not set, the serial number will be set to a value -based on the current time. -.It Cm hide -This flag will cause NXT records in zones with wildcard -records to point to -.Li *.<zone> -as the next host. The purpose of this -flag is to hide all information about valid names in a zone. -.It Cm noaxfr -Turn of generation of zone transfer signature records, -which validate the transfer of an entire zone. -.It Cm nosign -When this flag is specified, the boot files are read, NXT -records are generated and zone file is written to the output -directory. No SIG records are generated. This flag is useful for -quickly checking the format of the data in the boot files, and to -have boot files sorted into DNSSEC order. -.It Cm verify -When this flag is present, -.Ic dnssigner -will verify all -signed records and print out a confirmation message for each SIG -verified. The main use of this flag is to see how long it takes to -generate each signature. -.It Cm update-zonekey -If this flag is specified, then the zonekeys used -to sign files will be updated with new records. Specify this flag if -one or more of the keys have been updated. If there are no zonekeys -specified in the boot files, this flag will insert them. Omitting -zonekeys will cause primary nameservers to reject the zone. -.It Fl d Ns Ar level -Debug level to use for running -.Ic dnssigner ; -these levels are the same as those used by -.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ -.El -.Ss DETAILS -.Ic Dnssigner -reads BIND-4 -.Pa named.boot -and zone files, adds SIG and NXT -records and writes out the records (to one file per zone, regardless of -how many include files the original zone was in). The files generated by -.Ic dnssigner -are ordinary textual zone files and are then normally -loaded by -.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ -to serve the zone. -.Ic Dnssigner -\fBrequires that the PRIVATE key(s) reside in the input directory\fP. -.Pp -Making manual changes to the output files is hazardous, because most -changes will invalidate one or more signatures contained therein. This -will cause the zone to fail to load into -.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ , -or will cause subsequent -failures in retrieving records from the zone. It is far better to make -changes in -.Ic dnssigner's -input files, and rerun -.Ic dnssigner . -.Pp -When -.Ic dnssigner -detects a delegation point, it creates a special file -.Pa <zone_name>.PARENT -which contains the RR's the parent zone signs for the -child zone (NS, KEY, NXT). The intent is that the child will include this -file when loading primary nameservers. Similarly, each zone file ends -with the -.Dq Li #include <zone_name>.PARENT -command. The records -in the -.Pa .PARENT -files are omitted from the SIG(AXFR) calculations as these -records usualy are on a different signing cycle. -.Pp -The -.Em Li Dq $SIGNER Op Ar keyname -directive can be used to change signers in a -zone. If -.Ar keyname -is omitted, signing is turned off. Keys are loaded the -first time the keys are accessed. Only records that are signed by the -zone signer (the key that signs the SOA) are included in the SIG(AXFR) -calculation. It is not generally recommended that multiple keys sign -records in the same zone, unless this is useful for dynamic updates. -.Sh ENVIRONMENT -No environmental variables are used. -.Sh SEE ALSO -.Xr @INDOT_U@NAMED @SYS_OPS_EXT_U@ , -RSAREF documentation, -Internet-Draft -.Em draft-ietf-dnssec-secext-10.txt -on Secure DNS, or its successor. -.Sh AUTHOR -Olafur Gudmundsson (ogud@tis.com) -.Sh ACKNOWLEDGMENTS -The underlying crypto math is done by the RSAREF or BSAFE libraries. diff --git a/contrib/bind/doc/man/getaddrinfo.3 b/contrib/bind/doc/man/getaddrinfo.3 deleted file mode 100644 index a906c5d1738c5..0000000000000 --- a/contrib/bind/doc/man/getaddrinfo.3 +++ /dev/null @@ -1,361 +0,0 @@ -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 -.\" $Id: getaddrinfo.3,v 8.1 1999/01/11 21:30:51 vixie Exp $ -.\" -.Dd May 25, 1995 -.Dt GETADDRINFO @LIB_NETWORK_EXT@ -.Os KAME -.Sh NAME -.Nm getaddrinfo -.Nm freeaddrinfo , -.Nm gai_strerror -.Nd nodename-to-address translation in protocol-independent manner -.Sh SYNOPSIS -.Fd #include <sys/socket.h> -.Fd #include <netdb.h> -.Ft int -.Fn getaddrinfo "const char *nodename" "const char *servname" \ -"const struct addrinfo *hints" "struct addrinfo **res" -.Ft void -.Fn freeaddrinfo "struct addrinfo *ai" -.Ft "char *" -.Fn gai_strerror "int ecode" -.Sh DESCRIPTION -The -.Fn getaddrinfo -function is defined for protocol-independent nodename-to-address translation. -It performs functionality of -.Xr gethostbyname @LIB_NETWORK_EXT@ -and -.Xr getservbyname @LIB_NETWORK_EXT@ , -in more sophisticated manner. -.Pp -The addrinfo structure is defined as a result of including the -.Li <netdb.h> -header: -.Bd -literal -offset -struct addrinfo { * - int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for nodename */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -.Ed -.Pp -The -.Fa nodename -and -.Fa servname -arguments are pointers to null-terminated strings or -.Dv NULL . -One or both of these two arguments must be a -.Pf non Dv -NULL -pointer. -In the normal client scenario, both the -.Fa nodename -and -.Fa servname -are specified. -In the normal server scenario, only the -.Fa servname -is specified. -A -.Pf non Dv -NULL -.Fa nodename -string can be either a node name or a numeric host address string -.Po -i.e., a dotted-decimal IPv4 address or an IPv6 hex address -.Pc . -A -.Pf non Dv -NULL -.Fa servname -string can be either a service name or a decimal port number. -.Pp -The caller can optionally pass an -.Li addrinfo -structure, pointed to by the third argument, -to provide hints concerning the type of socket that the caller supports. -In this -.Fa hints -structure all members other than -.Fa ai_flags , -.Fa ai_family , -.Fa ai_socktype , -and -.Fa ai_protocol -must be zero or a -.Dv NULL -pointer. -A value of -.Dv PF_UNSPEC -for -.Fa ai_family -means the caller will accept any protocol family. -A value of 0 for -.Fa ai_socktype -means the caller will accept any socket type. -A value of 0 for -.Fa ai_protocol -means the caller will accept any protocol. -For example, if the caller handles only TCP and not UDP, then the -.Fa ai_socktype -member of the hints structure should be set to -.Dv SOCK_STREAM -when -.Fn getaddrinfo -is called. -If the caller handles only IPv4 and not IPv6, then the -.Fa ai_family -member of the -.Fa hints -structure should be set to -.Dv PF_INET -when -.Fn getaddrinfo -is called. -If the third argument to -.Fn getaddrinfo -is a -.Dv NULL -pointer, this is the same as if the caller had filled in an -.Li addrinfo -structure initialized to zero with -.Fa ai_family -set to PF_UNSPEC. -.Pp -Upon successful return a pointer to a linked list of one or more -.Li addrinfo -structures is returned through the final argument. -The caller can process each -.Li addrinfo -structure in this list by following the -.Fa ai_next -pointer, until a -.Dv NULL -pointer is encountered. -In each returned -.Li addrinfo -structure the three members -.Fa ai_family , -.Fa ai_socktype , -and -.Fa ai_protocol -are the corresponding arguments for a call to the -.Fn socket -function. -In each -.Li addrinfo -structure the -.Fa ai_addr -member points to a filled-in socket address structure whose length is -specified by the -.Fa ai_addrlen -member. -.Pp -If the -.Dv AI_PASSIVE -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the caller plans to use the returned socket address -structure in a call to -.Fn bind . -In this case, if the -.Fa nodename -argument is a -.Dv NULL -pointer, then the IP address portion of the socket -address structure will be set to -.Dv INADDR_ANY -for an IPv4 address or -.Dv IN6ADDR_ANY_INIT -for an IPv6 address. -.Pp -If the -.Dv AI_PASSIVE -bit is not set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the returned socket address structure will be ready for a -call to -.Fn connect -.Pq for a connection-oriented protocol -or either -.Fn connect , -.Fn sendto , or -.Fn sendmsg -.Pq for a connectionless protocol . -In this case, if the -.Fa nodename -argument is a -.Dv NULL -pointer, then the IP address portion of the -socket address structure will be set to the loopback address. -.Pp -If the -.Dv AI_CANONNAME -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then upon successful return the -.Fa ai_canonname -member of the first -.Li addrinfo -structure in the linked list will point to a null-terminated string -containing the canonical name of the specified -.Fa nodename . -.Pp -If the -.Dv AI_NUMERICHOST -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then a -.Pf non Dv -NULL -.Fa nodename -string must be a numeric host address string. -Otherwise an error of -.Dv EAI_NONAME -is returned. -This flag prevents any type of name resolution service (e.g., the DNS) -from being called. -.Pp -All of the information returned by -.Fn getaddrinfo -is dynamically allocated: -the -.Li addrinfo -structures, and the socket address structures and canonical node name -strings pointed to by the addrinfo structures. -To return this information to the system the function -Fn freeaddrinfo -is called. -The -.Fa addrinfo -structure pointed to by the -.Fa ai argument -is freed, along with any dynamic storage pointed to by the structure. -This operation is repeated until a -.Dv NULL -.Fa ai_next -pointer is encountered. -.Pp -To aid applications in printing error messages based on the -.Dv EAI_xxx -codes returned by -.Fn getaddrinfo , -.Fn gai_strerror -is defined. -The argument is one of the -.Dv EAI_xxx -values defined earlier and the return value points to a string describing -the error. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.Sh FILES -.Bl -tag -width /etc/resolv.conf -compact -.It Pa /etc/hosts -.It Pa /etc/host.conf -.It Pa /etc/resolv.conf -.El -.Sh DIAGNOSTICS -Error return status from -.Fn getaddrinfo -is zero on success and non-zero on errors. -Non-zero error codes are defined in -.Li <netdb.h> , -and as follows: -.Pp -.Bl -tag -width EAI_ADDRFAMILY -compact -.It Dv EAI_ADDRFAMILY -address family for nodename not supported -.It Dv EAI_AGAIN -temporary failure in name resolution -.It Dv EAI_BADFLAGS -invalid value for ai_flags -.It Dv EAI_FAIL -non-recoverable failure in name resolution -.It Dv EAI_FAMILY -ai_family not supported -.It Dv EAI_MEMORY -memory allocation failure -.It Dv EAI_NODATA -no address associated with nodename -.It Dv EAI_NONAME -nodename nor servname provided, or not known -.It Dv EAI_SERVICE -servname not supported for ai_socktype -.It Dv EAI_SOCKTYPE -ai_socktype not supported -.It Dv EAI_SYSTEM -system error returned in errno -.El -.Pp -If called with proper argument, -.Fn gai_strerror -returns a pointer to a string describing the given error code. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.Sh SEE ALSO -.Xr getnameinfo @LIB_NETWORK_EXT@ , -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr getservbyname @LIB_NETWORK_EXT@ , -.Xr hosts @FORMAT_EXT@ , -.Xr services @FORMAT_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr named @SYS_OPS_EXT@ -.Pp -R. Gilligan, S. Thomson, J. Bound, and W. Stevens, -``Basic Socket Interface Extensions for IPv6,'' RFC2133, April 1997. -.Sh HISTORY -The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.Sh STANDARDS -The -.Fn getaddrinfo -function is defined IEEE POSIX 1003.1g draft specification, -and documented in ``Basic Socket Interface Extensions for IPv6'' -.Pq RFC2133 . -.Sh BUGS -The text was shamelessly copied from RFC2133. diff --git a/contrib/bind/doc/man/gethostbyname.3 b/contrib/bind/doc/man/gethostbyname.3 deleted file mode 100644 index 0498bd8b59553..0000000000000 --- a/contrib/bind/doc/man/gethostbyname.3 +++ /dev/null @@ -1,246 +0,0 @@ -.\" Copyright (c) 1983, 1987 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted provided -.\" that: (1) source distributions retain this entire copyright notice and -.\" comment, and (2) distributions including binaries display the following -.\" acknowledgement: ``This product includes software developed by the -.\" University of California, Berkeley and its contributors'' in the -.\" documentation or other materials provided with the distribution and in -.\" all advertising materials mentioning features or use of this software. -.\" Neither the name of the University nor the names of its contributors may -.\" be used to endorse or promote products derived from this software without -.\" specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)gethostbyname.3 6.12 (Berkeley) 6/23/90 -.\" -.Dd June 23, 1990 -.Dt GETHOSTBYNAME @LIB_NETWORK_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm gethostbyname , -.Nm gethostbyaddr , -.Nm gethostent , -.Nm sethostent , -.Nm endhostent , -.Nm herror -.Nd get network host entry -.Sh SYNOPSIS -.Fd #include <netdb.h> -.Ft extern int -.Fa h_errno; -.Pp -.Ft struct hostent * -.Fn gethostbyname "char *name"; -.Ft struct hostent * -.Fn gethostbyname2 "char *name" "int af"; -.Ft struct hostent * -.Fn gethostbyaddr "char *addr" "int len, type"; -.Ft struct hostent * -.Fn gethostent -.Fn sethostent "int stayopen"; -.Fn endhostent -.Fn herror "char *string"; -.Sh DESCRIPTION -.Fn Gethostbyname , -.Fn gethostbyname2 , -and -.Fn gethostbyaddr -each return a pointer to a -.Ft hostent -structure (see below) describing an internet host -referenced by name or by address, as the function names indicate. -This structure contains either the information obtained from the name server, -.Xr @INDOT@named @SYS_OPS_EXT@ , -or broken-out fields from a line in -.Pa /etc/hosts . -If the local name server is not running, these routines do a lookup in -.Pa /etc/hosts . -.Bd -literal -offset indent -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; - -#define h_addr h_addr_list[0] /* address, for backward compatibility */ -.Ed -.Pp -The members of this structure are: -.Bl -tag -width "h_addr_list" -.It h_name -Official name of the host. -.It h_aliases -A zero-terminated array of alternate names for the host. -.It h_addrtype -The type of address being returned; usually -.Dv AF_INET . -.It h_length -The length, in bytes, of the address. -.It h_addr_list -A zero-terminated array of network addresses for the host. -Host addresses are returned in network byte order. -.It h_addr -The first address in -.Li h_addr_list ; -this is for backward compatibility. -.El -.Pp -When using the nameserver, -.Fn gethostbyname -will search for the named host in each parent domain given in the -.Dq Li search -directive of -.Xr resolv.conf @FORMAT_EXT@ -unless the name contains a dot -.Pq Dq \&. . -If the name contains no dot, and if the environment variable -.Ev HOSTALIASES -contains the name of an alias file, the alias file will first be searched -for an alias matching the input name. -See -.Xr hostname @DESC_EXT@ -for the domain search procedure and the alias file format. -.Pp -.Fn Gethostbyname2 -is an evolution of -.Fn gethostbyname -intended to allow lookups in address families other than -.Dv AF_INET , -for example, -.Dv AF_INET6 . -Currently, the -.Fa af -argument must be specified as -.Dv AF_INET -else the function will return -.Dv NULL -after having set -.Ft h_errno -to -.Dv NETDB_INTERNAL . -.Pp -.Fn Sethostent -may be used to request the use of a connected TCP socket for queries. -If the -.Fa stayopen -flag is non-zero, -this sets the option to send all queries to the name server using TCP -and to retain the connection after each call to -.Fn gethostbyname -or -.Fn gethostbyaddr . -Otherwise, queries are performed using UDP datagrams. -.Pp -.Fn Endhostent -closes the TCP connection. -.Sh ENVIRONMENT -.Bl -tag -width "HOSTALIASES " -compress -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh FILES -.Bl -tag -width "HOSTALIASES " -compress -.It Pa /etc/hosts -See -.Xr hosts @FORMAT_EXT@ . -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh DIAGNOSTICS -.Pp -Error return status from -.Fn gethostbyname -and -.Fn gethostbyaddr -is indicated by return of a null pointer. -The external integer -.Ft h_errno -may then be checked to see whether this is a temporary failure -or an invalid or unknown host. -The routine -.Fn herror -can be used to print an error message describing the failure. -If its argument -.Fa string -is non-NULL, it is printed, followed by a colon and a space. -The error message is printed with a trailing newline. -.Pp -.Ft h_errno -can have the following values: -.Bl -tag -width "HOST_NOT_FOUND " -offset indent -.It Dv NETDB_INTERNAL -This indicates an internal error in the library, unrelated to the network -or name service. -.Ft errno -will be valid in this case; see -.Xr perror @SYSCALL_EXT@ . -.It Dv HOST_NOT_FOUND -No such host is known. -.It Dv TRY_AGAIN -This is usually a temporary error -and means that the local server did not receive -a response from an authoritative server. -A retry at some later time may succeed. -.It Dv NO_RECOVERY -Some unexpected server failure was encountered. -This is a non-recoverable error, as one might expect. -.It Dv NO_DATA -The requested name is valid but does not have an IP address; -this is not a temporary error. -This means that the name is known to the name server but there is no address -associated with this name. -Another type of request to the name server using this domain name -will result in an answer; -for example, a mail-forwarder may be registered for this domain. -.El -.Sh SEE ALSO -.Xr hosts @FORMAT_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ . -.Sh CAVEAT -.Pp -.Fn Gethostent -is defined, and -.Fn sethostent -and -.Fn endhostent -are redefined, -when -.Pa libc -is built to use only the routines to lookup in -.Pa /etc/hosts -and not the name server: -.Bd -filled -offset indent -.Pp -.Fn Gethostent -reads the next line of -.Pa /etc/hosts , -opening the file if necessary. -.Pp -.Fn Sethostent -is redefined to open and rewind the file. If the -.Fa stayopen -argument is non-zero, -the hosts data base will not be closed after each call to -.Fn gethostbyname -or -.Fn gethostbyaddr . -.Pp -.Fn Endhostent -is redefined to close the file. -.Ed -.Sh BUGS -All information is contained in a static area so it must be copied if it is -to be saved. Only the Internet address format is currently understood. diff --git a/contrib/bind/doc/man/getipnodebyname.3 b/contrib/bind/doc/man/getipnodebyname.3 deleted file mode 100644 index 3396c3a2bcf5a..0000000000000 --- a/contrib/bind/doc/man/getipnodebyname.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" Copyright (c) 1996,1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.\" Copyright (c) 1983, 1987 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted provided -.\" that: (1) source distributions retain this entire copyright notice and -.\" comment, and (2) distributions including binaries display the following -.\" acknowledgement: ``This product includes software developed by the -.\" University of California, Berkeley and its contributors'' in the -.\" documentation or other materials provided with the distribution and in -.\" all advertising materials mentioning features or use of this software. -.\" Neither the name of the University nor the names of its contributors may -.\" be used to endorse or promote products derived from this software without -.\" specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.Dd September 17, 1999 -.Dt GETIPNODEBYNAME @LIB_NETWORK_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm getipnodebyname , -.Nm getipnodebyaddr -.Nd get network host entry -.br -.Nm freehostent -.Nd free network host entry -.Sh SYNOPSIS -.Fd #include <netdb.h> -.Pp -.Ft struct hostent * -.Fn getipnodebyname "const char *name" "int af" "int flags" "int *error"; -.Ft struct hostent * -.Fn getipnodebyaddr "const void *addr" "size_t len" "int af" "int *error"; -.Ft void -.Fn freehostent "struct hostent *he"; -.Sh DESCRIPTION -.Fn Getipnodebyname , -and -.Fn getipnodebyaddr -each return a pointer to a -.Ft hostent -structure (see below) describing an internet host -referenced by name or by address, as the function names indicate. -This structure contains either the information obtained from the name server, -.Xr @INDOT@named @SYS_OPS_EXT@ , -or broken-out fields from a line in -.Pa /etc/hosts . -If the local name server is not running, these routines do a lookup in -.Pa /etc/hosts . -.Bd -literal -offset indent -struct hostent { - char *h_name; /* official name of host */ - char **h_aliases; /* alias list */ - int h_addrtype; /* host address type */ - int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ -}; - -#define h_addr h_addr_list[0] /* address, for backward compatibility */ -.Ed -.Pp -The members of this structure are: -.Bl -tag -width "h_addr_list" -.It h_name -Official name of the host. -.It h_aliases -A zero-terminated array of alternate names for the host. -.It h_addrtype -The type of address being returned. -.It h_length -The length, in bytes, of the address. -.It h_addr_list -A zero-terminated array of network addresses for the host. -Host addresses are returned in network byte order. -.It h_addr -The first address in -.Li h_addr_list ; -this is for backward compatibility. -.El -.Pp -This structure should be freed after use by calling -.Fn freehostent . -.Pp -When using the nameserver, -.Fn getiphostbyaddr -will search for the named host in each parent domain given in the -.Dq Li search -directive of -.Xr resolv.conf @FORMAT_EXT@ -unless the name contains a dot -.Pq Dq \&. . -If the name contains no dot, and if the environment variable -.Ev HOSTALIASES -contains the name of an alias file, the alias file will first be searched -for an alias matching the input name. -See -.Xr hostname @DESC_EXT@ -for the domain search procedure and the alias file format. -.Pp -.Fn Getiphostbyaddr -can be told to look for IPv4 addresses, IPv6 addresses or both IPv4 and IPv6. -If IPv4 addresses only are to be looked up then -.Fa af -should be set to -.Dv AF_INET , -otherwise it should be set to -.Dv AF_INET6 . -.Pp -There are three flags that can be set -.Bl -tag -width "AI_ADDRCONFIG" -.It Dv AI_V4MAPPED -Return IPv4 addresses if no IPv6 addresses are found. -This flag is ignored unless -.Fa af -is -.Dv AF_INET6 . -.It Dv AI_ALL -Return IPv4 addresses as well IPv6 addresses if -.Dv AI_V4MAPPED -is set. -This flag is ignored unless -.Fa af -is -.Dv AF_INET6 . -.It Dv AI_ADDRCONFIG -Only return addresses of a given type if the system has an active interface -with that type. -.El -.Pp -Also -.Dv AI_DEFAULT -is defined to be -.Dv (AI_V4MAPPED|AI_ADDRCONFIG) . -.Pp -.Fn Getipnodebyaddr -will lookup IPv4 mapped and compatible addresses in the IPv4 name -space and IPv6 name space -.Pp -.Fn Freehostent -frees the hostent structure allocated be -.Fn getipnodebyname -and -.Fn getipnodebyaddr . -The structures returned by -.Fn gethostbyname , -.Fn gethostbyname2 , -.Fn gethostbyaddr -and -.Fn gethostent -should not be passed to -.Fn freehostent -as they are pointers to static areas. -.Sh ENVIRONMENT -.Bl -tag -width "HOSTALIASES " -compress -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh FILES -.Bl -tag -width "HOSTALIASES " -compress -.It Pa /etc/hosts -See -.Xr hosts @FORMAT_EXT@ . -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh DIAGNOSTICS -.Pp -Error return status from -.Fn getipnodebyname -and -.Fn getipnodebyaddr -is indicated by return of a null pointer. -In this case -.Ft error -may then be checked to see whether this is a temporary failure -or an invalid or unknown host. -.Ft errno -can have the following values: -.Bl -tag -width "HOST_NOT_FOUND " -offset indent -.It Dv NETDB_INTERNAL -This indicates an internal error in the library, unrelated to the network -or name service. -.Ft errno -will be valid in this case; see -.Xr perror @SYSCALL_EXT@ . -.It Dv HOST_NOT_FOUND -No such host is known. -.It Dv TRY_AGAIN -This is usually a temporary error -and means that the local server did not receive -a response from an authoritative server. -A retry at some later time may succeed. -.It Dv NO_RECOVERY -Some unexpected server failure was encountered. -This is a non-recoverable error, as one might expect. -.It Dv NO_ADDRESS -The requested name is valid but does not have an IP address; -this is not a temporary error. -This means that the name is known to the name server but there is no address -associated with this name. -Another type of request to the name server using this domain name -will result in an answer; -for example, a mail-forwarder may be registered for this domain. -.El -.Sh SEE ALSO -.Xr hosts @FORMAT_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ , -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr RFC2553 . diff --git a/contrib/bind/doc/man/getnameinfo.3 b/contrib/bind/doc/man/getnameinfo.3 deleted file mode 100644 index 02548c0845bde..0000000000000 --- a/contrib/bind/doc/man/getnameinfo.3 +++ /dev/null @@ -1,103 +0,0 @@ -.\" $Id: getnameinfo.3,v 8.1 1999/01/11 21:30:51 vixie Exp $ -.\" -.\"Copyright (c) 1998,1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.\" -.Dd January 11, 1999 -.Dt GETRNAMEINFO @LIB_NETWORK_EXT@ -.Sh NAME -.Nm getnameinfo -.Nd address-to-name translation in protocol-independent manner -.Sh SYNOPSIS -.Fd #include <sys/socket.h> -.Fd #include <netdb.h> -.Ft int -.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" \ -"char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags" -.Sh DESCRIPTION -The -.Fn getnameinfo -function is defined for protocol-independent address-to-nodename translation. -It performs functionality of -.Xr gethostbyaddr @LIB_NETWORK_EXT@ -and -.Xr getservbyport @LIB_NETWORK_EXT@ -in more sophisticated manner. -.Pp -The -.Fa sa -arguement is a pointer to a generic socket address structure of size -.Fa salen . -The arguements -.Fa host -and -.Fa serv -are pointers to buffers to hold the return values. -Their sizes are specified by -.Fa hostlen -and -.Fa servlen -repectively. -Either -.Fa host -or -.Fa serv -may be -.Dv NULL -if the hostname or service name is not required. -.Pp -The -.Fa flags -arguement modifies the behaviour of -.Fn getnameinfo -as follows: -.Pp -If -.Dv NI_NOFQDN -is set only the unqualified hostname is returned for local fully -qualified names. -.Pp -If -.Dv NI_NUMERICHOST -is set then the numeric form of the hostname is returned. -.Pp -If -.Dv NI_NAMEREQD -is set, then a error is returned if the hostname cannot be looked up. -.Pp -If -.Dv NI_NUMERICSERV -is set then the service is returned in numeric form. -.Pp -If -.Dv NI_DGRAM -is set then the service is UDP based rather than TCP based. -.Sh SEE ALSO -.Xr getaddrinfo @LIB_NETWORK_EXT@ , -.Xr gethostbyaddr @LIB_NETWORK_EXT@ , -.Xr getservbyport @LIB_NETWORK_EXT@ , -.Xr hosts @FORMAT_EXT@ , -.Xr services @FORMAT_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr named @SYS_OPS_EXT@ -.Pp -R. Gilligan, S. Thomson, J. Bound, and W. Stevens, -``Basic Socket Interface Extensions for IPv6,'' RFC2133, April 1997. -.Sh STANDARDS -The -.Fn getaddrinfo -function is defined IEEE POSIX 1003.1g draft specification, -and documented in ``Basic Socket Interface Extensions for IPv6'' -.Pq RFC2133 . diff --git a/contrib/bind/doc/man/getnetent.3 b/contrib/bind/doc/man/getnetent.3 deleted file mode 100644 index 4f600e0007c68..0000000000000 --- a/contrib/bind/doc/man/getnetent.3 +++ /dev/null @@ -1,153 +0,0 @@ -.\" $Id: getnetent.3,v 8.4 1999/01/08 18:54:23 vixie Exp $ -.\" -.\"Copyright (c) 1995,1996,1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.\" -.Dd May 20, 1996 -.Dt GETNETENT @LIB_NETWORK_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm getnetent , -.Nm getnetbyaddr , -.Nm getnetbyname , -.Nm setnetent , -.Nm endnetent -.Nd get networks entry -.Sh SYNOPSIS -.Fd #include <netdb.h> -.Ft struct netent * -.Fn getnetent -.Ft struct netent * -.Fn getnetbyname "char name"; -.Ft struct netent * -.Fn getnetbyaddr "unsigned long net" "int type"; -.Ft void -.Fn setnetent "int stayopen"; -.Ft void -.Fn endnetent -.Sh DESCRIPTION -The -.Fn getnetent , -.Fn getnetbyname , -and -.Fn getnetbyaddr -subroutines -each return a pointer to an object with the following structure -containing the broken-out fields of a line in the -.Pa networks -database. -.Bd -literal -offset indent -struct netent { - char *n_name; /* official name of net */ - char **n_aliases; /* alias list */ - int n_addrtype; /* net number type */ - long n_net; /* net number */ -}; -.Ed -.Pp -The members of this structure are: -.Bl -tag -width "n_addrtype" -.It n_name -The official name of the network. -.It n_aliases -A zero-terminated list of alternate names for the network. -.It n_addrtype -The type of the network number returned: -.Dv AF_INET . -.It n_net -The network number. Network numbers are returned in machine byte -order. -.El -.Pp -If the -.Fa stayopen -flag on a -.Fn setnetent -subroutine is NULL, the -.Pa networks -database is opened. Otherwise, the -.Fn setnetent -has the effect of rewinding the -.Pa networks -database. -The -.Fn endnetent -subroutine may be called to -close the -.Pa networks -database when processing is complete. -.Pp -The -.Fn getnetent -subroutine simply reads the next -line while -.Fn getnetbyname -and -.Fn getnetbyaddr -search until a matching -.Fa name -or -.Fa net -number is found -(or until -.Dv EOF -is encountered). The -.Fa type must be -.Dv AF_INET . -The -.Fn getnetent -subroutine keeps a pointer in the database, allowing -successive calls to be used to search the entire file. -.Pp -Before a -.Ic while -loop using -.Fn getnetent , -a call to -.Fn setnetent -must be made -in order to perform initialization; a call to -.Fn endnetent -must be used after the loop. Both -.Fn getnetbyname -and -.Fn getnetbyaddr -make calls to -.Fn setnetent -and -.Fn endnetent . -.Sh FILES -.Pa /etc/networks -.Sh DIAGNOSTICS -Null pointer (0) returned on -.Dv EOF -or error. -.Sh SEE ALSO -.Xr networks @FORMAT_EXT@ , -RFC 1101. -.Sh HISTORY -The -.Fn "getnetent" , -.Fn "getnetbyaddr" , -.Fn "getnetbyname" , -.Fn "setnetent" , -and -.Fn "endnetent" -functions appeared in 4.2BSD. -.Sh BUGS -The data space used by these functions is static; if future use requires the -data, it should be copied before any subsequent calls to these functions -overwrite it. Only Internet network numbers are currently understood. -Expecting network numbers to fit in no more than 32 bits is probably naive. diff --git a/contrib/bind/doc/man/hesiod.3 b/contrib/bind/doc/man/hesiod.3 deleted file mode 100644 index 284b8f4f71788..0000000000000 --- a/contrib/bind/doc/man/hesiod.3 +++ /dev/null @@ -1,129 +0,0 @@ -.\" $Id: hesiod.3,v 8.1 1999/04/12 02:47:00 vixie Exp $ -.\" -.\" Copyright 1988, 1996 by the Massachusetts Institute of Technology. -.\" -.\" Permission to use, copy, modify, and distribute this -.\" software and its documentation for any purpose and without -.\" fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright -.\" notice and this permission notice appear in supporting -.\" documentation, and that the name of M.I.T. not be used in -.\" advertising or publicity pertaining to distribution of the -.\" software without specific, written prior permission. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" -.\" without express or implied warranty. -.\" -.TH HESIOD 3 "30 November 1996" -.SH NAME -hesiod, hesiod_init, hesiod_resolve, hesiod_free_list, hesiod_to_bind, hesiod_end \- Hesiod name server interface library -.SH SYNOPSIS -.nf -.B #include <hesiod.h> -.PP -.B int hesiod_init(void **\fIcontext\fP) -.B char **hesiod_resolve(void *\fIcontext\fP, const char *\fIname\fP, -.B const char *\fItype\fP) -.B void hesiod_free_list(void *\fIcontext\fP, char **\fIlist\fP); -.B char *hesiod_to_bind(void *\fIcontext\fP, const char *\fIname\fP, -.B const char *\fItype\fP) -.B void hesiod_end(void *\fIcontext\fP) -.fi -.SH DESCRIPTION -This family of functions allows you to perform lookups of Hesiod -information, which is stored as text records in the Domain Name -Service. To perform lookups, you must first initialize a -.IR context , -an opaque object which stores information used internally by the -library between calls. -.I hesiod_init -initializes a context, storing a pointer to the context in the -location pointed to by the -.I context -argument. -.I hesiod_end -frees the resources used by a context. -.PP -.I hesiod_resolve -is the primary interface to the library. If successful, it returns a -list of one or more strings giving the records matching -.I name -and -.IR type . -The last element of the list is followed by a NULL pointer. It is the -caller's responsibility to call -.I hesiod_free_list -to free the resources used by the returned list. -.PP -.I hesiod_to_bind -converts -.I name -and -.I type -into the DNS name used by -.IR hesiod_resolve . -It is the caller's responsibility to free the returned string using -.IR free . -.SH RETURN VALUES -If successful, -.I hesiod_init -returns 0; otherwise it returns \-1 and sets -.I errno -to indicate the error. On failure, -.I hesiod_resolve -and -.I hesiod_to_bind -return NULL and set the global variable -.I errno -to indicate the error. -.SH ENVIRONMENT -If the environment variable -.B HES_DOMAIN -is set, it will override the domain in the Hesiod configuration file. -If the environment variable -.B HESIOD_CONFIG -is set, it specifies the location of the Hesiod configuration file. -.SH SEE ALSO -`Hesiod - Project Athena Technical Plan -- Name Service', named(8), -hesiod.conf(5) -.SH ERRORS -Hesiod calls may fail because of: -.IP ENOMEM -Insufficient memory was available to carry out the requested -operation. -.IP ENOEXEC -.I hesiod_init -failed because the Hesiod configuration file was invalid. -.IP ECONNREFUSED -.I hesiod_resolve -failed because no name server could be contacted to answer the query. -.IP EMSGSIZE -.I hesiod_resolve -failed because the query or response was too big to fit into the -packet buffers. -.IP ENOENT -.I hesiod_resolve -failed because the name server had no text records matching -.I name -and -.IR type , -or -.I hesiod_to_bind -failed because the -.I name -argument had a domain extension which could not be resolved with type -``rhs-extension'' in the local Hesiod domain. -.SH AUTHOR -Steve Dyer, IBM/Project Athena -.br -Greg Hudson, MIT Team Athena -.br -Copyright 1987, 1988, 1995, 1996 by the Massachusetts Institute of Technology. -.SH BUGS -The strings corresponding to the -.I errno -values set by the Hesiod functions are not particularly indicative of -what went wrong, especially for -.I ENOEXEC -and -.IR ENOENT . diff --git a/contrib/bind/doc/man/host.1 b/contrib/bind/doc/man/host.1 deleted file mode 100644 index 017d0829845d6..0000000000000 --- a/contrib/bind/doc/man/host.1 +++ /dev/null @@ -1,316 +0,0 @@ -.\" ++Copyright++ 1993 -.\" - -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" $Id: host.1,v 8.2 1997/03/14 02:29:44 vixie Exp $ -.Dd December 15, 1994 -.Dt HOST @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm host -.Nd look up host names using domain server -.Sh SYNOPSIS -.Nm host -.Op Fl l -.Op Fl v -.Op Fl w -.Op Fl r -.Op Fl d -.Op Fl t Ar querytype -.Op Fl a -.Ar host -.Op Ar server -.Sh DESCRIPTION -.Ic Host -looks for information about Internet hosts. It gets this information -from a set of interconnected servers that are spread across the -country. By default, it simply converts between host names and -Internet addresses. However, with the -.Dq Fl t -or -.Dq Fl a -options, it can be used -to find all of the information about this host that is maintained -by the domain server. -.Pp -The arguments can be either host names or host numbers. The program -first attempts to interpret them as host numbers. If this fails, -it will treat them as host names. A host number consists of -first decimal numbers separated by dots, e.g. 128.6.4.194 -A host name consists of names separated by dots, e.g. topaz.rutgers.edu. -Unless the name ends in a dot, the local domain -is automatically tacked on the end. Thus, a Rutgers user can say -.Pp -.D1 Ic host topaz -.Pp -and it will actually look up "topaz.rutgers.edu". -If this fails, the name is tried unchanged (in this case, "topaz"). -This same convention is used for mail and other network utilities. -The actual suffix to tack on the end is obtained -by looking at the results of a -.Xr hostname @CMD_EXT@ -call, and using everything -starting at the first dot. (See below for a description of -.Sx CUSTOMIZING HOST NAME LOOKUP . ) -.Pp -The first argument is the host name you want to look up. -If this is a number, an -.Dq inverse query -is done, i.e. the domain -system looks in a separate set of databases used to convert numbers -to names. -.Pp -The second argument is optional. It -allows you to specify a particular server to query. If you don't -specify this argument, the default server (normally the local machine) -is used. -.Pp -If a name is specified, you may see output of three different kinds. -Here is an example that shows all of them: -.Pp -.D1 Ic % host sun4 -.Dl sun4.rutgers.edu is a nickname for ATHOS.RUTGERS.EDU -.Dl ATHOS.RUTGERS.EDU has address 128.6.5.46 -.Dl ATHOS.RUTGERS.EDU has address 128.6.4.4 -.Dl ATHOS.RUTGERS.EDU mail is handled by ARAMIS.RUTGERS.EDU -.Pp -The user has typed the command -.Dq Ic host sun4 . -The first line indicates that the name -.Dq Li sun4.rutgers.edu -is actually a nickname. The official host name is -.Dq Li ATHOS.RUTGERS.EDU . -The next two lines show the -address. If a system has more than one network interface, there -will be a separate address for each. The last line indicates -that -.Li ATHOS.RUTGERS.EDU -does not receive its own mail. Mail for -it is taken by -.Li ARAMIS.RUTGERS.EDU . -There may be more than one -such line, since some systems have more than one other system -that will handle mail for them. Technically, every system that -can receive mail is supposed to have an entry of this kind. If -the system receives its own mail, there should be an entry -the mentions the system itself; for example, -.Pp -.D1 Li XXX mail is handled by XXX -.Pp -However, many systems that receive -their own mail do not bother to mention that fact. If a system -has a -.Dq Li mail is handled by -entry, but no address, this indicates -that it is not really part of the Internet, but a system that is -on the network will forward mail to it. Systems on Usenet, Bitnet, -and a number of other networks have entries of this kind. -.Sh OPTIONS -There are a number of options that can be used before the -host name. Most of these options are meaningful only to the -staff who have to maintain the domain database. -.Bl -tag -width Fl -.It Fl w -This causes -.Ic host -to wait forever for a response. Normally -it will time out after approximate one minute. -.It Fl v -Use "verbose" format for printout. This -is the official domain master file format, which is documented -in the man page for -.Xr @INDOT@named @SYS_OPS_EXT@ . -Without this option, output still follows -this format in general terms, but some attempt is made to make it -more intelligible to normal users. Without -.Dq Fl v , -any "a", "mx", and "cname" records -are written out as "has address", "mail is handled by", and -"is a nickname for" (respectively), and TTL and class fields are not shown. -.It Fl r -Turn off recursion in the request. -This means that the name server will return only data it has in -its own database. It will not ask other servers for more -information. -.It Fl d -Turn on debugging. Network transactions are shown in detail. -.It Fl t Ar querytype -Allows you to specify a particular -.Ar querytype -of information -to be looked up. The arguments are defined in the man page for -.Xr @INDOT@named @SYS_OPS_EXT@ . -Currently-supported types include: -.Dq Cm a , -.Dq Cm ns , -.Dq Cm md , -.Dq Cm mf , -.Dq Cm cname , -.Dq Cm soa , -.Dq Cm mb , -.Dq Cm mg , -.Dq Cm mr , -.Dq Cm null , -.Dq Cm wks , -.Dq Cm ptr , -.Dq Cm hinfo , -.Dq Cm minfo , -.Dq Cm mx , -.Dq Cm uinfo , -.Dq Cm uid , -.Dq Cm gid , -.Dq Cm unspec . -Additionally, the wildcard, which may be written -as either -.Dq Cm any -or -.Dq Cm * , -can be used to specify any (all) of the above types. -Types must be given in lower case. -Note that the default is to look first for -.Dq Cm a , -and then -.Dq Cm mx , -except that if the verbose option is turned on, the default is only -.Dq Cm a . -The -.Dq Fl t -option is particularly useful for filtering information returned by -.Ic host ; -see the explanation of the -.Dq Fl l -option, below, for more information. -.It Fl a -.Dq all ; -this is equivalent to -.Dq Fl v Fl t Cm any . -.It Fl l -List a complete domain; e.g.: -.Pp -.D1 Ic host -l rutgers.edu -.Pp -will give a listing of all hosts in the rutgers.edu domain. The -.Dq Fl t -option is used to filter what information is presented, as you -would expect. The default is address information, which also -include PTR and NS records. The command -.Pp -.D1 Ic host -l -v -t any rutgers.edu -.Pp -will give a complete download of the zone data for rutgers.edu, -in the official master file format. (However the SOA record is -listed twice, for arcane reasons.) -.Pp -.Sy NOTE: -.Dq Fl l -is implemented by -doing a complete zone transfer and then filtering out the information -the you have asked for. This command should be used only if it -is absolutely necessary. -.Sh CUSTOMIZING HOST NAME LOOKUP -In general, if the name supplied by the user does not -have any dots in it, a default domain is appended to the end. -This domain can be defined in -.Pa /etc/resolv.conf , -but is normally derived -by taking the local hostname after its first dot. The user can override -this, and specify a different default domain, using the environment -variable -.Ev LOCALDOMAIN . -In addition, the user can supply his own abbreviations for host names. -They should be in a file consisting of one line per abbreviation. -Each line contains an abbreviation, a space, and then the full -host name. The name file must be contained in the -.Ev HOSTALIASES -environment variable. -.Sh ENVIRONMENT -.Bl -tag -width "/etc/resolv.conf " -compress -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh FILES -.Bl -tag -width "/etc/resolv.conf " -compress -.It Pa /etc/resolv.conf -See -.Xr resolver @FORMAT_EXT@ . -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh SEE ALSO -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @FORMAT_EXT@ . -.Sh BUGS -Unexpected effects can happen when you type a name that is not -part of the local domain. Please always keep in mind the -fact that the local domain name is tacked onto the end of every -name, unless it ends in a dot. Only if this fails is the name -used unchanged. -.Pp -The -.Dq Fl l -option only tries the first name server listed for the -domain that you have requested. If this server is dead, you -may need to specify a server manually. E.g., to get a listing -of foo.edu, you could try -.Pp -.D1 Ic host -t ns foo.edu -.Pp -to get a list of all the name servers for foo.edu, and then try -.Pp -.D1 Ic host -l foo.edu xxx -.Pp -for all -.Dq Ic xxx -on the list of name servers, until you find one that works. diff --git a/contrib/bind/doc/man/hostname.7 b/contrib/bind/doc/man/hostname.7 deleted file mode 100644 index 6a92d642d4e22..0000000000000 --- a/contrib/bind/doc/man/hostname.7 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Copyright (c) 1987 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)hostname.7 6.4 (Berkeley) 1/16/90 -.\" -.Dd February 16, 1994 -.Dt HOSTNAME @DESC_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm hostname -.Nd host name resolution description -.Sh DESCRIPTION -Hostnames are domains. A domain is a hierarchical, dot-separated list -of subdomains. For example, the machine -.Dq Li monet , -in the -.Dq Li Berkeley -subdomain of the -.Dq Li EDU -subdomain of the Internet Domain Name System would be represented as -.Pp -.Dl monet.Berkeley.EDU -.Pp -(with no trailing dot). -.Pp -Hostnames are often used with network client and server programs, -which must generally translate the name to an address for use. -(This task is usually performed by the library routine -.Xr gethostbyname @LIB_NETWORK_EXT@ . ) -The default method for resolving hostnames by the Internet name resolver is -to follow RFC 1535's security recommendations. Actions can be taken -by the administrator to override these recommendations and to have the -resolver behave the same as earlier, non-RFC 1535 -resolvers. -.Pp -The default method (using RFC 1535 guidelines) follows: -.Pp -If the name consists of a single component, i.e. contains no dot, and if the -environment variable -.Dq Ev HOSTALIASES -is set to the name of a file, -that file is searched for a string matching the input hostname. The file -should consist of lines made up of two strings separated by white-space, the -first of which is the hostname alias, and the second of which is the complete -hostname to be substituted for that alias. If a case-insensitive match is -found between the hostname to be resolved and the first field of a line in -the file, the substituted name is looked up with no further processing. -.Pp -If there is at least one dot in the name, then the name is first tried -.Dq as-is . -The number of dots to cause this action is configurable by setting the -threshold using the -.Dq Li ndots -option in -.Pa /etc/resolv.conf -(default: 1). If the name ends with a dot, the trailing dot is -removed, and the remaining name is looked up (regardless of the setting of -the -.Li ndots -option), without further processing. -.Pp -If the input name does not end with a trailing dot, it is looked up by -searching through a list of domains until a match is found. If neither the -search option in the -.Pa /etc/resolv.conf -file or the -.Dq Ev LOCALDOMAIN -environment variable is used, then the -search list of domains contains only the full domain specified by the -.Li domain -option (in -.Pa /etc/resolv.conf ) -or the domain used in the local hostname (see -.Xr hostname @CMD_EXT@ -and -.Xr resolver @FORMAT_EXT@ ) . -For example, if the -.Dq Li domain -option is set to -.Li CS.Berkeley.EDU , -then only -.Li CS.Berkeley.EDU -will be in the search list, and this will be the only -domain appended to the partial hostname. For example, if -.Dq Li lithium -is the name to be resolved, this would make -.Li lithium.CS.Berkeley.EDU -the only name to be tried using the search list. -.Pp -If the -.Li search -option is used in -.Pa /etc/resolv.conf -or the environment variable -.Dq Ev LOCALDOMAIN -is set by the user, then -the search list will include what is set by these methods. For -example, if the -.Dq Li search -option contained -.Pp -.Dl CS.Berkeley.EDU CChem.Berkeley.EDU Berkeley.EDU -.Pp -then the partial hostname (e.g., -.Dq Li lithium ) -will be tried with -.Em each -domain name appended (in the same order specified); the resulting hostnames -that would be tried are: -.Bd -literal -offset indent -lithium.CS.Berkeley.EDU -lithium.CChem.Berkeley.EDU -lithium.Berkeley.EDU -.Ed -.Pp -The environment variable -.Dq Ev LOCALDOMAIN -overrides the -.Dq Li search -and -.Dq Li domain -options, and if both -.Li search -and -.Li domain -options are present in the resolver configuration file, then only the -.Em last -one listed is used (see -.Xr resolver @FORMAT_EXT@ ) . -.Pp -If the name was not previously tried -.Dq as-is -(i.e., it fell below the -.Dq Li ndots -threshold or did not contain a dot), then the name as -originally provided is attempted. -.Sh ENVIRONMENT -.Bl -tag -width "/etc/resolv.conf " -compress -.It Ev LOCALDOMAIN -Affects domains appended to partial hostnames. -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.El -.Sh FILES -.Bl -tag -width "/etc/resolv.conf " -compress -.It Pa /etc/resolv.conf -See -.Xr resolve @FORMAT_EXT@ . -.It Ev HOSTALIASES -Name of file containing -.Pq Ar host alias , full hostname -pairs. -.Sh SEE ALSO -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ , -.Xr mailaddr @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ . diff --git a/contrib/bind/doc/man/inet_cidr.3 b/contrib/bind/doc/man/inet_cidr.3 deleted file mode 100644 index 9aeb1026f1da6..0000000000000 --- a/contrib/bind/doc/man/inet_cidr.3 +++ /dev/null @@ -1,94 +0,0 @@ -.\" $Id: inet_cidr.3,v 8.2 1999/01/08 18:54:24 vixie Exp $ -.\" -.\"Copyright (c) 1998,1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.\" -.Dd October 19, 1998 -.Dt INET_CIDR @LIB_NETWORK_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm inet_cidr_ntop , -.Nm inet_cidr_pton -.Nd network translation routines -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <sys/socket.h> -.Fd #include <netinet/in.h> -.Fd #include <arpa/inet.h> -.Fn inet_cidr_ntop "int af" "const void *src" "int bits" "char *dst" "size_t size" -.Fn inet_cidr_pton "int af" "const char *src" "void *dst" "int *bits" -.Sh DESCRIPTION -These routines are used for converting addresses to and from network and -presentation forms with CIDR (Classless Inter-Domain Routing) representation, -embedded net mask. -.Pp -.Bd -literal - 130.155.16.1/20 -.Ed -.\" ::ffff:130.155.16.1/116 -.Pp -.Fn inet_cidr_ntop -converts an address from network to presentation format. -.Pp -.Ft af -describes the type of address that is being passed in -.Ft src. -.\"Currently defined types are AF_INET and AF_INET6. -Currently only AF_INET is supported. -.Pp -.Ft src -is an address in network byte order, its length is determined from -.Ft af. -.Pp -.Ft bits -specifies the number of bits in the netmask unless it is -1 in which case -the CIDR representation is omitted. -.Pp -.Ft dst -is a caller supplied buffer of at least -.Ft size -bytes. -.Pp -.Fn inet_cidr_ntop -returns -.Ft dst -on success or NULL. -Check errno for reason. -.Pp -.Fn inet_cidr_pton -converts and address from presentation format, with optional CIDR -reperesentation, to network format. -The resulting address is zero filled if there were insufficint bits in -.Ft src. -.Pp -.Ft af -describes the type of address that is being passed in via -.Ft src -and determines the size of -.Ft dst. -.Pp -.Ft src -is an address in presentation format. -.Pp -.Ft bits -returns the number of bits in the netmask or -1 if a CIDR representation was -not supplied. -.Pp -.Fn inet_cidr_pton -returns 0 on succces or -1 on error. -Check errno for reason. -ENOENT indicates an invalid netmask. -.Sh SEE ALSO -.Xr intro 2 diff --git a/contrib/bind/doc/man/irs.conf.5 b/contrib/bind/doc/man/irs.conf.5 deleted file mode 100644 index 9ee5882f01c44..0000000000000 --- a/contrib/bind/doc/man/irs.conf.5 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Copyright (c) 1996,1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.\" Copyright (c) 1986, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $Id: irs.conf.5,v 8.4 1999/01/18 07:46:45 vixie Exp $ -.\" -.Dd November 16, 1997 -.Dt IRS.CONF 5 -.Os BIND 8.1 -.Sh NAME -.Nm irs.conf -.Nd Information Retrieval System configuration file -.Sh SYNOPSIS -.Nm irs.conf -.Sh DESCRIPTION -The -.Xr irs 3 -functions are a set of routines in the C library which provide access to -various system maps. -The maps that irs currently controls are the following: passwd, group, -services, protocols, hosts, networks and netgroup. -When a program first calls a function that accesses one of these maps, -the irs configuration file is read, -and the source of each map is determined for the life of the process. -.Pp -If this file does not exist, -the irs routines default to using local sources for all information, -with the exception of the host and networks maps, -which use the Domain Name System (DNS). -.Pp -Each record in the file consists of one line. -A record consists of a map-name, an access-method and possibly a (comma -delimited) set of options, -separated by tabs or spaces. -Blank lines, and text between a # and a newline are ignored. -.Pp -Available maps: -.Bd -literal -offset indent -Map name Information in map -========= ================================== -passwd User authentication information -group User group membership information -services Network services directory -protocols Network protocols directory -hosts Network hosts directory -networks Network "network names" directory -netgroup Network "host groups" directory -.Ed -.Pp -Available access methods: -.Bd -literal -offset indent -Access method Description -============= ================================================= -local Use a local file, usually in /etc -dns Use the domain name service (includes hesiod) -nis Use the Sun-compatible Network Information Service -irp Use the IRP daemon on the localhost. -.Ed -.Pp -Available options: -.Bd -literal -offset indent -Option Description -======== ================================================ -continue don't stop searching if you can't find something -merge don't stop searching if you CAN find something -.Ed -.Pp -The continue option creates -.Dq "union namespaces" -whereby subsequent access methods of the same map type can be tried -if a name cannot be found using earlier access methods. -This can be quite confusing in the case of host names, -since the name to address and address to name mappings can be visibly -asymmetric even though the data used by any given access method is -entirely consistent. This behavior is, therefore, not the default. -.Pp -The merge option only affects lookups in the groups map. -If set, subsequent access methods will be tried in order to cause -local users to appear in NIS (or other remote) groups in addition -to the local groups. -.Sh EXAMPLE -.Bd -literal -offset indent -# Get password entries from local file, or failing that, NIS -passwd local continue -passwd nis - -# Build group membership from both local file, and NIS. -group local continue,merge -group nis - -# Services comes from just the local file. -services local - -protocols local - -# Hosts comes first from DNS, failing that, the local file -hosts dns continue -hosts local - -# Networks comes first from the local file, and failing -# that the, irp daemon -networks local continue -networks irp - -netgroup local -.Ed -.Sh NOTES -If a local user needs to be in the local host's -.Dq wheel -group but not in every host's -.Dq wheel -group, put them in the local host's -.Pa /etc/group -.Dq wheel -entry and set up the -.Dq groups -portion of your -.Pa /etc/irs.conf -file as: -.Bd -literal -offset indent -group local continue,merge -group nis -.Ed -.Pp -NIS takes a long time to time out. -Especially for hosts if you use the -.Fl d -option to your server's -.Dq ypserv -daemon. -.Pp -It is important that the -.Pa irs.conf -file contain an entry for each map. -If a map is not mentioned in the -.Pa irs.conf -file, all queries to that map will fail. -.Pp -The classic NIS mechanism for specifying union namespaces is to add an entry -to a local map file whose name is ``+''. In IRS, this is done via ``continue'' -and/or ``merge'' map options. While this results in a small incompatibility -when local map files are imported from non-IRS systems to IRS systems, there -are compensating advantages in security and configurability. -.Sh FILES -.Bl -tag -width /etc/irs.confXXXX -compact -.It Pa /etc/irs.conf -The file -.Nm irs.conf -resides in -.Pa /etc . -.El -.Sh SEE ALSO -.Xr groups 5 , -.Xr hosts 5 , -.Xr netgroup 5 , -.Xr networks 5 , -.Xr passwd 5 , -.Xr protocols 5 , -.Xr services 5 diff --git a/contrib/bind/doc/man/mailaddr.7 b/contrib/bind/doc/man/mailaddr.7 deleted file mode 100644 index 270fe9c9d9b10..0000000000000 --- a/contrib/bind/doc/man/mailaddr.7 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Copyright (c) 1983, 1987 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)mailaddr.7 6.5 (Berkeley) 2/14/89 -.\" -.Dd February 14, 1989 -.Dt MAILADDR @DESC_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm mailaddr -.Nd mail addressing description -.Sh DESCRIPTION -Mail addresses are based on the ARPANET protocol listed at the end of this -manual page. These addresses are in the general format -.Pp -.Bd -ragged -offset indent-two -.Li user@domain -.Ed -.Pp -where a domain is a hierarchical, dot-separated list of subdomains. For -example, the address -.Pp -.Bd -ragged -offset indent-two -.Li eric@monet.berkeley.edu -.Ed -.Pp -is normally interpreted from right to left: the message should go to the -ARPA name tables (which do not correspond exactly to the physical ARPANET), -then to the Berkeley gateway, after which it should go to the local host -.Dq Li monet . -When the message reaches -.Li monet , -it is delivered to the user -.Dq Li eric . -.Pp -Unlike some other forms of addressing, this does not imply any routing. -Thus, although this address is specified as an ARPA address, it might -travel by an alternate route if that were more convenient or efficient. -For example, at Berkeley, the associated message would probably go directly -to -.Li monet -over the Ethernet rather than going via the Berkeley ARPANET gateway. -.Ss Abbreviation -.Pp -Under certain circumstances, it may not be necessary to type the entire -domain name. In general, anything following the first dot may be omitted -if it is the same as the domain from which you are sending the message. -For example, a user on -.Dq Li calder.berkeley.edu -could send to -.Dq Li eric@monet -without adding the -.Dq Li berkeley.edu -since it is the same on both sending and receiving hosts. -.Pp -Certain other abbreviations may be permitted as special cases. For -example, at Berkeley, ARPANET hosts may be referenced without adding the -.Dq Li berkeley.edu -as long as their names do not conflict with a local host name. -.Ss Compatibility -.Pp -Certain old address formats are converted to the new format to provide -compatibility with the previous mail system. In particular, -.Bd -ragged -offset indent-two -.Li user@host.ARPA -.Ed -.Pp -is allowed and -.Bd -ragged -offset indent-two -.Li host:user -.Ed -.Pp -is converted to -.Bd -ragged -offset indent-two -.Li user@host -.Ed -.Pp -in order to be consistent with the -.Xr rcp @CMD_EXT@ -command. -.Pp -Also, the syntax -.Bd -ragged -offset indent-two -.Li host!user -.Ed -.Pp -is converted to: -.Bd -ragged -offset indent-two -.Li user@host.UUCP -.Ed -.Pp -This is normally converted back to the -.Dq Li host!user -form before being sent on, for compatibility with older UUCP hosts. -.Pp -The current implementation is not able to route messages automatically through -the UUCP network. Until that time you must explicitly tell the mail system -which hosts to send your message through to get to your final destination. -.Ss Case Distinctions -.Pp -Domain names (i.e., anything after the -.Dq Li @ -sign) may be given in any mixture -of upper and lower case with the exception of UUCP hostnames. Most hosts -accept any combination of case in user names, with the notable exception of -MULTICS sites. -.Ss Route-addrs. -.Pp -Under some circumstances it may be necessary to route a message through -several hosts to get it to the final destination. Normally this routing -is done automatically, but sometimes it is desirable to route the message -manually. Addresses which show these relays are termed -.Dq route-addrs. -These use the syntax: -.Bd -ragged -offset indent-two -.Li <@hosta,@hostb:user@hostc> -.Ed -.Pp -This specifies that the message should be sent to -.Li hosta , -from there to -.Li hostb , -and finally to -.Li hostc . -This path is forced even if there is a more efficient path to -.Li hostc . -.Pp -Route-addrs occur frequently on return addresses, since these are generally -augmented by the software at each host. It is generally possible to ignore -all but the -.Dq Li user@domain -part of the address to determine the actual sender. -.Ss Postmaster -.Pp -Every site is required to have a user or user alias designated -.Dq Li postmaster -to which problems with the mail system may be addressed. -.Ss Other Networks -.Pp -Some other networks can be reached by giving the name of the network as the -last component of the domain. -.Em This is not a standard feature -and may -.Em not -be supported at all sites. For example, messages to CSNET or BITNET sites -can often be sent to -.Dq Li user@host.CSNET -or -.Dq Li user@host.BITNET , -respectively. -.Sh BUGS -The RFC822 group syntax -.Pq Dq Li group:user1,user2,user3; -is not supported except in the special case of -.Dq LI group:; -because of a conflict with old berknet-style addresses. -.Pp -Route-Address syntax is grotty. -.Pp -UUCP- and ARPANET-style addresses do not coexist politely. -.Sh SEE ALSO -.Xr mail @CMD_EXT@ , -.Xr sendmail @SYS_OPS_EXT@ ; -Crocker, D. H., RFC822, -.Do -Standard for the Format of Arpa Internet Text Messages -.Dc . diff --git a/contrib/bind/doc/man/mkdep.1 b/contrib/bind/doc/man/mkdep.1 deleted file mode 100644 index 177ab1afe692d..0000000000000 --- a/contrib/bind/doc/man/mkdep.1 +++ /dev/null @@ -1,84 +0,0 @@ -.\" Copyright (c) 1987 Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)mkdep.1 5.8 (Berkeley) 10/24/88 -.\" -.Dd October 24, 1988 -.Dt MKDEP @CMD_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm mkdep -.Nd construct Makefile dependency list -.Sh SYNOPSIS -.Nm mkdep -.Op Fl ap -.Op Fl f Ar depend_file -.Op Ar flags -.Ar file ... -.Sh DESCRIPTION -.Ic Mkdep -takes a set of flags for the C compiler and a list -of C source files as arguments and constructs a set of -.Li include -file dependencies which are written into the file -.Pa depend_file , -or -.Dq Pa .depend -by default. An example of its use in a -.Pa Makefile -might be: -.Bd -literal -offset indent -CFLAGS= -O -DDEBUG -I../include -I. -SRCS= file1.c file2.c - -depend: - mkdep ${CFLAGS} ${SRCS} -.Ed -.Pp -where the macro -.Dq Li SRCS -is the list of C source files and the macro -.Dq Li CFLAGS -is the list of flags for the C compiler. -.Pp -If the -.Dq Fl p -option is provided, -.Ic mkdep -produces dependencies -of the form -.Dq Li program: program.c -so that subsequent calls to -.Xr make @CMD_EXT@ -will produce -.Dq Pa program -directly from its C module rather than using an intermediate -.Dq Pa \&.o -module. This is useful in directories which -contain many programs, each of whose source is contained in a single -C module. -.Pp -The -.Dq Fl a -option causes appending to the output file, so that multiple -.Xo Ic mkdep -.Ns 's -.Xc -may be run from a single -.Pa Makefile . -.Sh SEE ALSO -.Xr cc @CMD_EXT@ , -.Xr cpp @CMD_EXT@ , -.Xr make @CMD_EXT@ . diff --git a/contrib/bind/doc/man/named-bootconf.8 b/contrib/bind/doc/man/named-bootconf.8 deleted file mode 100644 index 2a0d39d708cf4..0000000000000 --- a/contrib/bind/doc/man/named-bootconf.8 +++ /dev/null @@ -1,70 +0,0 @@ -.\" $NetBSD: named-bootconf.8,v 1.1 1998/11/19 21:11:45 tron Exp $ -.\" -.\" Copyright (c) 1998 The NetBSD Foundation, Inc. -.\" All rights reserved. -.\" -.\" This documentation is derived from software contributed to The NetBSD -.\" Foundation by Matthias Scheler. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the NetBSD -.\" Foundation, Inc. and its contributors. -.\" 4. Neither the name of The NetBSD Foundation nor the names of its -.\" contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS -.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS -.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -.\" POSSIBILITY OF SUCH DAMAGE. -.\" -.\" Copyright (c) 1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. - -.Dd November 19, 1998 -.Dt NAMED-BOOTCONF 8 -.Os NetBSD -.Sh NAME -.Nm named-bootconf -.Nd convert name server configuration files -.Sh SYNOPSIS -.Nm -.Sh DESCRIPTION -.Nm -converts named configuration files from BIND 4 format to BIND 8 format. -.Sh EXAMPLES -named-bootconf < named.boot > named.conf -.Sh BUGS -Comments from the source file will not always appear at the appropriate place -in the target file. -.Sh SEE ALSO -.Xr named 8 , -.Xr named.conf 5 diff --git a/contrib/bind/doc/man/named-xfer.8 b/contrib/bind/doc/man/named-xfer.8 deleted file mode 100644 index e7b2cf38c5377..0000000000000 --- a/contrib/bind/doc/man/named-xfer.8 +++ /dev/null @@ -1,185 +0,0 @@ -.\" ++Copyright++ 1985 -.\" - -.\" Copyright (c) 1985 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Check Point Software Technologies Incorporated not be used -.\" in advertising or publicity pertaining to distribution of the document -.\" or software without specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES -.\" INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -.\" INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. -.\" IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED -.\" BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR -.\" ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER -.\" IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -.\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.\" --Copyright-- -.\" -.\" from named.8 6.6 (Berkeley) 2/14/89 -.\" -.Dd June 26, 1993 -.Dt @XFER_INDOT_U@NAMED-XFER @SYS_OPS_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm @XFER_INDOT@named-xfer -.Nd ancillary agent for inbound zone transfers -.Sh SYNOPSIS -.Nm named-xfer -.Fl z Ar zone_to_transfer -.Fl f Ar db_file -.Fl s Ar serial_no -.Op Fl d Ar debuglevel -.Op Fl l Ar debug_log_file -.Op Fl i Ar ixfr_file -.Op Fl t Ar trace_file -.Op Fl p Ar port# -.Op Fl S -.Ar nameserver -.Op Ar [ Sy axfr -| -.Op Sy ixfr ] -.Sh DESCRIPTION -.Ic Named-xfer -is an ancillary program executed by -.Xr @INDOT@named @SYS_OPS_EXT@ -to perform an inbound zone transfer. It is rarely executed directly, and then -only by system administrators who are trying to debug a zone transfer problem. -See RFC's 1033, 1034, and 1035 for more information on the Internet -name-domain system. -.Pp -Options are: -.Bl -tag -width Fl -.It Fl z Ar zone_to_transfer -specifies the name of the zone to be transferred. -.It Fl f Ar db_file -specifies the name of the -.Ar db_file -into which the zone should be dumped -when it is received from the primary server. -.It Fl s Ar serial_no -specifies the serial number of our current copy of this zone. If the -.Sy SOA RR -we get from the primary server does not have a serial -number higher than this, the transfer will be aborted. -.It Fl d Ar debuglevel -Print debugging information. -The -.Ar debuglevel -is a number determines the level of messages printed. -.It Fl l Ar debug_log_file -Specifies a log file for debugging messages. The default is system- -dependent but is usually in -.Pa /var/tmp -or -.Pa /usr/tmp . -Note that this only applies if -.Dq Fl d -is also specified. -.It Fl i Ar ixfr_file -Specifies the name of the -.Ar ixfr_file -into which the zone changes from Incremental Zone Transfer (IXFR) -should be dumped when it is received from the primary server. -.It Fl t Ar trace_file -Specifies a -.Ar trace_file -which will contain a protocol trace of the zone -transfer. This is probably only of interest to people debugging the name -server itself. -.It Fl p Ar port# -Use a different port number. The default is the standard port number -as returned by -.Xr getservbyname @LIB_NETWORK_EXT@ -for the service -.Dq Li domain . -.It Fl S -Perform a restricted transfer of only the SOA, NS records and glue A records -for the zone. The SOA record will not be loaded by -.Xr @INDOT@named @SYS_OPS_EXT@ -but will be used to -determine when to verify the NS records. See the -.Dq Li stubs -directive in -.Xr @INDOT@named @SYS_OPS_EXT@ -for more information. -.El -.Pp -Additional arguments are taken as name server addresses in so-called -.Dq dotted-quad -syntax -.Em only; -no host name are allowed here. At least one address must be specified. -Any additional addresses will be tried, in order, if the first one fails -to transfer to us successfully. -The -.Sy axfr -or -.Sy ixfr -after name server address designates the type of zone transfer to perform. -Use -.Sy axfr -for a full zone transfer or -.Sy ixfr -for an incremental zone transfer. -.Sh SEE ALSO -.Xr hostname @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ , -RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035, -RFC 1123, RFC 1995 -.Dq Name Server Operations Guide for Sy BIND . diff --git a/contrib/bind/doc/man/named.8 b/contrib/bind/doc/man/named.8 deleted file mode 100644 index c0e73df9ae36d..0000000000000 --- a/contrib/bind/doc/man/named.8 +++ /dev/null @@ -1,441 +0,0 @@ -.\" ++Copyright++ 1985, 1996 -.\" - -.\" Copyright (c) 1985, 1996 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)named.8 6.6 (Berkeley) 2/14/89 -.\" -.Dd February 1, 1996 -.Dt @INDOT_U@NAMED @SYS_OPS_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm @INDOT@named -.Nd Internet domain name server (DNS) -.Sh SYNOPSIS -.Nm @INDOT@NAMED -.Op Fl d Ar debuglevel -.Op Fl p Ar port# -.Oo Fl Po -.Cm b Ns \&| Ns Cm c -.Pc -.Ar config_file -.Oc -.Op Fl f q r v -.Op Fl u Ar user_name -.Op Fl g Ar group_name -.Op Fl t Ar directory -.Op Fl w Ar directory -.Op Ar config_file -.Sh DESCRIPTION -.Ic Named -is the Internet domain name server. -See RFC's 1033, 1034, and 1035 for more information on the Internet -name-domain system. Without any arguments, -.Ic named -will read the default configuration file -.Pa /etc/named.conf , -read any initial data, and listen for queries. A -.Ar config_file -argument given at the end of the command line will override any -.Ar config_file -specified by using the -.Dq Fl b -or -.Dq Fl c -flags. -.Pp -.Sy NOTE: -Several of -.Nm named Ns 's -options, and much more of its behaviour, can be controlled in the configuration -file. Please refer to the configuration file guide included with this -.Sy BIND -distribution for further information. -.Pp -Options are: -.Bl -tag -width Fl -.It Fl d Ar debuglevel -Print debugging information. -The -.Ar debuglevel -is a number determines the level of messages printed. If negative, -.Ar debuglevel -is set to -.Dq 1 . -.Pp -.Sy NOTE: -The new debugging framework is considerably more sophisticated than it -was in older versions of -.Nm @INDOT@NAMED . -The configuration file's -.Dq Li logging -statement allows for multiple, distinct levels of debugging for each of -a large set of categories of events (such as queries, transfers in or out, -etc.). Please refer to the configuration file guide included with this -.Sy BIND -distribution for further information about these extensive new capabilities. -.It Fl p Ar port# -Use the specified remote port number; this is the port number to which -.Nm @INDOT@NAMED -will send queries. The default value is the standard port number, i.e., -the port number returned by -.Xr getservbyname @LIB_NETWORK_EXT@ -for service -.Dq Li domain . -.Pp -.Sy NOTE: -Previously, the syntax -.Dq Fl p Ar port# Ns Op Ar \&/localport# -was supported; the first port was that used when contacting -.Em remote -servers, and the second one was the service port bound by the -.Em local -instance of -.Nm @INDOT_U@NAMED . -The current usage is equivalent to the old usage without the -.Ar localport# -specified; this functionality can be specified with the -.Dq Li listen-on -clause of the configuration file's -.Dq Li options -statement. -.It Xo Fl Po -.Cm b Ns \&| Ns Cm c -.Pc Ar config_file -.Xc -Use an alternate -.Ar config_file ; -this argument is overridden by any -.Ar config_file -which is specified at the end of the command line. -The default value is -.Pa /etc/named.conf . -.It Fl f -Run this process in the foreground; don't -.Xr fork @SYSCALL_EXT@ -and daemonize. (The default is to daemonize.) -.It Fl q -Trace all incoming queries if -.Nm @INDOT_U@NAMED -has been compiled with -.Li QRYLOG -defined. -.Pp -.Sy NOTE: -This option is deprecated in favor of the -.Dq Li queries -.Em logging category -of the configuration file's -.Dq Li logging -statement; for more information, please refer to the configuration file guide -included with this distribution of -.Sy BIND . -.It Fl r -Turns recursion off in the server. Answers can come only from local -(primary or secondary) zones. This can be used on root servers. -The default is to use recursion. -.Pp -.Sy NOTE: -This option can be overridden by and is deprecated in favor of the -.Dq Li recursion -clause of the configuration file's -.Dq Li options -statement. -.It Fl v -Report the version and exit. -.It Fl u Ar user_name -Specifies the user the server should run as after it initializes. The value -specified may be either a username or a numeric user id. If the -.Dq Fl g -flag is not specified, then the group id used will be the primary group of -the user specified (initgroups() is called, so all of the user's groups will -be available to the server). -.Pp -.It Fl g Ar group_name -Specifies the group the server should run as after it initializes. The value -specified may be either a groupname or a numeric group id. -.Pp -.It Fl t Ar directory -Specifies the directory the server should chroot() into as soon as it is -finshed processing command line arguments. -.Pp -.It Fl w Ar directory -Sets the working directory of the server. The -.Dq Li directory -clause of the configuration file's -.Dq Li options -statement overrides any value specified on the command line. -The default working directory is the current directory -.Pq Dq \&. . -.El -.Pp -Any additional argument is taken as the name of the configuration file, for -compatibility with older implementations; as noted above, this argument -overrides any -.Ar config_file -specified by the use of the -.Dq Fl b -or -.Dq Fl c -flags. If no further argument is given, then the default configuration file -is used -.Pq Pa /etc/named.conf . -.Ss Master File Format -The master file consists of control information and a list of resource -records for objects in the zone of the forms: -.Bd -literal -offset indent -$INCLUDE <filename> <opt_domain> -$ORIGIN <domain> -$TTL <ttl> -<domain> <opt_ttl> <opt_class> <type> <resource_record_data> -.Ed -.Pp -where: -.Bl -tag -width "opt_domain " -.It Ar domain -is -.Dq Li \&. -for root, -.Dq Li @ -for the current origin, or a standard domain name. If -.Ar domain -is a standard domain name that does -.Em not -end with -.Dq Li \&. , -the current origin is appended to the domain. Domain names ending with -.Dq Li \&. -are unmodified. -.It Ar opt_domain -This field is used to define an origin for the data in an included file. -It is equivalent to placing an -.Li $ORIGIN -statement before the first line of the included file. The field is optional. -Neither the -.Ar opt_domain -field nor -.Li $ORIGIN -statements in the included file modify the current origin for this file. -.It Ar ttl -A integer number that sets the default time-to-live for future records without -an explicit ttl. -.It Ar opt_ttl -An optional integer number for the time-to-live field. -If not set the ttl is taken from the last $TTL statement. -If no $TTL statement has occured then the SOA minimum value is used and a -warning is generated. -.It Ar opt_class -The object address type; currently only one type is supported, -.Dv IN , -for objects connected to the DARPA Internet. -.It Ar type -This field contains one of the following tokens; the data expected in the -.Ar resource_record_data -field is in parentheses: -.Bl -tag -width "HINFO " -offset indent -.It Dv A -a host address (dotted-quad IP address) -.It Dv NS -an authoritative name server (domain) -.It Dv MX -a mail exchanger (domain), preceded by a preference value (0..32767), -with lower numeric values representing higher logical preferences. -.It Dv CNAME -the canonical name for an alias (domain) -.It Dv SOA -marks the start of a zone of authority (domain of originating host, -domain address of maintainer, a serial number and the following -parameters in seconds: refresh, retry, expire and minimum TTL (see RFC 883 -and RFC 2308)). -.It Dv NULL -a null resource record (no format or data) -.It Dv RP -a Responsible Person for some domain name (mailbox, TXT-referral) -.It Dv PTR -a domain name pointer (domain) -.It Dv HINFO -host information (cpu_type OS_type) -.El -.El -.Pp -Resource records normally end at the end of a line, -but may be continued across lines between opening and closing parentheses. -Comments are introduced by semicolons and continue to the end of the line. -.Pp -.Sy NOTE: -There are other resource record types not shown here. You should -consult the -.Sy BIND -Operations Guide -.Pq Dq BOG -for the complete -list. Some resource record types may have been standardized in newer RFC's -but not yet implemented in this version of -.Sy BIND . -.Ss SOA Record Format -Each master zone file should begin with an SOA record for the zone. -An example SOA record is as follows: -.Bd -literal -@ IN SOA ucbvax.Berkeley.EDU. rwh.ucbvax.Berkeley.EDU. ( - 1989020501 ; serial - 10800 ; refresh - 3600 ; retry - 3600000 ; expire - 86400 ) ; minimum -.Ed -.Pp -The SOA specifies a serial number, which should be changed each time the -master file is changed. Note that the serial number can be given as a -dotted number, but this is a -.Em very -unwise thing to do since the -translation to normal integers is via concatenation rather than -multiplication and addition. You can spell out the year, month, day of -month, and 0..99 version number and still fit inside the unsigned 32-bit -size of this field. (It's true that we will have to rethink this strategy in -the year 4294, but we're not worried about it.) -.Pp -Secondary servers -check the serial number at intervals specified by the refresh time in -seconds; if the serial number changes, a zone transfer will be done to load -the new data. If a master server cannot be contacted when a refresh is due, -the retry time specifies the interval at which refreshes should be attempted. -If a master server cannot be contacted within the interval given by the -expire time, all data from the zone is discarded by secondary servers. The -minimum value is the cache time-to-live for negative answers (RFC 2308). -.Sh NOTES -The boot file directives -.Dq Li domain -and -.Dq Li suffixes -have been -obsoleted by a more useful, resolver-based implementation of -suffixing for partially-qualified domain names. The prior mechanisms -could fail under a number of situations, especially when then local -nameserver did not have complete information. -.Pp -The following signals have the specified effect when sent to the -server process using the -.Xr kill @CMD_EXT@ -command: -.Pp -.Bl -tag -width "SIGWINCH" -.It Dv SIGHUP -Causes server to read -.Pa named.conf -and reload the database. If the server -is built with the -.Li FORCED_RELOAD -compile-time option, then -.Dv SIGHUP -will -also cause the server to check the serial number on all secondary zones; -normally, the serial numbers are only checked at the SOA-specified intervals. -.It Dv SIGINT -Dumps the current data base and cache to -.Dq Pa /var/tmp/named_dump.db -or the value of -.Dv _PATH_DUMPFILE . -.It Dv SIGILL -Dumps statistics data into -.Pa named.stats -if the server is compiled with -.Li -DSTATS . -Statistics data is appended to the file. -.It Dv SIGSYS -Dumps the profiling data in -.Pa /var/tmp -if the server is compiled with profiling (server forks, chdirs and exits). -.It Dv SIGTERM -Saves any modified dynamic zones to the file system, and shuts down the server. -.It Dv SIGUSR1 -Turns on debugging; each -.Dv SIGUSR1 -increments debug level. -.Po Dv SIGEMT -on older systems without -.Dv SIGUSR1 . -.Pc -.It Dv SIGUSR2 -Turns off debugging completely. -.Po Dv SIGFPE -on older systems without -.Dv SIGUSR2 . -.Pc -.It Dv SIGWINCH -Toggles logging of all incoming queries via -.Xr syslog @SYS_OPS_EXT@ -(requires server to have been built with the -.Li QRYLOG -option). -.Sh FILES -.Bl -tag -width "/var/tmp/named_dump.db (_PATH_DUMPFILE) " -compact -.It Pa /etc/named.conf -default name server configuration file -.It Pa /var/run/named.pid Pq Dv _PATH_PIDFILE -the process id -.It Pa /var/tmp/named_dump.db Pq Dv _PATH_DUMPFILE -dump of the name server database -.It Pa /var/tmp/named.run Pq file: Dv _PATH_DEBUG -debug output -.It Pa /var/tmp/named.stats Pq file: Dv _PATH_STATS -nameserver statistics data -.El -.Sh SEE ALSO -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr kill @CMD_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ , -.Xr signal @SYSCALL_EXT@ , -RFC 882, RFC 883, RFC 973, RFC 974, RFC 1033, RFC 1034, RFC 1035, RFC 1123, -RFC 2308 -.Dq Name Server Operations Guide for Sy BIND diff --git a/contrib/bind/doc/man/named.conf.5 b/contrib/bind/doc/man/named.conf.5 deleted file mode 100644 index 44f1ec9da4dc3..0000000000000 --- a/contrib/bind/doc/man/named.conf.5 +++ /dev/null @@ -1,2355 +0,0 @@ -.\" Copyright (c) 1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. - -.Dd January 7, 1999 -.Dt NAMED.CONF 5 -.Os BSD 4 - -.Sh NAME -.Nm named.conf -.Nd configuration file for -.Xr named 8 - -.Sh OVERVIEW - -BIND 8 is much more configurable than previous release of BIND. There -are entirely new areas of configuration, such as access control lists -and categorized logging. Many options that previously applied to all -zones can now be used selectively. These features, plus a -consideration of future configuration needs led to the creation of a -new configuration file format. - -.Ss General Syntax - -A BIND 8 configuration consists of two general features, statements -and comments. All statements end with a semicolon. Many statements -can contain substatements, which are each also terminated with a -semicolon. - -.Pp -The following statements are supported: -.Bl -tag -width 1 -.It Ic logging -specifies what the server logs, and where the log messages are sent - -.It Ic options -controls global server configuration options and sets defaults for other -statements - -.It Ic zone -defines a zone - -.It Ic acl -defines a named IP address matching list, for access control and other uses - -.It Ic key -specifies key information for use in authentication and authorization - -.It Ic trusted-keys -defines DNSSEC keys that are preconfigured into the server and implicitly -trusted - -.It Ic server -sets certain configuration options for individual remote servers - -.It Ic controls -declares control channels to be used by the -.Nm ndc -utility - -.It Ic include -includes another file - -.El - -The -.Ic logging -and -.Ic options -statements may only occur once per configuration, while the rest may -appear numerous times. Further detail on each statement is provided -in individual sections below. - -Comments may appear anywhere that whitespace may appear in a BIND -configuration file. To appeal to programmers of all kinds, they can -be written in C, C++, or shell/perl constructs. - -C-style comments start with the two characters -.Li /* -(slash, star) and end with -.Li */ -(star, slash). -Because they are completely delimited with these characters, -they can be used to comment only a portion of a line or to span -multiple lines. - -C-style comments cannot be nested. For example, the following is -not valid because the entire comment ends with the first -.Li */ : - -.Bd -literal -offset indent -/* This is the start of a comment. - This is still part of the comment. -/* This is an incorrect attempt at nesting a comment. */ - This is no longer in any comment. */ -.Ed - -C++-style comments start with the two characters -.Li // -(slash, slash) and continue to the end of the physical line. -They cannot be continued across multiple physical lines; to have -one logical comment span multiple lines, each line must use the -.Li // -pair. For example: - -.Bd -literal -offset indent -// This is the start of a comment. The next line -// is a new comment, even though it is logically -// part of the previous comment. -.Ed - -Shell-style (or perl-style, if you prefer) comments start with the -character -.Li # -(hash or pound or number or octothorpe or whatever) and continue to -the end of the physical line, like C++ comments. For example: - -.Bd -literal -offset indent -# This is the start of a comment. The next line -# is a new comment, even though it is logically -# part of the previous comment. -.Ed - -.Em WARNING: -you cannot use the -.Li ; -(semicolon) character to start a comment such as you would in a zone -file. The semicolon indicates the end of a configuration statement, -so whatever follows it will be interpreted as the start of the next -statement. - -.Ss Converting from BIND 4.9.x - -.Pp -BIND 4.9.x configuration files can be converted to the new format -by using -.Pa src/bin/named/named-bootconf , -a shell script that is part of the BIND 8.2.x source kit. - -.Sh DOCUMENTATION DEFINITIONS - -Described below are elements used throughout the BIND configuration -file documentation. Elements which are only associated with one -statement are described only in the section describing that statement. - -.Bl -tag -width 1 -.It Va acl_name -The name of an -.Va address_match_list -as defined by the -.Ic acl -statement. - -.It Va address_match_list -A list of one or more -.Va ip_addr , -.Va ip_prefix , -.Va key_id , -or -.Va acl_name -elements, as described in the -.Sx ADDRESS MATCH LISTS -section. - -.It Va dotted-decimal -One or more integers valued 0 through 255 separated only by dots -(``.''), such as -.Li 123 , -.Li 45.67 -or -.Li 89.123.45.67 . - -.It Va domain_name -A quoted string which will be used as a DNS name, for example -.Qq Li my.test.domain . - -.It Va path_name -A quoted string which will be used as a pathname, such as -.Qq Li zones/master/my.test.domain . - -.It Va ip_addr -An IP address in with exactly four elements in -.Va dotted-decimal -notation. - -.It Va ip_port -An IP port -.Va number . -.Va number is limited to -.Li 0 -through -.Li 65535 , -with values below 1024 typically restricted to -root-owned processes. In some cases an asterisk (``*'') character -can be used as a placeholder to select a random high-numbered port. - -.It Va ip_prefix -An IP network specified in -.Va dotted-decimal -form, followed by ``/'' -and then the number of bits in the netmask. E.g. -.Li 127/8 -is -the network -.Li 127.0.0.0 -with netmask -.Li 255.0.0.0 . -.Li 1.2.3.0/28 -is network -.Li 1.2.3.0 -with netmask -.Li 255.255.255.240. - -.It Va key_name -A string representing the name of a shared key, to be used for transaction -security. - -.It Va number -A non-negative integer with an entire range limited by the range of a -C language signed integer (2,147,483,647 on a machine with 32 bit -integers). Its acceptable value might further be limited by the -context in which it is used. - -.It Va size_spec -A -.Va number , -the word -.Li unlimited , -or the word -.Li default . - -.Pp -The maximum value of -.Va size_spec -is that of unsigned long integers on the machine. -.Li unlimited -requests unlimited use, or the maximum available amount. -.Li default -uses the limit that was in force when the server was started. - -.Pp -A -.Va number -can optionally be followed by a scaling factor: -.Li K -or -.Li k -for kilobytes, -.Li M -or -.Li m -for megabytes, and -.Li G -or -.Li g -for gigabytes, which scale by 1024, 1024*1024, and 1024*1024*1024 -respectively. - -.Pp -Integer storage overflow is currently silently ignored during -conversion of scaled values, resulting in values less than intended, -possibly even negative. Using -.Li unlimited -is the best way to safely set a really large number. - -.It Va yes_or_no -Either -.Li yes -or -.Li no . -The words -.Li true -and -.Li false -are also accepted, as are the numbers -.Li 1 and -.Li 0 . - -.El - -.Sh ADDRESS MATCH LISTS -.Ss Syntax - -.Bd -literal -\fIaddress_match_list\fR = 1\&*\fIaddress_match_element\fR - -\fIaddress_match_element\fR = [ \&"!\&" ] ( \fIaddress_match_list\fR / - \fIip_address\fR / \fIip_prefix\fR / - \fIacl_name\fR / \&"key \&" \fIkey_id\fR ) \&";\&" -.Ed - -.Ss Definition and Usage - -Address match lists are primarily used to determine access control for -various server operations. They are also used to define priorities -for querying other nameservers and to set the addresses on which -.Nm named -will listen for queries. -The elements which constitute an address match list can be any -of the following: - -.Bl -bullet -.It -an -.Va ip-address -(in -.Va dotted-decimal -notation, -.It -an -.Va ip-prefix -(in the '/'-notation), -.It -A -.Va key_id , -as defined by the -.Ic key -statement, -.It -the name of an address match list previously defined with -the -.Ic acl -statement, or -.It -another -.Va address_match_list . -.El - -.Pp -Elements can be negated with a leading exclamation mark (``!''), and -the match list names -.Li any , -.Li none , -.Li localhost -and -.Li localnets -are predefined. More information on those names can be found in the -description of the -.Ic acl -statement. - -.Pp -The addition of the -.Ic key -clause made the name of this syntactic element something of a -misnomer, since security keys can be used to validate access without -regard to a host or network address. Nonetheless, the term ``address -match list'' is still used throughout the documentation. - -.Pp -When a given IP address or prefix is compared to an address match -list, the list is traversed in order until an element matches. The -interpretation of a match depends on whether the list is being used -for access control, defining -.Ic listen-on -ports, or as a topology, and whether the element was -negated. - -.Pp -When used as an access control list, a non-negated match allows access -and a negated match denies access. If there is no match at all in the -list, access is denied. The clauses -.Ic allow-query , -.Ic allow-transfer , -.Ic allow-update , -.Ic allow-recursion , -and -.Ic blackhole -all use address match lists like this. Similarly, the -.Ic listen-on -option will cause the server to not accept queries on any of the -machine's addresses which do not match the list. - -.Pp -When used with the -.Ic topology -option, a non-negated match returns a distance based on its position on -the list (the closer the match is to the start of the list, the -shorter the distance is between it and the server). A negated match -will be assigned the maximum distance from the server. If there is no -match, the address will get a distance which is further than any -non-negated list element, and closer than any negated element. - -.Pp -Because of the first-match aspect of the algorithm, an element that -defines a subset of another element in the list should come before the -broader element, regardless of whether either is negated. For -example, in -.Dl 1.2.3/24; !1.2.3.13 -the 1.2.3.13 element is completely useless, because the algorithm will -match any lookup for 1.2.3.13 to the 1.2.3/24 element. Using -.Dl !1.2.3.13; 1.2.3/24 -fixes that problem by having 1.2.3.13 blocked by the negation but all -other 1.2.3.* hosts fall through. - -.Sh THE LOGGING STATEMENT -.Ss Syntax - -.Bd -literal -logging { - [ channel \fIchannel_name\fR { - ( file \fIpath_name\fR - [ versions ( \fInumber\fR | unlimited ) ] - [ size \fIsize_spec\fR ] - | syslog ( kern | user | mail | daemon | auth | syslog | lpr | - news | uucp | cron | authpriv | ftp | - local0 | local1 | local2 | local3 | - local4 | local5 | local6 | local7 ) - | null ); - - [ severity ( critical | error | warning | notice | - info | debug [ \fIlevel\fR ] | dynamic ); ] - [ print-category \fIyes_or_no\fR; ] - [ print-severity \fIyes_or_no\fR; ] - [ print-time \fIyes_or_no\fR; ] - }; ] - - [ category \fIcategory_name\fR { - \fIchannel_name\fR; [ \fIchannel_name\fR; ... ] - }; ] - ... -}; -.Ed - -.Ss Definition and Usage - -The -.Ic logging -statement configures a wide variety of logging options for the nameserver. -Its -.Ic channel -phrase associates output methods, format options and -severity levels with a name that can then be used with the -.Ic category -phrase to select how various classes of messages are logged. - -.Pp -Only one -.Ic logging -statement is used to define as many channels and categories as are wanted. -If there are multiple logging statements in a configuration, the first -defined determines the logging, and warnings are issued for the -others. If there is no logging statement, the logging configuration -will be: - -.Bd -literal - logging { - category default { default_syslog; default_debug; }; - category panic { default_syslog; default_stderr; }; - category packet { default_debug; }; - category eventlib { default_debug; }; - }; -.Ed - -The logging configuration is established as soon as the -.Ic logging -statement is parsed. If you want to redirect -messages about processing of the entire configuration file, the -.Ic logging -statement must appear first. Even if you do not -redirect configuration file parsing messages, we recommend -always putting the -.Ic logging -statement first so that this rule need not be consciously recalled if -you ever do need want the parser's messages relocated. - -.Ss The channel phrase - -All log output goes to one or more ``channels''; you can make as many -of them as you want. - -.Pp -Every channel definition must include a clause that says whether -messages selected for the channel go to a file, to a particular syslog -facility, or are discarded. It can optionally also limit the message -severity level that will be accepted by the channel (default is -.Li info ) , -and whether to include a time stamp generated by -.Nm named , -the category name, or severity level. The default is not to include -any of those three. - -.Pp -The word -.Li null -as the destination option for the -channel will cause all messages sent to it to be discarded; other -options for the channel are meaningless. - -.Pp -The -.Ic file -clause can include limitations both on how -large the file is allowed to become, and how many versions of the file -will be saved each time the file is opened. - -.Pp -The -.Ic size -option for files is simply a hard ceiling on -log growth. If the file ever exceeds the size, then -.Nm named -will just not write anything more to it until the file is reopened; -exceeding the size does not automatically trigger a reopen. The -default behavior is to not limit the size of the file. - -.Pp -If you use the -.Ic version -logfile option, then -.Nm named -will retain that many backup versions of the file -by renaming them when opening. For example, if you choose to keep 3 -old versions of the file lamers.log then just before it is opened -lamers.log.1 is renamed to lames.log.2, lamers.log.0 is renamed to -lamers.log.1, and lamers.log is renamed to lamers.log.0. No rolled -versions are kept by default; any existing log file is simply appended. -The -.Li unlimited -keyword is synonymous with -.Li 99 -in current BIND releases. Example usage of size and versions options: - -.Bd -literal - channel an_example_level { - file "lamers.log" versions 3 size 20m; - print-time yes; - print-category yes; - }; -.Ed - -.Pp -The argument for the -.Ic syslog -clause is a syslog facility as described in the -.Xr syslog 3 -manual page. How -.Nm syslogd -will handle messages sent to this facility is described in the -.Xr syslog.conf 5 -manual page. If you have a system which uses a very old version of -syslog that only uses two arguments to the -.Fn openlog() -function, then this clause is silently ignored. - -.Pp -The -.Ic severity -clause works like syslog's ``priorities'', except that they can also be -used if you are writing straight to a file rather than using -syslog. Messages which are not at least of the severity level given -will not be selected for the channel; messages of higher severity -levels will be accepted. - -.Pp -If you are using syslog, then the -.Pa syslog.conf -priorities will also determine what eventually passes through. -For example, defining a channel facility and severity as -.Li daemon -and -.Li debug -but only logging -.Li daemon.warning -via -.Pa syslog.conf -will cause messages of severity -.Li info -and -.Li notice -to be dropped. If the situation were reversed, with -.Nm named -writing messages of only -.Li warning -or higher, then -.Nm syslogd -would print all messages it received from the channel. - -.Pp -The server can supply extensive debugging information when it is in -debugging mode. If the server's global debug level is greater than -zero, then debugging mode will be active. The global debug level is -set either by starting the -.Nm named -server with the -.Fl d -flag followed by a positive integer, or by sending the running server the -.Dv SIGUSR1 -signal (for example, by using -.Ic ndc trace ) . -The global debug level can be set to -zero, and debugging mode turned off, by sending the server the -.Dv SIGUSR2 -signal (as with -.Ic ndc notrace ) . -All debugging messages in the server have a -debug level, and higher debug levels give more more detailed output. -Channels that specify a specific debug severity, e.g. - -.Bd -literal - channel specific_debug_level { - file \&"foo\&"; - severity debug 3; - }; -.Ed - -will get debugging output of level 3 or less any time the -server is in debugging mode, regardless of the global debugging level. -Channels with -.Li dynamic -severity use the server's global level to determine what messages to -print. - -.Pp -If -.Ic print-time -has been turned on, then the date and time will be logged. -.Ic print-time -may be specified for a syslog channel, but is usually pointless since -syslog also prints the date and time. -If -.Ic print-category -is requested, then the category of the message will be logged as well. -Finally, if -.Ic print-severity -is on, then the severity level of the message will be logged. The -.Ic print- -options may be used -in any combination, and will always be printed in the following order: -time, category, severity. Here is an example where all three -.Ic print- -options are on: - -.Bd -literal - 28-Apr-1997 15:05:32.863 default: notice: Ready to answer queries. -.Ed - -.Pp -There are four predefined channels that are used for -.Nm named 's -default logging as follows. How they are used -used is described in the next section, -.Sx The category phrase. - -.Bd -literal - channel default_syslog { - syslog daemon; # send to syslog's daemon facility - severity info; # only send priority info and higher - }; - - channel default_debug { - file \&"named.run\&"; # write to named.run in the working directory - # Note: stderr is used instead of \&"named.run\&" - # if the server is started with the -f option. - severity dynamic; # log at the server's current debug level - }; - - channel default_stderr { # writes to stderr - file \&"<stderr>\&"; # this is illustrative only; there's currently - # no way of specifying an internal file - # descriptor in the configuration language. - severity info; # only send priority info and higher - }; - - channel null { - null; # toss anything sent to this channel - }; -.Ed - -Once a channel is defined, it cannot be redefined. Thus you cannot -alter the built-in channels directly, but you can modify the default -logging by pointing categories at channels you have defined. - -.Ss The category phrase - -There are many categories, so you can send the logs you want to see -wherever you want, without seeing logs you don't want. If you don't -specify a list of channels for a category, then log messages in that -category will be sent to the -.Li default -category instead. -If you don't specify a default category, the following ``default -default'' is used: - -.Bd -literal - category default { default_syslog; default_debug; }; -.Ed - -As an example, let's say you want to log security events to a file, -but you also want keep the default logging behavior. You'd specify -the following: - -.Bd -literal - channel my_security_channel { - file \&"my_security_file\&"; - severity info; - }; - category security { my_security_channel; - default_syslog; default_debug; }; -.Ed - -To discard all messages in a category, specify the -.Li null -channel: - -.Bd -literal - category lame-servers { null; }; - category cname { null; }; -.Ed - -The following categories are available: - -.Bl -tag -width 1 -.It Ic default -The catch-all. Many things still aren't classified into categories, -and they all end up here. Also, if you don't specify any channels for -a category, the default category is used instead. If you do not -define the default category, the following definition is used: -.Dl category default { default_syslog; default_debug; }; - -.It Ic config -High-level configuration file processing. - -.It Ic parser -Low-level configuration file processing. - -.It Ic queries -A short log message is generated for every query the server receives. - -.It Ic lame-servers -Messages like ``Lame server on ...'' - -.It Ic statistics -Statistics. - -.It Ic panic -If the server has to shut itself down due to an internal problem, it -will log the problem in this category as well as in the problem's native -category. If you do not define the panic category, the following definition -is used: -.Dl category panic { default_syslog; default_stderr; }; - -.It Ic update -Dynamic updates. - -.It Ic ncache -Negative caching. - -.It Ic xfer-in -Zone transfers the server is receiving. - -.It Ic xfer-out -Zone transfers the server is sending. - -.It Ic db -All database operations. - -.It Ic eventlib -Debugging info from the event system. Only one channel may be specified for -this category, and it must be a file channel. If you do not define the -eventlib category, the following definition is used: -.Dl category eventlib { default_debug; }; - -.It Ic packet -Dumps of packets received and sent. Only one channel may be specified for -this category, and it must be a file channel. If you do not define the -packet category, the following definition is used: -.Dl category packet { default_debug; }; - -.It Ic notify -The NOTIFY protocol. - -.It Ic cname -Messages like ``... points to a CNAME''. - -.It Ic security -Approved/unapproved requests. - -.It Ic os -Operating system problems. - -.It Ic insist -Internal consistency check failures. - -.It Ic maintenance -Periodic maintenance events. - -.It Ic load -Zone loading messages. - -.It Ic response-checks -Messages arising from response checking, such as -``Malformed response ...'', ``wrong ans. name ...'', -``unrelated additional info ...'', ``invalid RR type ...'', -and ``bad referral ...''. - -.El - -.Sh THE OPTIONS STATEMENT -.Ss Syntax - -.Bd -literal -options { - [ version \fIversion_string\fR; ] - [ directory \fIpath_name\fR; ] - [ named-xfer \fIpath_name\fR; ] - [ dump-file \fIpath_name\fR; ] - [ memstatistics-file \fIpath_name\fR; ] - [ pid-file \fIpath_name\fR; ] - [ statistics-file \fIpath_name\fR; ] - [ auth-nxdomain \fIyes_or_no\fR; ] - [ deallocate-on-exit \fIyes_or_no\fR; ] - [ dialup \fIyes_or_no\fR; ] - [ fake-iquery \fIyes_or_no\fR; ] - [ fetch-glue \fIyes_or_no\fR; ] - [ has-old-clients \fIyes_or_no\fR; ] - [ host-statistics \fIyes_or_no\fR; ] - [ multiple-cnames \fIyes_or_no\fR; ] - [ notify \fIyes_or_no\fR; ] - [ recursion \fIyes_or_no\fR; ] - [ rfc2308-type1 \fIyes_or_no\fR; ] - [ use-id-pool \fIyes_or_no\fR; ] - [ treat-cr-as-space \fIyes_or_no\fR; ] - [ also-notify \fIyes_or_no\fR; ] - [ forward ( only | first ); ] - [ forwarders { [ \fIin_addr\fR ; [ \fIin_addr\fR ; ... ] ] }; ] - [ check-names ( master | slave | response ) ( warn | fail | ignore); ] - [ allow-query { \fIaddress_match_list\fR }; ] - [ allow-recursion { \fIaddress_match_list\fR }; ] - [ allow-transfer { \fIaddress_match_list\fR }; ] - [ blackhole { \fIaddress_match_list\fR }; ] - [ listen-on [ port \fIip_port\fR ] { \fIaddress_match_list\fR }; ] - [ query-source [ address ( \fIip_addr\fR | * ) ] - [ port ( \fIip_port\fR | * ) ] ; ] - [ lame-ttl \fInumber\fR; ] - [ max-transfer-time-in \fInumber\fR; ] - [ max-ncache-ttl \fInumber\fR; ] - [ min-roots \fInumber\fR; ] - [ serial-queries \fInumber\fR; ] - [ transfer-format ( one-answer | many-answers ); ] - [ transfers-in \fInumber\fR; ] - [ transfers-out \fInumber\fR; ] - [ transfers-per-ns \fInumber\fR; ] - [ transfer-source \fIip_addr\fR; ] - [ maintain-ixfr-base \fIyes_or_no\fR; ] - [ max-ixfr-log-size \fInumber\fR; ] - [ coresize \fIsize_spec\fR ; ] - [ datasize \fIsize_spec\fR ; ] - [ files \fIsize_spec\fR ; ] - [ stacksize \fIsize_spec\fR ; ] - [ cleaning-interval \fInumber\fR; ] - [ heartbeat-interval \fInumber\fR; ] - [ interface-interval \fInumber\fR; ] - [ statistics-interval \fInumber\fR; ] - [ topology { \fIaddress_match_list\fR }; ] - [ sortlist { \fIaddress_match_list|fR }; ] - [ rrset-order { \fIorder_spec\fR ; [ \fIorder_spec\fR ; ... [ [ }; -}; -.Ed - -.Ss Definition and Usage - -The options statement sets up global options to be used by -BIND. This statement may appear at only once in a -configuration file; if more than one occurrence is found, the -first occurrence determines the actual options used, -and a warning will be generated. If there is no options statement, -an options block with each option set to its default will be used. - -.Ss Pathnames - -.Bl -tag -width 1 - -.It Ic version -The version the server should report via the ndc command or via a query of -name -.Pa version.bind -in class chaos. The default is the real version number of ths server, -but some server operators prefer the string ( -.Ic surely you must be joking -). - -.It Ic directory -The working directory of the server. Any non-absolute -pathnames in the configuration file will be taken as relative to this -directory. The default location for most server output files -(e.g. -.Pa named.run ) -is this directory. If a directory is not -specified, the working directory defaults to -.Pa . , -the directory from which the -server was started. The directory specified should be an absolute path. - -.It Ic named-xfer -The pathname to the named-xfer program that the server uses for -inbound zone transfers. If not specified, the default is -system dependent (e.g. -.Pa /usr/sbin/named-xfer -). - -.It Ic dump-file -The pathname of the file the server dumps the database to when it -receives -.Dv SIGINT -signal (as sent by -.Ic ndc dumpdb -). If not specified, the default is -.Pa named_dump.db . - -.It Ic memstatistics-file -The pathname of the file the server writes memory usage statistics to -on exit, if -.Ic deallocate-on-exit -is -.Li yes . -If not specified, the default is -.Pa named.memstats . - -.It Ic pid-file -The pathname of the file the server writes its process ID in. If not -specified, the default is operating system dependent, but is usually -.Pa /var/run/named.pid -or -.Pa /etc/named.pid . -The pid-file is used by programs like -.Nm ndc -that want to send signals to the running nameserver. - -.It Ic statistics-file -The pathname of the file the server appends statistics to when it -receives -.Dv SIGILL -signal (from -.Ic ndc stats ) . -If not specified, the default is -.Pa named.stats . -.El - -.Ss Boolean Options - -.Bl -tag -width 1 -.It Ic auth-nxdomain -If -.Li yes , -then the -.Li AA -bit is always set on -.Dv NXDOMAIN -responses, even if the server is not actually authoritative. -The default is -.Li yes . -Do not turn off -.Ic auth-nxdomain -unless you are sure you know what you are -doing, as some older software won't like it. - -.It Ic deallocate-on-exit -If -.Li yes , -then when the server exits it will painstakingly deallocate every -object it allocated, and then write a memory usage report to the -.Ic memstatistics-file . -The default is -.Li no , -because it is faster to let the operating system clean up. -.Ic deallocate-on-exit -is handy for detecting memory leaks. - -.It Ic dialup -If -.Li yes , -then the server treats all zones as if they are doing zone transfers -across a dial on demand dialup link, which can be brought up by -traffic originating from this server. This has different effects -according to zone type and concentrates the zone maintenance so that -it all happens in a short interval, once every -.Ic heartbeat-interval -and hopefully during the one call. -It also suppresses some of the normal zone maintenance traffic. -The default is -.Li no . -The -.Ic dialup -option may also be specified in the -.Ic zone -statement, in which -case it overrides the -.Ic options dialup -statement. - -.Pp -If the zone is a -.Ic master -then the server will send out -.Dv NOTIFY -request to all the slaves. -This will trigger the zone up to date checking in the slave (providing -it supports -.Dv NOTIFY ) -allowing the slave -to verify the zone while the call us up. - -.Pp -If the zone is a -.Ic slave -or -.Ic stub -then the server will suppress the zone regular zone up to date queries -and only perform the when the -.Ic heartbeat-interval -expires. - -.It Ic fake-iquery -If -.Li yes , -the server will simulate the obsolete DNS query type -.Dv IQUERY . -The default is -.Li no . - -.It Ic fetch-glue -If -.Li yes -(the default), the server will fetch ``glue'' resource -records it doesn't have when constructing the additional data section of -a response. -.Ic fetch-glue no -can be used in conjunction with -.Ic recursion no -to prevent the server's cache from growing or -becoming corrupted (at the cost of requiring more work from the client). - -.It Ic has-old-clients -Setting the option to -.Li yes , -is equivalent to setting the following three options: -.Ic auth-nxdomain yes ;, -.Ic maintain-ixfr-base yes ;, -and -.Ic rfc2308-type1 no ; -. The use of -.Ic has-old-clients -with -.Ic auth-nxdomain , -.Ic maintain-ixfr-base , -and -.Ic rfc2308-type1 -is order dependant. - -.It Ic host-statistics -If -.Li yes , -then statistics are kept for every host that the the nameserver -interacts with. The default is -.Li no . -.Em Note: -turning on -.Ic host-statistics -can consume huge amounts of memory. - -.It Ic maintain-ixfr-base -If -.Li yes , -statistics are kept for every host that the nameserver interacts with. The default is -.Li no . -.Em Note: -turning on -.Li host-statistics -can consume huge amounts of memory. - -.It Ic multiple-cnames -If -.Li yes , -then multiple CNAME resource records will be -allowed for a domain name. The default is -.Li no . -Allowing multiple CNAME records is against standards and is not recommended. -Multiple CNAME support is available because previous versions of BIND -allowed multiple CNAME records, and these records have been used for load -balancing by a number of sites. - -.It Ic notify -If -.Li yes -(the default), DNS NOTIFY messages are sent when a -zone the server is authoritative for changes. The use of NOTIFY -speeds convergence between the master and its slaves. Slave servers -that receive a NOTIFY message and understand it will contact the -master server for the zone and see if they need to do a zone transfer, and -if they do, they will initiate it immediately. The -.Ic notify -option may also be specified in the -.Ic zone -statement, in which case it overrides the -.Ic options notify -statement. - -.It Ic recursion -If -.Li yes , -and a DNS query requests recursion, then the -server will attempt to do all the work required to answer the query. -If recursion is not on, the server will return a referral to the -client if it doesn't know the answer. The default is -.Li yes . -See also -.Ic fetch-glue -above. - -.It Ic rfc2308-type1 -If -.Li yes, -the server will send NS records along with the SOA record for negative -answers. You need to set this to no if you have an old BIND server using -you as a forwarder that does not understand negative answers which contain -both SOA and NS records or you have an old version of sendmail. The correct -fix is to upgrade the broken server or sendmail. The default is -.Li no . - -.It Ic use-id-pool -If -.Li yes, -the server will keep track of its own outstanding query ID's to avoid duplication -and increase randomness. This will result in 128KB more memory being consumed -by the server. The default is -.Li no . - -.It Ic treat-cr-as-space -If -.Li yes, -the server will treat CR characters the same way it treats a space -or tab. This may be necessary when loading zone files on a UNIX system -that were generated on an NT or DOS machine. The default is -.Li no . - - -.El - -.Ss Also-Notify - -.Ic also-notify - -Defines a global list of IP addresses that also get sent NOTIFY messages -whenever a fresh copy of the zone is loaded. This helps to ensure that copies of -the zones will quickly converge on ``stealth'' servers. If an -.Ic also-notify -list is given in a -.Ic zone -statement, it will override the -.Ic options also-notify -statement. When a -.Ic zone notify -statement is set to -.Ic no , -the IP addresses in -the global -.Ic also-notify -list will not get sent NOTIFY messages for that zone. -The default is the empty list (no global notification list). - -.Ss Forwarding - -.Pp -The forwarding facility can be used to create a large site-wide -cache on a few servers, reducing traffic over links to external -nameservers. It can also be used to allow queries by servers that do -not have direct access to the Internet, but wish to look up exterior -names anyway. Forwarding occurs only on those queries for which the -server is not authoritative and does not have the answer in its cache. - -.Bl -tag -width 1 -.It Ic forward -This option is only meaningful if the -.Ic forwarders -list is -not empty. A value of -.Li first , -the default, causes the -server to query the forwarders first, and if that doesn't answer the -question the server will then look for the answer itself. If -.Li only -is specified, the server will only query the forwarders. - -.It Ic forwarders -Specifies the IP addresses to be used for forwarding. The default is the -empty list (no forwarding). -.El - -.Pp -Forwarding can also be configured on a per-zone basis, allowing for -the global forwarding options to be overridden in a variety of ways. -You can set particular zones to use different forwarders, or have -different -.Ic forward only/first -behavior, or to not forward -at all. See -.Sx THE ZONE STATEMENT -section for more information. - -.Pp -Future versions of BIND 8 will provide a more powerful forwarding -system. The syntax described above will continue to be supported. - -.Ss Name Checking - -The server can check domain names based upon their expected client contexts. -For example, a domain name used as a hostname can be checked for compliance -with the RFCs defining valid hostnames. - -.Pp -Three checking methods are available: - -.Bl -tag -width 1 -.It Ic ignore -No checking is done. - -.It Ic warn -Names are checked against their expected client contexts. Invalid names are -logged, but processing continues normally. - -.It Ic fail -Names are checked against their expected client contexts. Invalid names are -logged, and the offending data is rejected. -.El - -.Pp -The server can check names three areas: master zone files, slave -zone files, and in responses to queries the server has initiated. If -.Ic check-names response fail -has been specified, and -answering the client's question would require sending an invalid name -to the client, the server will send a -.Dv REFUSED -response code to the client. - -.Pp -The defaults are: - -.Bd -literal - check-names master fail; - check-names slave warn; - check-names response ignore; -.Ed - -.Pp -.Ic check-names -may also be specified in the -.Ic zone -statement, in which case it overrides the -.Ic options check-names -statement. When used in a -.Ic zone -statement, the area is not specified (because it can be deduced from -the zone type). - -.Ss Access Control - -.Pp -Access to the server can be restricted based on the IP address of the -requesting system or via shared secret keys. See -.Sx ADDRESS MATCH LISTS -for details on how to specify access criteria. - -.Bl -tag -width 1 -.It Ic allow-query -Specifies which hosts are allowed to ask ordinary questions. -.Ic allow-query -may also be specified in the -.Ic zone -statement, in which case it overrides the -.Ic options allow-query -statement. If not specified, the default is - -.Bl -tag -width 1 -.It Ic allow-recursion -Specifies which hosts are allowed to ask recursive questions. -.Ic allow-recursion -may also be specified in the -.Ic zone -statement, in which case it overrides the -.Ic options allow-recursion -statement. If not specified, the default is to allow recursive queries -from all hosts. - -.It Ic allow-transfer -Specifies which hosts are allowed to receive zone transfers from the -server. -.Ic allow-transfer -may also be specified in the -.Ic zone -statement, in which case it overrides the -.Ic options allow-transfer -statement. If not specified, the default -is to allow transfers from all hosts. - -.It Ic blackhole -Specifies a list of addresses that the server will not accept queries from -or use to resolve a query. Queries from these addresses will not be -responded to. -.El - -.Ss Interfaces - -.Pp -The interfaces and ports that the server will answer queries from may -be specified using the -.Ic listen-on -option. -.Ic listen-on -takes an optional port, and an address match list. -The server will listen on all interfaces allowed by the address match -list. If a port is not specified, port 53 will be used. - -.Pp -Multiple -.Ic listen-on -statements are allowed. For example, - -.Bd -literal - listen-on { 5.6.7.8; }; - listen-on port 1234 { !1.2.3.4; 1.2/16; }; -.Ed - -will enable the nameserver on port 53 for the IP address 5.6.7.8, and -on port 1234 of an address on the machine in net 1.2 that is not -1.2.3.4. - -.Pp -If no -.Ic listen-on -is specified, the server will listen on port -53 on all interfaces. - -.Ss Query Address - -.Pp -If the server doesn't know the answer to a question, it will query -other nameservers. -.Ic query-source -specifies the address and port used for such queries. If -.Ic address -is -.Li * -or is omitted, a wildcard IP address -( -.Dv INADDR_ANY ) -will be used. If -.Va port -is -.Li * -or is omitted, a random unprivileged port will be used. -The default is -.Dl query-source address * port *; - -.Pp -Note: -.Ic query-source -currently applies only to UDP queries; -TCP queries always use a wildcard IP address and a random unprivileged -port. - -.Ss Zone Transfers - -.Bl -tag -width 1 -.It Ic max-transfer-time-in -Inbound zone transfers ( -.Nm named-xfer -processes) running -longer than this many minutes will be terminated. -The default is 120 minutes (2 hours). - -.It Ic transfer-format -The server supports two zone transfer methods. -.Li one-answer -uses one DNS message per resource record -transferred. -.Li many-answers -packs as many resource records -as possible into a message. -.Li many-answers -is more efficient, but is only known to be understood by BIND 8.1 and -patched versions of BIND 4.9.5. The default is -.Li one-answer . -.Ic transfer-format -may be overridden on a per-server basis by using the -.Ic server -statement. - -.It Ic transfers-in -The maximum number of inbound zone transfers that can be running -concurrently. The default value is 10. Increasing -.Ic transfers-in -may speed up the convergence of slave zones, -but it also may increase the load on the local system. - -.It Ic transfers-out -This option will be used in the future to limit the number of -concurrent outbound zone transfers. It is checked for syntax, but is -otherwise ignored. - -.It Ic transfers-per-ns -The maximum number of inbound zone transfers ( -.Nm named-xfer -processes) that can be concurrently transferring from a given remote -nameserver. The default value is 2. Increasing -.Ic transfers-per-ns -may speed up the convergence of slave zones, but it also may increase -the load on the remote nameserver. -.Ic transfers-per-ns -may be overridden on a per-server basis by using the -.Ic transfers -phrase of the -.Ic server -statement. - -.It Ic transfer-source -.Nm transfer-source -determines which local address will be bound to the TCP connection used to fetch all zones -transferred inbound by the server. If not set, it defaults to a system controlled value which will usually be the address of the interface ``closest to`` the remote end. This -address must appear in the remote end's -.Nm allow-transfer -option for the zones being transferred, if one is specified. This statement sets the -.Nm transfer-source -for all zones, but can be overriden on a per-zone basis by includinga -.Nm transfer-source -statement within the zone block in the configuration file. -.El - -.Ss Resource Limits - -.Pp -The server's usage of many system resources can be limited. Some -operating systems don't support some of the limits. On such systems, -a warning will be issued if the unsupported limit is used. Some -operating systems don't support limiting resources, and on these systems -a -.D1 cannot set resource limits on this system -message will -be logged. - -.Pp -Scaled values are allowed when specifying resource limits. For -example, -.Li 1G -can be used instead of -.Li 1073741824 -to specify a limit of one gigabyte. -.Li unlimited -requests unlimited use, or the maximum -available amount. -.Li default -uses the limit that was in -force when the server was started. -See the definition of -.Va size_spec -in the -.Sx DOCUMENTATION DEFINITIONS -section for more details. - -.Bl -tag -width 1 -.It Ic coresize -The maximum size of a core dump. The default value is -.Li default . - -.It Ic datasize -The maximum amount of data memory the server may use. The default -value is -.Li default . - -.It Ic files -The maximum number of files the server may have open concurrently. -The default value is -.Li unlimited . -Note that on some operating systems the server cannot set an unlimited -value and cannot determine the maximum number of open files the kernel -can support. On such systems, choosing -.Li unlimited -will cause the server to use -the larger of the -.Va rlim_max -from -.Fn getrlimit RLIMIT_NOFILE -and the value returned by -.Fn sysconf _SC_OPEN_MAX . -If the -actual kernel limit is larger than this value, use -.Ic limit files -to specify the limit explicitly. - -.It Ic max-ixfr-log-size -The -.Li max-ixfr-log-size -will be used in a future release of the server to limit the size of the transaction -log kept for Incremental Zone Transfer. - -.It Ic stacksize -The maximum amount of stack memory the server may use. The default value is -.Li default . -.El - -.Ss Periodic Task Intervals - -.Bl -tag -width 1 -.It Ic cleaning-interval -The server will remove expired resource records from the cache every - -.Ic cleaning-interval -minutes. The default is 60 minutes. If set -to 0, no periodic cleaning will occur. - -.It Ic heartbeat-interval -The server will perform zone maintenance tasks for all zones marked -.Ic dialup yes -whenever this interval expires. -The default is 60 minutes. Reasonable values are up to 1 day (1440 minutes). -If set to 0, no zone maintenance for these zones will occur. - -.It Ic interface-interval -The server will scan the network interface list every -.Ic interface-interval -minutes. The default is 60 minutes. -If set to 0, interface scanning will only occur when the configuration -file is loaded. After the scan, listeners will be started on any new -interfaces (provided they are allowed by the -.Ic listen-on -configuration). Listeners on interfaces that have gone away will be -cleaned up. - -.It Ic statistics-interval -Nameserver statistics will be logged every -.Ic statistics-interval -minutes. The default is 60. If set to 0, no statistics will be logged. -.El - -.Ss Topology - -.Pp -All other things being equal, when the server chooses a nameserver -to query from a list of nameservers, it prefers the one that is -topologically closest to itself. The -.Ic topology -statement takes an address match list and interprets it in a special way. -Each top-level list element is assigned a distance. -Non-negated elements get a distance based on -their position in the list, where the closer the match is to the start -of the list, the shorter the distance is between it and the server. A -negated match will be assigned the maximum distance from the server. -If there is no match, the address will get a distance which is further -than any non-negated list element, and closer than any negated -element. For example, - -.Bd -literal - topology { - 10/8; - !1.2.3/24; - { 1.2/16; 3/8; }; - }; -.Ed - -will prefer servers on network 10 the most, followed by hosts on -network 1.2.0.0 (netmask 255.255.0.0) and network 3, with the exception -of hosts on network 1.2.3 (netmask 255.255.255.0), which is preferred least -of all. - -.Pp -The default topology is -.Dl topology { localhost; localnets; }; - -.Ss Resource Record sorting - -.Pp -When returning multiple RRs, the nameserver will normally return them in -.Ic Round Robin , -i.e. after each request, the first RR is put to the end of the list. -As the order of RRs is not defined, this should not cause any problems. - -The client resolver code should re-arrange the RRs as appropriate, i.e. using -any addresses on the local net in preference to other addresses. However, not all -resolvers can do this, or are not correctly configured. - -When a client is using a local server, the sorting can be performed in the server, -based on the client's address. This only requires configuring the nameservers, -not all the clients. - -The -.Ic sortlist -statement takes an address match list and interprets it even more -specially than the -.Ictopology -statement does. - -Each top level statement in the sortlist must itself be an explicit address match -list with one or two elements. The first element (which may be an IP address, -an IP prefix, an ACL name or nested address match list) of each top level list is -checked against the source address of the query until a match is found. - -Once the source address of the query has been matched, if the top level -statement contains only one element, the actual primitive element that -matched the source address is used to select the address in the response to -move to the beginning of the response. If the statement is a list of two elements, -the second element is treated like the address match list in a topology -statement. Each top level element is assigned a distance and the address in the -response with the minimum distance is moved to the beginning of the response. - -In the following example, any queries received from any of the addresses of the -host itself will get responses preferring addresses on any of the locally -connected networks. Next most preferred are addresses on the 192.168.1/24 -network, and after that either the 192.168.2/24 or 192.168.3/24 network with no -preference shown between these two networks. Queries received from a host on -the 192.168.1/24 network will prefer other addresses on that network to the -192.168.2/24 and 192.168.3/24 networks. Queries received from a host on the -192.168.4/24 or the 192.168.5/24 network will only prefer other addresses on -their directly connected networks. - -.Bd -literal -sortlist { - { localhost; // IF the local host - { localnets; // THEN first fit on the - 192.168.1/24; // following nets - { 192,168.2/24; 192.168.3/24; }; }; }; - { 192.168.1/24; // IF on class C 192.168.1 - { 192.168.1/24; // THEN use .1, or .2 or .3 - { 192.168.2/24; 192.168.3/24; }; }; }; - { 192.168.2/24; // IF on class C 192.168.2 - { 192.168.2/24; // THEN use .2, or .1 or .3 - { 192.168.1/24; 192.168.3/24; }; }; }; - { 192.168.3/24; // IF on class C 192.168.3 - { 192.168.3/24; // THEN use .3, or .1 or .2 - { 192.168.1/24; 192.168.2/24; }; }; }; - { { 192.168.4/24; 192.168.5/24; }; // if .4 or .5, prefer that net - }; -}; -.Ed - -The following example will give reasonable behaviour for the local host and -hosts on directly connected networks. It is similar to the behavior of the -address sort in BIND 4.9.x. Responses sent to queries from the local host will -favor any of the directly connected networks. Responses sent to queries from -any other hosts on a directly connected network will prefer addresses on that -same network. Responses to other queries will not be sorted. - -.Bd -literal -sortlist { - { localhost; localnets; }; - { localnets; }; -}; -.Ed - -.Ss RRset Ordering - -.Pp -When multiple records are returned in an answer it may be useful to configure -the order the records are placed into the response. For example the records for -a zone might be configured to always be returned in the order they are defined -in the zone file. Or perhaps a random shuffle of the records as they are -returned is wanted. The rrset-order statement permits configuration of the -ordering made of the records in a multiple record response. The default, if no -ordering is defined, is a cyclic ordering (round robin). - -An -.Ic order_spec -is defined as follows: - -.Bd -literal - [ \fIclass class_name\fR ][ \fItype type_name\fR ][ \fIname\fR "FQDN" ] \fIorder\fR ordering -.Ed - -If no class is specified, the default is -.Ic ANY . -If no -.Li Ictype -is specified, the default is -.Ic ANY . -If no name is specified, the default is "*". - -The legal values for -.Ic ordering -are: - -.Bd -literal -.Ic fixed - Records are returned in the order they are defined in the zone file. -.Ic random - Records are returned in some random order. -.Ic cyclic - Records are returned in a round-robin order. - -For example: - - rrset-order { - class IN type A name "rc.vix.com" order random; - order cyclic; - }; -.Ed - -will cause any responses for type A records in class IN that have "rc.vix.com" as -a suffix, to always be returned in random order. All other records are returned -in cyclic order. - -If multiple -.Ic rrset-order -statements appear, they are not combined--the last one applies. - -If no -.Ic rrset-order -statement is specified, a default one of: - -.Bd -literal - rrset-order { class ANY type ANY name "*" order cyclic ; }; -.Ed - -is used. - -.Ss Tuning - -.Bl -tag -width 1 -.It Ic lame-ttl -Sets the number of seconds to cache a lame server indication. 0 disables -caching. Default is 600 (10 minutes). Maximum value is 1800 (30 minutes) -.It Ic max-ncache-ttl -To reduce network traffic and increase performance the server store negative -answers. -.Ic max-ncache-ttl -is used to set a maximum retention time -for these answers in the server is seconds. The default -.Ic max-ncache-ttl -is 10800 seconds (3 hours). -.Ic max-ncache-ttl -cannot exceed the maximum retention time for ordinary (positive) -answers (7 days) and will be silently truncated to 7 days if set to a -value which is greater that 7 days. -.It Ic min-roots -The minimum number of root servers that is required for a request for the root -servers to be accepted. Default is 2. -.El - -.Sh THE ZONE STATEMENT -.Ss Syntax - -.Bd -literal -zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] { - type master; - file \fIpath_name\fR; - [ check-names ( warn | fail | ignore ); ] - [ allow-update { \fIaddress_match_list\fR }; ] - [ allow-query { \fIaddress_match_list\fR }; ] - [ allow-transfer { \fIaddress_match_list\fR }; ] - [ dialup \fIyes_or_no\fR; ] - [ notify \fIyes_or_no\fR; ] - [ also-notify { \fIip_addr\fR; [ \fIip_addr\fR; ... ] }; - [ pubkey \fInumber\fR \fInumber\fR \fInumber\fR \fIstring\fR; ] -}; - -zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] { - type ( slave | stub ); - [ file \fIpath_name\fR; ] - masters [ port \fIip_port\fR ] { \fIip_addr\fR; [ \fIip_addr\fR; ... ] }; - [ check-names ( warn | fail | ignore ); ] - [ allow-update { \fIaddress_match_list\fR }; ] - [ allow-query { \fIaddress_match_list\fR }; ] - [ allow-transfer { \fIaddress_match_list\fR }; ] - [ transfer-source \fIip_addr\fR; ] - [ max-transfer-time-in \fInumber\fR; ] - [ notify \fIyes_or_no\fR; ] - [ also-notify { \fIip_addr\fR; [ \fIip_addr\fR; ... ] }; - [ pubkey \fInumber\fR \fInumber\fR \fInumber\fR \fIstring\fR; ] -}; - -zone \fIdomain_name\fR [ ( in | hs | hesiod | chaos ) ] { - type forward; - [ forward ( only | first ); ] - [ forwarders { [ \fIip_addr\fR ; [ \fIip_addr\fR ; ... ] ] }; ] - [ check-names ( warn | fail | ignore ); ] -}; - -zone \&".\&" [ ( in | hs | hesiod | chaos ) ] { - type hint; - file \fIpath_name\fR; - [ check-names ( warn | fail | ignore ); ] -}; -.Ed - -.Ss Definition and Usage - -The -.Ic zone -statement is used to define how information about particular DNS zones -is managed by the server. There are five different zone types. - -.Bl -tag -width 1 -.It Ic master -The server has a master copy of the data for the zone and will be able -to provide authoritative answers for it. - -.It Ic slave -A -.Ic slave -zone is a replica of a master zone. The -.Ic masters -list specifies one or more IP addresses that the slave contacts to -update its copy of the zone. If a -.Ic port -is specified then checks to see if the zone is current and zone transfers -will be done to the port given. If -.Ic file -is specified, then the replica will be written to the named file. -Use of the -.Ic file -clause is highly recommended, since it often speeds server startup -and eliminates a needless waste of bandwidth. - -.It Ic stub -A -.Ic stub -zone is like a slave zone, except that it replicates -only the NS records of a master zone instead of the entire zone. - -.It Ic forward -A -.Ic forward -zone is used to direct all queries in it to other servers, as described in -.Sx THE OPTIONS STATEMENT -section. The specification of options in such a zone will override -any global options declared in the -.Ic options -statement. - -.Pp -If either no -.Ic forwarders -clause is present in the zone or an empty list for -.Ic forwarders -is given, then no forwarding will be done for the zone, cancelling the -effects of any -.Ic forwarders -in the -.Ic options -statement. -Thus if you want to use this type of zone to change only the behavior of -the global -.Ic forward -option, and not the servers used, then you also need to respecify the -global forwarders. - -.It Ic hint -The initial set of root nameservers is specified using a -.Ic hint -zone. When the server starts up, it uses the root hints -to find a root nameserver and get the most recent list of root nameservers. -.El - -.Pp -Note: previous releases of BIND used the term -.Ic primary -for a master zone, -.Ic secondary -for a slave zone, and -.Ic cache -for a hint zone. - -.Ss Classes - -The zone's name may optionally be followed by a class. If a class is not -specified, class -.Ic in -(for "internet"), is assumed. This is correct for the vast majority -of cases. - -.Pp -The -.Ic hesiod -class is for an information service from MIT's Project Athena. It is -used to share information about various systems databases, such as -users, groups, printers and so on. More information can be found at -ftp://athena-dist.mit.edu/pub/ATHENA/usenix/athena_changes.PS. -The keyword -.Ic hs -is a synonym for -.Ic hesiod . - -.Pp -Another MIT development was CHAOSnet, a LAN protocol created in the -mid-1970s. It is still sometimes seen on LISP stations and other -hardware in the AI community, and zone data for it can be specified -with the -.Ic chaos -class. - -.Ss Options - -.Bl -tag -width 1 -.It Ic check-names -See the subsection on -.Sx Name Checking -in -.Sx THE OPTIONS STATEMENT . - -.It Ic allow-query -See the description of -.Ic allow-query -in the -.Sx Access Control -subsection of -.Sx THE OPTIONS STATEMENT . - -.It Ic allow-update -Specifies which hosts are allowed to submit Dynamic DNS updates to the -server. The default is to deny updates from all hosts. - -.It Ic allow-transfer -See the description of -.Ic allow-transfer -in the -.Sx Access Control -subsection of -.Sx THE OPTIONS STATEMENT . - -.It Ic transfer-source -.Ic transfer-source -determines which local address will be bound to the TCP connection -used to fetch this zone. If not set, it defaults to a system -controlled value which will usually be the address of the interface -``closest to'' the remote end. This address must appear in the remote end's -.Ic allow-transfer -option for this zone if one is specified. - -.It Ic max-transfer-time-in -See the description of -.Ic max-transfer-time-in -in the -.Sx Zone Transfers -subsection of -.Sx THE OPTIONS STATEMENT . - -.It Ic dialup -See the description of -.Ic dialup -in the -.Sx Boolean Options -subsection of -.Sx THE OPTIONS STATEMENT . - -.It Ic notify -See the description of -.Sx notify -in the -.Sx Boolean Options -subsection of the -.Sx THE OPTIONS STATEMENT . - -.It Ic also-notify -.Ic also-notify -is only meaningful if -.Ic notify -is active for this zone. -The set of machines that will receive a DNS NOTIFY message for this -zone is made up of all the listed nameservers for the zone (other than -the primary master) plus any IP addresses specified with -.Ic also-notify . -.Ic also-notify -is not meaningful for -.Ic stub -zones. The default is the empty list. - -.It Ic forward -.Ic forward -is only meaningful if the zone has a -.Ic forwarders -list. The -.Ic only -value causes the lookup to fail after trying the -.Ic forwarders -and getting no answer, while -.Ic first -would allow a normal lookup to be tried. - -.It Ic forwarders -The -.Ic forwarders -option in a zone is used to override the list of global forwarders. -If it is not specified in a zone of type -.Ic forward , -.Em no -forwarding is done for the zone; the global options are not used. - -.It Ic pubkey -The DNSSEC flags, protocol, and algorithm are specified, as well as a base-64 -encoded string representing the key. -.El - -.Sh THE ACL STATEMENT -.Ss Syntax - -.Bd -literal -acl \fIname\fR { - \fIaddress_match_list\fR -}; -.Ed - -.Ss Definition and Usage - -The -.Ic acl -statement creates a named address match list. -It gets its name from a primary use of address match lists: Access -Control Lists (ACLs). - -.Pp -Note that an address match list's name must be defined with -.Ic acl -before it can be used elsewhere; no forward -references are allowed. - -.Pp -The following ACLs are built-in: - -.Bl -tag -width 1 -.It Ic any -Allows all hosts. -.It Ic none -Denies all hosts. -.It Ic localhost -Allows the IP addresses of all interfaces on the system. -.It Ic localnets -Allows any host on a network for which the system has an interface. -.El - -.Sh THE KEY STATEMENT -.Ss Syntax - -.Bd -literal -key \fIkey_id\fR { - algorithm \fIalgorithm_id\fR; - secret \fIsecret_string\fR; -}; -.Ed - -.Ss Definition and Usage - -The -.Ic key -statement defines a key ID which can be used in a -.Ic server -statement to associate a method of authentication with a particular -name server that is more rigorous than simple IP address matching. -A key ID must be created with the -.Ic key -statement before it can be used in a -.Ic server -definition or an address match list. - -.Pp -The -.Va algorithm_id -is a string that specifies a -security/authentication algorithm. -.Va secret_string -is the secret to be used by the algorithm, -and is treated as a base-64 encoded string. -It should go without saying, but probably can't, -that if you have -.Va secret_string 's -in your -.Pa named.conf , -then it should not be readable by anyone but the superuser. - -.Sh THE TRUSTED-KEYS STATEMENT -.Ss Syntax - -.Bd -literal -trusted-keys { - [ \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ] -}; -.Ed - -.Ss Definition and Usage - -The -.Ic trusted-keys -statement is for use with DNSSEC-style security, originally specified -in RFC 2065. DNSSEC is meant to -provide three distinct services: key distribution, data origin -authentication, and transaction and request authentication. A -complete description of DNSSEC and its use is beyond the scope of this -document, and readers interested in more information should start with -RFC 2065 and then continue with the Internet Drafts available at -http://www.ietf.org/ids.by.wg/dnssec.html. - -.Pp -Each trusted key is associated with a domain name. Its attributes are -the non-negative integral -.Va flags , -.Va protocol , -and -.Va algorithm , -as well as a base-64 encoded string representing the -.Va key . - -.Pp -Any number of trusted keys can be specified. - -.Sh THE SERVER STATEMENT -.Ss Syntax - -.Bd -literal -server \fIip_addr\fR { - [ bogus \fIyes_or_no\fR; ] - [ transfers \fInumber\fR; ] - [ transfer-format ( one-answer | many-answers ); ] - [ keys { \fIkey_id\fR [ \fIkey_id\fR ... ] }; ] -}; -.Ed - -.Ss Definition and Usage - -The server statement defines the characteristics to be -associated with a remote name server. - -.Pp -If you discover that a server is giving out bad data, marking it as -.Ic bogus -will prevent further queries to it. The default value of -.Ic bogus -is -.Li no . - -.Pp -The server supports two zone transfer methods. The first, -.Ic one-answer , -uses one DNS message per resource record transferred. -.Ic many-answers -packs as many resource records as possible into a message. -.Ic many-answers -is more efficient, but is only known to be understood by BIND 8.1 and -patched versions of BIND 4.9.5. You can specify which method to use -for a server with the -.Ic transfer-format -option. If -.Ic transfer-format -is not specified, the -.Ic transfer-format -specified by the -.Ic options -statement will be used. - -.Pp -The -.Ic transfers -will be used in a future release of the server to limit the number of -concurrent in-bound zone transfers from the specified server. It is -checked for syntax but is otherwise ignored. - -.Pp -The -.Ic keys -clause is used to identify a -.Va key_id -defined by the -.Ic key -statement, to be used for transaction security when talking to the -remote server. -The -.Ic key -statememnt must come before the -.Ic server -statement that references it. - -.Pp -The -.Ic keys -statement is intended for future use by the -server. It is checked for syntax but is otherwise ignored. - -.Sh THE CONTROLS STATEMENT -.Ss Syntax - -.Bd -literal -controls { - [ inet \fIip_addr\fR - port \fIip_port\fR - allow { \fIaddress_match_list\fR; }; ] - [ unix \fIpath_name\fR - perm \fInumber\fR - owner \fInumber\fR - group \fInumber\fR; ] -}; -.Ed - -.Ss Definition and Usage - -The -.Ic controls -statement declares control channels to be used by system -administrators to affect the operation of the local name server. -These control channels are used by the -.Nm ndc -utility to send commands -to and retrieve non-DNS results from a name server. - -.Pp -A -.Ic unix -control channel is a FIFO in the file system, and access to it is -controlled by normal file system permissions. It is created by -.Nm named -with the specified file mode bits (see -.Xr chmod 1 ) , -user and group owner. Note that, unlike -.Nm chmod , -the mode bits specified for -.Ic perm -will normally have a leading -.Li 0 -so the number is interpreted as octal. Also note that the user and -group ownership specified as -.Ic owner -and -.Ic group -must be given as numbers, not names. -It is recommended that the -permissions be restricted to administrative personnel only, or else any -user on the system might be able to manage the local name server. - -.Pp -An -.Ic inet -control channel is a TCP/IP socket accessible to the Internet, created -at the specified -.Va ip_port -on the specified -.Va ip_addr . -Modern -.Nm telnet -clients are capable of speaking directly to these -sockets, and the control protocol is ARPAnet-style text. -It is recommended that 127.0.0.1 be the only -.Va ip_addr -used, and this only if you trust all non-privileged users on the local -host to manage your name server. - -.Sh THE INCLUDE STATEMENT -.Ss Syntax - -.Bd -literal -include \fIpath_name\fR; -.Ed - -.Ss Definition and Usage - -The -.Ic include -statement inserts the specified file at the point that the -.Ic include -statement is encountered. It cannot be used within another statement, -though, so a line such as -.Dl acl internal_hosts { include "internal_hosts.acl"; }; -is not allowed. - -.Pp -Use -.Ic include -to break the configuration up into easily-managed chunks. -For example: - -.Bd -literal -include "/etc/security/keys.bind"; -include "/etc/acls.bind"; -.Ed - -could be used at the top of a BIND configuration file in order to -include any ACL or key information. - -.Pp -Be careful not to type -``#include'', like you would in a C program, because -``#'' is used to start a comment. - -.Sh EXAMPLES - -The simplest configuration file that is still realistically useful is -one which simply defines a hint zone that has a full path to the root -servers file. -.Bd -literal -zone \&".\&" in { - type hint; - file \&"/var/named/root.cache\&"; -}; -.Ed - -Here's a more typical real-world example. - -.Bd -literal -/* - * A simple BIND 8 configuration - */ - -logging { - category lame-servers { null; }; - category cname { null; }; -}; - -options { - directory \&"/var/named\&"; -}; - -controls { - inet * port 52 allow { any; }; // a bad idea - unix \&"/var/run/ndc\&" perm 0600 owner 0 group 0; // the default -}; - -zone \&"isc.org\&" in { - type master; - file \&"master/isc.org\&"; -}; - -zone \&"vix.com\&" in { - type slave; - file \&"slave/vix.com\&"; - masters { 10.0.0.53; }; -}; - -zone \&"0.0.127.in-addr.arpa\&" in { - type master; - file \&"master/127.0.0\&"; -}; - -zone \&".\&" in { - type hint; - file \&"root.cache\&"; -}; -.Ed - -.Sh FILES -.Bl -tag -width 1 -compact -.It Pa /etc/named.conf -The BIND 8 -.Nm named -configuration file. -.El - -.Sh SEE ALSO -.Xr named 8 , -.Xr ndc 8 diff --git a/contrib/bind/doc/man/ndc.8 b/contrib/bind/doc/man/ndc.8 deleted file mode 100644 index a4645e6fa3938..0000000000000 --- a/contrib/bind/doc/man/ndc.8 +++ /dev/null @@ -1,133 +0,0 @@ -.\" Copyright (c) 1998,1999 by Internet Software Consortium -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" -.Dd December 31, 1998 -.Dt @INDOT_U@NDC @SYS_OPS_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm ndc -.Nd name daemon control program -.Sh SYNOPSIS -.Nm ndc -.Op Fl c Ar channel -.Op Fl l Ar localsock -.Op Fl p Ar pidfile -.Op Fl d -.Op Fl q -.Op Fl s -.Op Fl t -.Op Ar command -.Sh DESCRIPTION -This command allows the system administrator to control the operation -of a name server. If no -.Ar command -is given, -.Ic ndc -will prompt for commands until it reads EOF. -.Pp -Options are: -.Bl -tag -width Fl -.It Fl c Ar channel -Specifies the rendezvous point for the control channel. The default is -.Pa /var/run/ndc -(a UNIX domain socket which is also the server's default control channel). -If the desired control channel is a TCP/IP socket, then the format of the -.Ar channel -argument is -.Sy ipaddr/port -(for example, -.Sy 127.0.0.1/54 -would be TCP port 54 on the local host.) -.It Fl l Ar localsock -This option will -.Xr bind 2 -the client side of the control channel to a specific address. Servers can -be configured to reject connections which do not come from specific addresses. -The format is the same as for -.Ar channel -(see above). -.It Fl p Ar pidfile -For backward compatibility with older name servers, -.Ic ndc -is able to use UNIX signals for control communications. This capability is -optional in modern name servers and will disappear altogether at some future -time. Note that the available -.Ar command -set is narrower when the signal interface is used. A likely -.Ar pidfile -argument would be something like -.Pa /var/run/named.pid . -.It Fl d -Turns on debugging output, which is of interest mainly to developers. -.It Fl q -Suppresses prompts and result text. -.It Fl s -Suppresses nonfatal error announcements. -.It Fl t -Turns on protocol and system tracing, useful in installation debugging. -.El -.Sh COMMANDS -Several commands are built into -.Ic ndc , -but the full set of commands supported by the name server is dynamic and -should be discovered using the -.Ar help -command (see below). Builtin commands are: -.Bl -tag -width Fl -.It Ar /help -Provides help for builtin commands. -.It Ar /exit -Exit from -.Ic ndc -command interpreter. -.It Ar /trace -Toggle tracing (see -.Fl -t -description above). -.It Ar /debug -Toggle debugging (see -.Fl d -description above). -.It Ar /quiet -Toggle quietude (see -.Fl q -description above). -.It Ar /silent -Toggle silence (see -.Fl s -description above). -.El -.Sh NOTES -If running in -.Ar pidfile -mode, any arguments to -.Ar start -and -.Ar restart -commands are passed to the new -.Ic @INDOT@named -on its command line. If running in -.Ar channel -mode, there is no -.Ar start -command and the -.Ar restart -command just tells the name server to -.Xr execvp 2 -itself. -.Sh AUTHOR -Paul Vixie (Internet Software Consortium) -.Sh SEE ALSO -.Xr @INDOT@named @SYS_OPS_EXT@ , diff --git a/contrib/bind/doc/man/nslookup.8 b/contrib/bind/doc/man/nslookup.8 deleted file mode 100644 index 5ba185009f50f..0000000000000 --- a/contrib/bind/doc/man/nslookup.8 +++ /dev/null @@ -1,534 +0,0 @@ -.\" -.\" ++Copyright++ 1985, 1989 -.\" - -.\" Copyright (c) 1985, 1989 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" - -.\" Portions Copyright (c) 1993 by Digital Equipment Corporation. -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies, and that -.\" the name of Digital Equipment Corporation not be used in advertising or -.\" publicity pertaining to distribution of the document or software without -.\" specific, written prior permission. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL -.\" WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT -.\" CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\" SOFTWARE. -.\" - -.\" --Copyright-- -.\" -.\" @(#)nslookup.8 5.3 (Berkeley) 6/24/90 -.\" -.Dd June 24, 1990 -.Dt NSLOOKUP @SYS_OPS_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm nslookup -.Nd query Internet name servers interactively -.Sh SYNOPSIS -.Nm nslookup -.Op Fl option Ar ... -.Op Ar host-to-find | Fl Op Ar server -.Sh DESCRIPTION -.Ic Nslookup -is a program to query Internet domain name servers. -.Ic Nslookup -has two modes: interactive and non-interactive. -Interactive mode allows the user to query name servers for -information about various hosts and domains or to print a list of hosts -in a domain. -Non-interactive mode is used to print just the name and requested information -for a host or domain. -.Sh ARGUMENTS -Interactive mode is entered in the following cases: -.Bl -tag -width "a) " -.It a) -when no arguments are given (the default name server will be used), -.It b) -when the first argument is a hyphen (-) and the second argument -is the host name or Internet address of a name server. -.El -.Pp -Non-interactive mode is used when the name or Internet address -of the host to be looked up -is given as the first argument. The optional second argument specifies -the host name or address of a name server. -.Pp -The options listed under the -.Dq Li set -command below can be specified in -the -.Pa .nslookuprc -file in the user's home directory if they are listed -one per line. Options can also be specified -on the command line if they precede the arguments and are prefixed with -a hyphen. For example, to change the default query type to host information, -and the initial timeout to 10 seconds, type: -.Bd -literal -offset indent - nslookup -query=hinfo -timeout=10 -.Ed -.Sh INTERACTIVE COMMANDS -Commands may be interrupted at any time by typing a control-C. -To exit, type a control-D -.Pq Dv EOF -or type -.Li exit . -The command line length must be less than 256 characters. -To treat a built-in command as a host name, -precede it with an escape character -.Pq .&\\ . -.Sy N.B.: An unrecognized command will be interpreted as a host name. -.Bl -tag -width "lserver" -.It Ar host Op Ar server -Look up information for -.Ar host -using the current default server or using -.Ar server , -if specified. -If -.Ar host -is an Internet address and the query type is -.Dv A -or -.Dv PTR , -the name of the host is returned. -If -.Ar host -is a name and does not have a trailing period, the default -domain name is appended to the name. (This behavior depends on the state of the -.Ic set -options -.Ic domain , srchlist , defname , -and -.Ic search . ) -.Pp -To look up a host not in the current domain, append a period to -the name. -.It Ic server Ar domain -.It Ic lserver Ar domain -Change the default server to -.Ar domain ; -.Ic lserver -uses the initial server to look up information about -.Ar domain , -while -.Ic server -uses the current default server. -If an authoritative answer can't be found, the names of servers -that might have the answer are returned. -.It Ic root -Changes the default server to the server for the root of the domain name space. -Currently, the host -.Li ns.internic.net -is used. -(This command is a synonym for -.Dq Ic lserver ns.internic.net . ) -The name of the root server can be changed with the -.Dq Ic set root -command. -.It Xo Ic finger Op Ar name -.Op Ic > Ar filename -.Xc -.It Xo Ic finger Op Ar name -.Op Ic >> Ar filename -.Xc -Connects with the finger server on the current host. -The current host is defined when a previous lookup for a host -was successful and returned address information (see the -.Dq Ic set querytype=A -command). -The -.Ar name -is optional. -.Ic > -and -.Ic >> -can be used to redirect output in the usual manner. -.It Xo Ic ls Op Ar option -.Ar domain Op Ic > Ar filename -.Xc -.It Xo Ic ls Op Ar option -.Ar domain Op Ic >> Ar filename -.Xc -List the information available for -.Ar domain , -optionally creating or appending to -.Ar filename . -The default output contains host names and their Internet addresses. -.Ar Option -can be one of the following: -.Bl -tag -width "-a " -.It Fl t Ar querytype -lists all records of the specified type (see -.Ar querytype -below). -.It Fl a -lists aliases of hosts in the domain; -synonym for -.Dq Fl t Dv CNAME . -.It Fl d -lists all records for the domain; -synonym for -.Dq Fl t Dv ANY . -.It Fl h -lists CPU and operating system information for the domain; -synonym for -.Dq Fl t Dv HINFO . -.It Fl s -lists well-known services of hosts in the domain; -synonym for -.Dq Fl t Dv WKS . -.El -.Pp -When output is directed to a file, hash marks are printed for every -50 records received from the server. -.It Ic view Ar filename -Sorts and lists the output of previous -.Ic ls -command(s) with -.Xr more @CMD_EXT@ . -.It Ic help -.It Ic ? -Prints a brief summary of commands. -.It Ic exit -Exits the program. -.It Xo Ic set Ar keyword -.Ns Op = Ns Ar value -.Xc -This command is used to change state information that affects the lookups. -Valid keywords are: -.Bl -tag -width "class=v" -.It Ic all -Prints the current values of the frequently-used options to -.Ic set . -Information about the current default server and host is also printed. -.It Ic class= Ns Ar value -Change the query class to one of: -.Bl -tag -width "HESIOD " -.It Dv IN -the Internet class -.It Dv CHAOS -the Chaos class -.It Dv HESIOD -the MIT Athena Hesiod class -.It Dv ANY -wildcard (any of the above) -.El -.Pp -The class specifies the protocol group of the information. -.Pp -(Default = -.Dv IN ; -abbreviation = -.Ic cl ) -.It Xo Op Ic no -.Ns Ic debug -.Xc -Turn debugging mode on. A lot more information is printed about the -packet sent to the server and the resulting answer. -.Pp -(Default = -.Ic nodebug ; -abbreviation = -.Xo Op Ic no -.Ns Ic deb ) -.Xc -.It Xo Op Ic no -.Ns Ic d2 -.Xc -Turn exhaustive debugging mode on. -Essentially all fields of every packet are printed. -.Pp -(Default = -.Ic nod2 ) -.It Ic domain= Ns Ar name -Change the default domain name to -.Ar name . -The default domain name is appended to a lookup request depending on the -state of the -.Ic defname -and -.Ic search -options. -The domain search list contains the parents of the default domain if it has -at least two components in its name. -For example, if the default domain -is CC.Berkeley.EDU, the search list is CC.Berkeley.EDU and Berkeley.EDU. -Use the -.Dq Ic set srchlist -command to specify a different list. -Use the -.Dq Ic set all -command to display the list. -.Pp -(Default = value from -.Xr hostname @CMD_EXT@ , -.Pa /etc/resolv.conf , -or -.Ev LOCALDOMAIN; -abbreviation = -.Ic do ) -.It Ic srchlist= Ns Ar name1/name2/... -Change the default domain name to -.Ar name1 -and the domain search list -to -.Ar name1 , name2 , -etc. A maximum of 6 names separated by slashes (/) -can be specified. -For example, -.Bd -literal -offset indent -set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU -.Ed -.Pp -sets the domain to lcs.MIT.EDU and the search list to the three names. -This command overrides the -default domain name and search list of the -.Dq Ic set domain -command. -Use the -.Dq Ic set all -command to display the list. -.Pp -(Default = value based on -.Xr hostname @CMD_EXT@ , -.Pa /etc/resolv.conf , -or -.Ev LOCALDOMAIN; -abbreviation = -.Ic srchl ) -.It Xo Op Ic no -.Ns Ic defname -.Xc -If set, append the default domain name to a single-component lookup request -(i.e., one that does not contain a period). -.Pp -(Default = -.Ic defname ; -abbreviation = -.Xo Op Ic no -.Ns Ic defname ) -.Xc -.It Xo Op Ic no -.Ns Ic search -.Xc -If the lookup request contains at least one period but -.Em doesn't -end with a trailing period, append the domain names in the domain search list -to the request until an answer is received. -.Pp -(Default = -.Ic search ; -abbreviation = -.Xo Op Ic no -.Ns Ic sea ) -.Xc -.It Ic port= Ns Ar value -Change the default TCP/UDP name server port to -.Ar value . -.Pp -(Default = 53; -abbreviation = -.Ic \&po ) -.It Ic querytype= Ns Ar value -.It Ic type= Ns Ar value -Change the type of information query to one of: -.Bl -tag -width "HINFO " -.It Dv A -the host's Internet address. -.It Dv CNAME -the canonical name for an alias. -.It Dv HINFO -the host CPU and operating system type. -.It Dv MINFO -the mailbox or mail list information. -.It Dv MX -the mail exchanger. -.It Dv NS -the name server for the named zone. -.It Dv PTR -the host name if the query is an Internet address; -otherwise, the pointer to other information. -.It Dv SOA -the domain's -.Dq start-of-authority -information. -.It Dv TXT -the text information. -.It Dv UINFO -the user information. -.It Dv WKS -the supported well-known services. -.El -.Pp -Other types -.Pq Dv ANY, AXFR, MB, MD, MF, NULL -are described in the RFC-1035 document. -.Pp -(Default = -.Dv A ; -abbreviations = -.Ic q , ty ) -.It Xo Op Ic no -.Ns Ic recurse -.Xc -Tell the name server to query other servers if it does not have the -information. -.Pp -(Default = -.Ic recurse ; -abbreviation = -.Xo Op Ic no -.Ns Ic rec ) -.Xc -.It Ic retry= Ns Ar number -Set the number of retries to -.Ar number . -When a reply to a request is not received within a certain -amount of time (changed with -.Dq Ic set timeout ) , -the timeout period is doubled and the request is resent. -The retry value controls how many times a request is resent before giving up. -.Pp -(Default = 4, abbreviation = -.Ic ret ) -.It Ic root= Ns Ar host -Change the name of the root server to -.Ar host . -This affects the -.Dq Ic root -command. -.Pp -(Default = -.Ic ns.internic.net. ; -abbreviation = -.Ic ro ) -.It Ic timeout= Ns Ar number -Change the initial timeout interval for waiting for a reply to -.Ar number -seconds. Each retry doubles the timeout period. -.Pp -(Default = 5 seconds; abbreviation = -.Ic ti ) -.It Xo Op Ic no -.Ns Ic vc -.Xc -Always use a virtual circuit when sending requests to the server. -.Pp -(Default = -.Ic novc ; -abbreviation = -.Xo Op Ic no -.Ns Ic v ) -.Xc -.It Xo Op Ic no -.Ns Ic ignoretc -.Xc -Ignore packet truncation errors. -.Pp -(Default = -.Ic noignoretc ; -abbreviation = -.Xo Op Ic no -.Ns Ic ig ) -.Xc -.El -.El -.Sh DIAGNOSTICS -If the lookup request was not successful, an error message is printed. -Possible errors are: -.Bl -tag -width "Timed" -.It Li Timed out -The server did not respond to a request after a certain amount of -time (changed with -.Dq Ic set timeout= Ns Ar value ) -and a certain number of retries (changed with -.Dq Ic set retry= Ns Ar value ) . -.It Li \&No response from server -No name server is running on the server machine. -.It Li \&No records -The server does not have resource records of the current query type for the -host, although the host name is valid. -The query type is specified with the -.Dq Ic set querytype -command. -.It Li Non-existent domain -The host or domain name does not exist. -.It Li Connection refused -.It Li Network is unreachable -The connection to the name or finger server could not be made -at the current time. -This error commonly occurs with -.Ic ls -and -.Ic finger -requests. -.It Li Server failure -The name server found an internal inconsistency in its database -and could not return a valid answer. -.It Li Refused -The name server refused to service the request. -.It Li Format error -The name server found that the request packet was not in the proper format. -It may indicate an error in -.Nm nslookup . -.El -.Sh FILES -.Bl -tag -width "/usr/share/misc/nslookup.helpXXX" -compact -.It Pa /etc/resolv.conf -initial domain name and name server addresses -.It Pa $HOME/.nslookuprc -user's initial options -.It Pa /usr/share/misc/nslookup.help -summary of commands -.Sh ENVIRONMENT -.Bl -tag -width "HOSTALIASESXXXX" -compact -.It Ev HOSTALIASES -file containing host aliases -.It Ev LOCALDOMAIN -overrides default domain -.Sh SEE ALSO -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ ; -RFC-1034, -.Dq Domain Names - Concepts and Facilities ; -RFC-1035, -.Dq Domain Names - Implementation and Specification . -.Sh AUTHOR -Andrew Cherenson diff --git a/contrib/bind/doc/man/nsupdate.8 b/contrib/bind/doc/man/nsupdate.8 deleted file mode 100644 index feaa64c083e64..0000000000000 --- a/contrib/bind/doc/man/nsupdate.8 +++ /dev/null @@ -1,214 +0,0 @@ -.\" $Id: nsupdate.8,v 8.4 1999/10/17 06:26:18 cyarnell Exp $ -.\" -.\"Copyright (c) 1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.Dd March 5, 1999 -.Dt NSUPDATE @SYS_OPS_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm nsupdate -.Nd update Internet name servers interactively -.Sh SYNOPSIS -.Nm nsupdate -.Op Fl Ar k keydir:keyname -.Op Fl Ar d -.Op Fl Ar v -.Op Ar filename -.Sh DESCRIPTION -.Ic Nsupdate -is a program to update Internet domain name servers -supporting dynamic update. -.Ic Nsupdate -uses the DNS resolver library to pass messages -to a DNS server requesting the additional or deletion of -DNS resource records (RRs). -.Ic Nsupdate -reads input from -.Ar filename -or standard input. -.Sh ARGUMENTS -.Bl -tag -width Fl -.It Fl k -Sign updates with TSIG. -.It Fl d -Debug mode. -.It Fl v -Virtual circuit - use TCP to communication with server. -Default is UDP. -.Sh INPUT FORMAT -.Ic Nsupdate -reads input records, one per line, -each line contributing a resource record to an -update request. -All domain names used in a single update request -must belong to the same DNS zone. -A blank line causes the accumulated -records to be formated into a single update request -and transmitted to the zone's authoritative name servers. -Additional records may follow, -which are formed into additional, -completely independent update requests. -For the last request to be transmitted, a blank line -must end the input. -.Pp -Records take one of two general forms. -.Em Prerequisite -records specify conditions that must be satisfied before -the request will be processed. -.Em Update -records specify changes to be made to the DNS database. -A update request consists of zero or more prerequisites -and one or more updates. -Each update request is processed atomically - -all prerequisites must be satisfied, then all updates -will be performed. -.Pp -.Ic Nsupdate -understands the following input record formats: -.Pp - -.Bl -ohang - -.It Ic prereq nxdomain Va domain-name -Requires that no RR of any type exists with name -.Va domain-name . - -.It Ic prereq yxdomain Va domain-name -Requires that at least one RR named -.Va domain-name -must exist. - -.It Xo -.Ic prereq nxrrset Va domain-name Op class -.Va type -.Xc -Requires that no RR exists of the specified -.Va type -and -.Va domain-name . - -.It Xo -.Ic prereq yxrrset -.Va domain-name Op class -.Va type Op data... -.Xc -Requires that a RR exists of the specified -.Va type -and -.Va domain-name . -If -.Va data -is specified, it must match exactly. - -.It Xo -.Ic update delete -.Va domain-name Op class -.Va Op type Op data... -.Xc -Deletes RRs named -.Va domain-name . -If -.Va type -(and possibly -.Va data ) -is specified, -only matching records will be deleted. - -.It Xo -.Ic update add -.Va domain-name ttl Op class -.Va type data... -.Xc -Adds a new RR with specified -.Va ttl , type , -and -.Va data . - -.El - -.Sh EXAMPLES -The following example illustrates the interactive use of -.Ic nsupdate -to change an IP address by deleting any existing A records -for a domain name and then inserting a new one. -Since no prerequisites are specified, -the new record will be added even if -there were no existing records to delete. -Note the -trailing blank line, required to process the request. -.Bd -literal -offset indent -$ nsupdate -> update delete test.example.com A -> update add test.example.com 3600 A 10.1.1.1 -> - -.Ed -.Pp -In this example, a CNAME alias is added to the database -only if there are no existing A or CNAME records for -the domain name. -.Bd -literal -offset indent -$ nsupdate -> prereq nxrrset www.example.com A -> prereq nxrrset www.example.com CNAME -> update add www.example.com 3600 CNAME test.example.com -> - -.Ed -.Pp -In this example, the nsupdate will be signed with the key "mykey", which -is in the directory "/var/named/keys". -.Bd -literal -offset indent -$ nsupdate -k /var/named/keys:mykey -> update add ftp.example.com 60 A 192.168.5.1 -> - -.Ed - -.Sh DIAGNOSTICS -.Bl -ohang - -.It Qq send error -Typically indicates that the authoritative nameservers could not be reached - -.It Qq failed update packet -Typically indicates that the nameserver has rejected the update, -either because the nameserver doesn't support dynamic update, -or due to an authentication failure - -.It Qq res_mkupdate: packet size = Va size -(and no other messages) -The update was successfully received and authenticated by the nameserver. -The prerequisites, however, may have prevented the update from actually -being performed. The only way to determine if the update was performed -is to use debug mode -.Fl ( d ) -and examine the status field in the nameserver's reply. - -.Sh FILES -.It Pa /etc/resolv.conf -initial domain name and name server addresses -.Sh SEE ALSO -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ ; -RFC-1034, -.Dq Domain Names - Concepts and Facilities ; -RFC-1035, -.Dq Domain Names - Implementation and Specification ; -RFC-2136, -Dynamic Updates in the Domain Name System. -.Sh AUTHOR -Brent Baccala diff --git a/contrib/bind/doc/man/resolver.3 b/contrib/bind/doc/man/resolver.3 deleted file mode 100644 index 6ddfe11ddc791..0000000000000 --- a/contrib/bind/doc/man/resolver.3 +++ /dev/null @@ -1,581 +0,0 @@ -.\" Copyright (c) 1985, 1995 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted provided -.\" that: (1) source distributions retain this entire copyright notice and -.\" comment, and (2) distributions including binaries display the following -.\" acknowledgement: ``This product includes software developed by the -.\" University of California, Berkeley and its contributors'' in the -.\" documentation or other materials provided with the distribution and in -.\" all advertising materials mentioning features or use of this software. -.\" Neither the name of the University nor the names of its contributors may -.\" be used to endorse or promote products derived from this software without -.\" specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED -.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)resolver.3 6.5 (Berkeley) 6/23/90 -.\" $Id: resolver.3,v 8.11 1999/09/13 23:33:24 vixie Exp $ -.\" -.Dd October 19, 1998 -.Dt RESOLVER @LIB_NETWORK_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm res_ninit , -.Nm res_nisourserver , -.Nm fp_resstat , -.Nm res_npquery , -.Nm res_hostalias , -.Nm res_nquery , -.Nm res_nsearch , -.Nm res_nquerydomain , -.Nm res_nmkquery , -.Nm res_nsend , -.Nm res_nupdate , -.Nm res_nmkupdate , -.Nm res_nclose , -.Nm res_nsendsigned , -.Nm res_nsendupdate , -.Nm res_findzonecut , -.Nm dn_comp , -.Nm dn_expand , -.Nm hstrerror , -.Nm res_init , -.Nm res_isourserver , -.Nm p_nquery , -.Mm p_query , -.Mm hostalias , -.Nm res_query , -.Nm res_search , -.Nm res_querydomain , -.Nm res_mkquery , -.Nm res_send , -.Nm res_update , -.Nm res_close , -.Nm herror -.Nd resolver routines -.Sh SYNOPSIS -.Fd #include <sys/types.h> -.Fd #include <netinet/in.h> -.Fd #include <arpa/nameser.h> -.Fd #include <resolv.h> -.Fn res_ninit "res_state statp" -.Fn res_nisourserver "const res_state statp" "const struct sockaddr_in *addr" -.Fn fp_resstat "const res_state statp" "FILE *fp" -.Fn res_npquery "const res_state statp" "const u_char *msg" "int msglen" "FILE *fp" -.Fn res_hostalias "const res_state statp" "const char *name" "char *buf" "size_t buflen" -.Fn res_nquery "res_state statp" "const char *dname" "int class" "int type" "u_char *answer" "int anslen" -.Fn res_nsearch "res_state statp" "const char *dname" "int class" "int type" "u_char * answer" "int anslen" -.Fn res_nquerydomain "res_state statp" "const char *name" "const char *domain" "int class" "int type" "u_char *answer" "int anslen" -.Fn res_nmkquery "res_state statp, int op, const char *dname" "int class" "int type" "const u_char *data" "int datalen" "const u_char *newrr" "u_char *buf" "int buflen" -.Fn res_nsend "res_state statp" "const u_char *msg" "int msglen" "u_char *answer" "int anslen" -.Fn res_nupdate "res_state statp" "ns_updrec *rrecp_in" -.Fn res_nmkupdate "res_state statp" "ns_updrec *rrecp_in" "u_char *buf" "int buflen" -.Fn res_nclose "res_state statp" -.Fn res_nsendsigned "res_state statp" "const u_char *msg" "int msglen" "ns_tsig_key *key" "u_char *answer" "int anslen" -.Fn res_findzonecut "res_state statp" "const char *dname" "ns_class class" "int options" "char *zname" "size_t zsize" "struct in_addr *addrs" "int naddrs" -.Fn res_nsendupdate "res_state statp" "ns_updrec *rrecp_in" "ns_tsig_key *key" "char *zname" "struct in_addr addr" -.Fn dn_comp "const char *exp_dn" "u_char *comp_dn" "int length" "u_char **dnptrs, **lastdnptr" -.Fn dn_expand "const u_char *msg, *eomorig, *comp_dn" "char *exp_dn" "int length" -.Fn hstrerror "int err" -.Sh DEPRECATED -.nr nS 1 -.Fd #include <sys/types.h> -.Fd #include <netinet/in.h> -.Fd #include <arpa/nameser.h> -.Fd #include <resolv.h> -.Fn res_init "void" -.Fn res_isourserver "const struct sockaddr_in *addr" -.Fn p_nquery "const u_char *msg" "int msglen" "FILE *fp" -.Fn p_query "const u_char *msg" "FILE *fp" -.Fn hostalias "const char *name" -.Fn res_query "const char *dname" "int class, type" "u_char *answer" "int anslen" -.Fn res_search "const char *dname" "int class, type" "u_char *answer" "int anslen" -.Fn res_querydomain "const char *name" "const char *domain" "int class" "int type" "u_char *answer" "int anslen" -.Fn res_mkquery "int op" "const char *dname, int class, type" "const char *data" "int datalen" "struct rrec *newrr" "u_char *buf" "int buflen" -.Fn res_send "const u_char *msg" "int msglen" "u_char *answer" "int anslen" -.Fn res_update "ns_updrec *rrecp_in" -.Fn res_close "void" -.Fn herror "const char *s" -.Sh DESCRIPTION -These routines are used for making, sending and interpreting -query and reply messages with Internet domain name servers. -.Pp -State information is kept in -.Fa statp -and is used to control the behavior of these functions. -.Fa statp -should be set to all zeros prior to the first call to any of these functions. -.Pp -The functions -.Fn res_init , -.Fn res_isourserver , -.Fn p_nquery , -.Fn p_query , -.Fn hostalias , -.Fn res_query , -.Fn res_search , -.Fn res_querydomain , -.Fn res_mkquery , -.Fn res_send , -.Fn res_update , -.Fn res_close -and -.Fn herror -are deprecated and are supplied for compatability with old source -code. -They use global configuration and state information that is -kept in the structure -.Ft _res -rather than that referenced through -.Ft statp . -.Pp -Most of the values in -.Ft statp -and -.Ft _res -are initialized on the first call to -.Fn res_ninit -/ -.Fn res_init -to reasonable defaults and can be ignored. -Options -stored in -.Ft statp->options -/ -.Ft _res.options -are defined in -.Pa resolv.h -and are as follows. -Options are stored as a simple bit mask containing the bitwise -.Dq OR -of the options enabled. -.Bl -tag -width "RES_DEB" -.It Dv RES_INIT -True if the initial name server address and default domain name are -initialized (i.e., -.Fn res_ninit -/ -.Fn res_init -has been called). -.It Dv RES_DEBUG -Print debugging messages. -.It Dv RES_AAONLY -Accept authoritative answers only. -should continue until it finds an authoritative answer or finds an error. -Currently this is not implemented. -.It Dv RES_USEVC -Use TCP connections for queries instead of UDP datagrams. -.It Dv RES_STAYOPEN -Used with -.Dv RES_USEVC -to keep the TCP connection open between queries. -This is useful only in programs that regularly do many queries. -UDP should be the normal mode used. -.It Dv RES_IGNTC -Ignore truncation errors, i.e., don't retry with TCP. -.It Dv RES_RECURSE -Set the recursion-desired bit in queries. -This is the default. -(\c -.Fn res_nsend -/ -.Fn res_send -does not do iterative queries and expects the name server -to handle recursion.) -.It Dv RES_DEFNAMES -If set, -.Fn res_nsearch -/ -.Fn res_search -will append the default domain name to single-component names -(those that do not contain a dot). -This option is enabled by default. -.It Dv RES_DNSRCH -If this option is set, -.Fn res_nsearch -/ -.Fn res_search -will search for host names in the current domain and in parent domains; see -.Xr hostname @DESC_EXT@ . -This is used by the standard host lookup routine -.Xr gethostbyname @LIB_NETWORK_EXT@ . -This option is enabled by default. -.It Dv RES_NOALIASES -This option turns off the user level aliasing feature controlled by -the -.Ev HOSTALIASES -environment variable. -Network daemons should set this option. -.It Dv RES_USE_INET6 -This option causes -.Xr gethostbyname @LIB_NETWORK_EXT@ -to look for AAAA records before looking for A records if none are found. -.It Dv RES_ROTATE -This options causes the -.Fn res_nsend -/ -.Fn res_send -to rotate the list of nameservers in -.Fa statp->nsaddr_list -/ -.Fa _res.nsaddr_list . -.It Dv RES_KEEPTSIG -This option causes -.Fn res_nsendsigned -to leave the message unchanged after TSIG verification; otherwise the TSIG -record would be removed and the header updated. -.El -.Pp -The -.Fn res_ninit -/ -.Fn res_init -routine -reads the configuration file (if any; see -.Xr resolver @FORMAT_EXT@ ) -to get the default domain name, search list and -the Internet address of the local name server(s). -If no server is configured, the host running the resolver is tried. -The current domain name is defined by the hostname -if not specified in the configuration file; -it can be overridden by the environment variable -.Ev LOCALDOMAIN . -This environment variable may contain several blank-separated -tokens if you wish to override the -.Dq search list -on a per-process basis. This is similar to the -.Ic search -command in the configuration file. -Another environment variable -.Pq Dq Ev RES_OPTIONS -can be set to override certain internal resolver options which are otherwise -set by changing fields in the -.Ft statp -/ -.Ft _res -structure or are inherited from the configuration file's -.Ic options -command. The syntax of the -.Dq Ev RES_OPTIONS -environment variable is explained in -.Xr resolver @FORMAT_EXT@ . -Initialization normally occurs on the first call -to one of the other resolver routines. -.Pp -The -.Fn res_nquery -/ -.Fn res_query -functions provides interfaces to the server query mechanism. -They constructs a query, sends it to the local server, -awaits a response, and makes preliminary checks on the reply. -The query requests information of the specified -.Fa type -and -.Fa class -for the specified fully-qualified domain name -.Fa dname . -The reply message is left in the -.Fa answer -buffer with length -.Fa anslen -supplied by the caller. -.Fn res_nquery -/ -.Fn res_query -return -1 on error or the length of the answer. -.Pp -The -.Fn res_nsearch -/ -.Fn res_search -routines make a query and awaits a response like -.Fn res_nquery -/ -.Fn res_query , -but in addition, it implements the default and search rules -controlled by the -.Dv RES_DEFNAMES -and -.Dv RES_DNSRCH -options. -It returns the length of the first successful reply which is stored in -.Ft answer -or -1 on error. -.Pp -The remaining routines are lower-level routines used by -.Fn res_nquery -/ -.Fn res_query . -The -.Fn res_nmkquery -/ -.Fn res_mkquery -functions -constructs a standard query message and places it in -.Fa buf . -It returns the size of the query, or \-1 if the query is -larger than -.Fa buflen . -The query type -.Fa op -is usually -.Dv QUERY , -but can be any of the query types defined in -.Pa <arpa/nameser.h> . -The domain name for the query is given by -.Fa dname . -.Fa Newrr -is currently unused but is intended for making update messages. -.Pp -The -.Fn res_nsend -/ -.Fn res_send -/ -.Fn res_nsendsigned -routines -sends a pre-formatted query and returns an answer. -It will call -.Fn res_ninit -/ -.Fn res_init -if -.Dv RES_INIT -is not set, send the query to the local name server, and -handle timeouts and retries. Additionally, -.Fn res_nsendsigned -will use TSIG signatures to add authentication to the query and verify the -response. In this case, only one nameserver will be contacted. -The length of the reply message is returned, or \-1 if there were errors. -.Pp -.Fn res_nquery -/ -.Fn res_query , -.Fn res_nsearch -/ -.Fn res_search -and -.Fn res_nsend -/ -.Fn res_send -return a length that may be bigger than -.Fa anslen . -In that case the query should be retried with a bigger buffer. -NOTE the answer to the second query may be larger still so supplying -a buffer that bigger that the answer returned by the previous -query is recommended. -.Pp -.Fa answer -MUST be big enough to receive a maximum UDP response from the server or -parts of the answer will be silently discarded. -The default maximum UDP response size is 512 bytes. -.Pp -The functions -.Fn res_nisourserver -/ -.Fn res_isourserver -return true when -.Fa inp -is one of the servers in -.Fa statp->nsaddr_list -/ -.Fa _res.nsaddr_list . -.Pp -The functions -.Fn res_npquery -/ -.Fn p_nquery -/ -.Fn p_query -print out the query and any answer in -.Fa msg -on -.Fa fp . -.Fn p_query -is equivalent to -.Fn p_nquery -with -.Fa msglen -set to 512. -.Pp -The function -.Fn fp_resstat -prints out the active flag bits in -.Fa statp->options -preceeded by the text ";; res options:" on -.Fa file . -.Pp -The functions -.Fn res_hostalias -/ -.Fn hostalias -lookup up name in the file referred to by the -.Ev HOSTALIASES files return a fully qualified hostname if found or NULL if -not found or an error occurred. -.Fn res_hostalias -uses -.Fa buf -to store the result in, -.Fn hostalias -uses a static buffer. -.Pp -The functions -.Fn res_nupdate -/ -.Fn res_update -take a list of ns_updrec -.Fa rrecp_in . -Identifies the containing zone for each record and groups the records -according to containing zone maintaining in zone order then sends and -update request to the servers for these zones. -The number of zones updated is returned or -1 on error. -.Pp -The function -.Fn res_findzonecut -discovers the closest enclosing zone cut for a specified domain name, -and finds the IP addresses of the zone's master servers. -.Pp -The function -.Fn res_nsendupdate -is used to perform TSIG authenticated dynamic update operations. -.Fn res_nsendupdate -sends a dynamic update to the specified IP address, authenticating the update -if the key is not NULL. -.Pp -The functions -.Fn res_nmkupdate -/ -.Fn res_mkupdate -take a linked list of ns_updrec -.Fa rrecp_in -and construct a UPDATE message in -.Fa buf . -.Fn res_nmkupdate -/ -.Fn res_mkupdate -return the length of the constructed message on no error or one of the -following error values. -.Bl -inset -width "-5" -.It -1 -An error occurred parsing -.Fa rrecp_in . -.It -2 -The buffer -.Fa buf -was too small. -.It -3 -The first record was not a zone section or there was a section order problem. -The section order is S_ZONE, S_PREREQ and S_UPDATE. -.It -4 -A number overflow occurred. -.It -5 -Unknown operation or no records. -.El -.Pp -The functions -.Fn res_nclose -/ -.Fn res_close -close any open files referenced through -.Fa statp -/ -.Fa _res . -.Pp -The -.Fn dn_comp -function -compresses the domain name -.Fa exp_dn -and stores it in -.Fa comp_dn . -The size of the compressed name is returned or \-1 if there were errors. -The size of the array pointed to by -.Fa comp_dn -is given by -.Fa length . -The compression uses -an array of pointers -.Fa dnptrs -to previously-compressed names in the current message. -The first pointer points to -to the beginning of the message and the list ends with -.Dv NULL . -The limit to the array is specified by -.Fa lastdnptr . -A side effect of -.Fn dn_comp -is to update the list of pointers for labels inserted into the message -as the name is compressed. If -.Fa dnptr -is -.Dv NULL , -names are not compressed. If -.Fa lastdnptr -is -.Dv NULL , -the list of labels is not updated. -.Pp -The -.Fn dn_expand -entry -expands the compressed domain name -.Fa comp_dn -to a full domain name. -The compressed name is contained in a query or reply message; -.Fa msg -is a pointer to the beginning of the message. -The uncompressed name is placed in the buffer indicated by -.Fa exp_dn -which is of size -.Fa length . -The size of compressed name is returned or \-1 if there was an error. -.Pp -The variables -.Ft statp->res_h_errno -/ -.Ft _res.res_h_errno -and external variable -.Ft h_errno -is set whenever an error occurs during resolver operation. The following -definitions are given in -.Pa <netdb.h> : -.Bd -literal -#define NETDB_INTERNAL -1 /* see errno */ -#define NETDB_SUCCESS 0 /* no problem */ -#define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ -#define TRY_AGAIN 2 /* Non-Authoritative not found, or SERVFAIL */ -#define NO_RECOVERY 3 /* Non-Recoverable: FORMERR, REFUSED, NOTIMP */ -#define NO_DATA 4 /* Valid name, no data for requested type */ -.Ed -.Pp -The -.Fn herror -function writes a message to the diagnostic output consisting of the string -parameter -.Fa s , -the constant string ": ", and a message corresponding to the value of -.Ft h_errno . -.Pp -The -.Fn hstrerror -function returns a string which is the message text corresponding to the -value of the -.Fa err -parameter. -.Sh FILES -.Bl -tag -width "/etc/resolv.conf " -.It Pa /etc/resolv.conf -See -.Xr resolver @FORMAT_EXT@ . -.El -.Sh SEE ALSO -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @FORMAT_EXT@ ; -RFC1032, RFC1033, RFC1034, RFC1035, RFC974; -SMM:11, -.Dq Name Server Operations Guide for Sy BIND diff --git a/contrib/bind/doc/man/resolver.5 b/contrib/bind/doc/man/resolver.5 deleted file mode 100644 index 21298933f0b0e..0000000000000 --- a/contrib/bind/doc/man/resolver.5 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Copyright (c) 1986 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms are permitted -.\" provided that the above copyright notice and this paragraph are -.\" duplicated in all such forms and that any documentation, -.\" advertising materials, and other materials related to such -.\" distribution and use acknowledge that the software was developed -.\" by the University of California, Berkeley. The name of the -.\" University may not be used to endorse or promote products derived -.\" from this software without specific prior written permission. -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -.\" -.\" @(#)resolver.5 5.9 (Berkeley) 12/14/89 -.\" $Id: resolver.5,v 8.6 1999/05/21 00:01:02 vixie Exp $ -.\" -.Dd November 11, 1993 -.Dt RESOLVER @FORMAT_EXT_U@ -.Os BSD 4 -.Sh NAME -.Nm resolver -.Nd resolver configuration file -.Sh SYNOPSIS -.Pa /etc/resolv.conf -.Sh DESCRIPTION -The -.Nm resolver -is a set of routines in the C library -.Pq Xr resolve @LIB_NETWORK_EXT@ -that provide access to the Internet Domain Name System. -The -.Nm resolver -configuration file contains information that is read -by the -.Nm resolver -routines the first time they are invoked by a process. -The file is designed to be human readable and contains a list of -keywords with values that provide various types of -.Nm resolver -information. -.Pp -On a normally configured system, this file should not be necessary. -The only name server to be queried will be on the local machine, -the domain name is determined from the host name, -and the domain search path is constructed from the domain name. -.Pp -The different configuration directives are: -.Bl -tag -width "nameser" -.It Li nameserver -Internet address (in dot notation) of a name server that the -.Nm resolver -should query. Up to -.Dv MAXNS -(see -.Pa <resolv.h> ) -name servers may be listed, one per keyword. -If there are multiple servers, the -.Nm resolver -library queries them in the order listed. -If no -.Li nameserver -entries are present, the default is to use the name server on the local machine. -(The algorithm used is to try a name server, and if the query times out, -try the next, until out of name servers, -then repeat trying all the name servers -until a maximum number of retries are made). -.It Li domain -Local domain name. -Most queries for names within this domain can use short names -relative to the local domain. -If no -.Li domain -entry is present, the domain is determined from the local host name returned by -.Xr gethostname @BSD_SYSCALL_EXT@ ; -the domain part is taken to be everything after the first -.Sq \&. . -Finally, if the host name does not contain a domain part, the root -domain is assumed. -.It Li search -Search list for host-name lookup. -The search list is normally determined from the local domain name; -by default, it contains only the local domain name. -This may be changed by listing the desired domain search path -following the -.Li search -keyword with spaces or tabs separating the names. -Most -.Nm resolver -queries will be attempted using each component -of the search path in turn until a match is found. -Note that this process may be slow and will generate a lot of network -traffic if the servers for the listed domains are not local, -and that queries will time out if no server is available -for one of the domains. -.Pp -The search list is currently limited to six domains -with a total of 256 characters. -.It Li sortlist -Allows addresses returned by gethostbyname to be sorted. -A -.Li sortlist -is specified by IP address netmask pairs. The netmask is -optional and defaults to the natural netmask of the net. The IP address -and optional network pairs are separated by slashes. Up to 10 pairs may -be specified. For example: -.Bd -literal -offset indent -sortlist 130.155.160.0/255.255.240.0 130.155.0.0 -.Ed -.It Li options -Allows certain internal -.Nm resolver -variables to be modified. -The syntax is -.D1 Li options Ar option ... -where -.Ar option -is one of the following: -.Bl -tag -width "ndots:n " -.It Li debug -sets -.Dv RES_DEBUG -in -.Ft _res.options . -.It Li ndots: Ns Ar n -sets a threshold for the number of dots which -must appear in a name given to -.Fn res_query -(see -.Xr resolver @LIB_NETWORK_EXT@ ) -before an -.Em initial absolute query -will be made. The default for -.Ar n -is -.Dq 1 , -meaning that if there are -.Em any -dots in a name, the name will be tried first as an absolute name before any -.Em search list -elements are appended to it. -.It Li timeout: Ns Ar n -sets the amount of time the resolver will wait for a response from a remote -name server before retrying the query via a different name server. Measured in -seconds, the default is -.Dv RES_TIMEOUT -(see -.Pa <resolv.h> ). -.It Li attempts: Ns Ar n -sets the number of times the resolver will send a query to its name servers -before giving up and returning an error to the calling application. The -default is -.Dv RES_DFLRETRY -(see -.Pa <resolv.h> ). -.It Li rotate -sets -.Dv RES_ROTATE -in -.Ft _res.options , -which causes round robin selection of nameservers from among those listed. -This has the effect of spreading the query load among all listed servers, -rather than having all clients try the first listed server first every time. -.It Li no-check-names -sets -.Dv RES_NOCHECKNAME -in -.Ft _res.options , -which disables the modern BIND checking of incoming host names and mail names -for invalid characters such as underscore (_), non-ASCII, or control characters. -.It Li inet6 -sets -.Dv RES_USE_INET6 -in -.Ft _res.options . -This has the effect of trying a AAAA query before an A query inside the -.Ft gethostbyname -function, and of mapping IPv4 responses in IPv6 ``tunnelled form'' if no -AAAA records are found but an A record set exists. -.El -.El -.Pp -The -.Li domain -and -.Li search -keywords are mutually exclusive. -If more than one instance of these keywords is present, -the last instance wins. -.Pp -The -.Li search -keyword of a system's -.Pa resolv.conf -file can be -overridden on a per-process basis by setting the environment variable -.Dq Ev LOCALDOMAIN -to a space-separated list of search domains. -.Pp -The -.Li options -keyword of a system's -.Pa resolv.conf -file can be amended on a per-process basis by setting the environment variable -.Dq Ev RES_OPTIONS to a space-separated list of -.Nm resolver -options as explained above under -.Li options . -.Pp -The keyword and value must appear on a single line, and the keyword -(e.g., -.Li nameserver ) -must start the line. The value follows the keyword, separated by white space. -.Sh FILES -.Pa /etc/resolv.conf -.Pa <resolv.h> -.Sh SEE ALSO -.Xr gethostbyname @LIB_NETWORK_EXT@ , -.Xr hostname @DESC_EXT@ , -.Xr @INDOT@named @SYS_OPS_EXT@ , -.Xr resolver @LIB_NETWORK_EXT@ , -.Xr resolver @FORMAT_EXT@ . -.Dq Name Server Operations Guide for Sy BIND diff --git a/contrib/bind/doc/man/tsig.3 b/contrib/bind/doc/man/tsig.3 deleted file mode 100644 index fa852eeceb1f2..0000000000000 --- a/contrib/bind/doc/man/tsig.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" $Id: tsig.3,v 8.2 1999/01/08 18:54:28 vixie Exp $ -.\" -.\"Copyright (c) 1995-1999 by Internet Software Consortium -.\" -.\"Permission to use, copy, modify, and distribute this software for any -.\"purpose with or without fee is hereby granted, provided that the above -.\"copyright notice and this permission notice appear in all copies. -.\" -.\"THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -.\"ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -.\"OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -.\"CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -.\"DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -.\"PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -.\"ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -.\"SOFTWARE. -.\" -.Dd January 1, 1996 -.Os BSD 4 -.Dt TSIG @SYSCALL_EXT@ -.Sh NAME -.Nm ns_sign , -.Nm ns_sign_tcp , -.Nm ns_sign_tcp_init , -.Nm ns_verify , -.Nm ns_verify_tcp , -.Nm ns_verify_tcp_init , -.Nm ns_find_tsig -.Nd TSIG system -.Sh SYNOPSIS -.Ft int -.Fo ns_sign -.Fa "u_char *msg" -.Fa "int *msglen" -.Fa "int msgsize" -.Fa "int error" -.Fa "void *k" -.Fa "const u_char *querysig" -.Fa "int querysiglen" -.Fa "u_char *sig" -.Fa "int *siglen" -.Fa "time_t in_timesigned" -.Fc -.Ft int -.Fn ns_sign_tcp "u_char *msg" "int *msglen" "int msgsize" "int error" \ - "ns_tcp_tsig_state *state" "int done" -.Ft int -.Fn ns_sign_tcp_init "void *k" "const u_char *querysig" "int querysiglen" \ - "ns_tcp_tsig_state *state" -.Ft int -.Fo ns_verify -.Fa "u_char *msg" -.Fa "int *msglen" -.Fa "void *k" -.Fa "const u_char *querysig" -.Fa "int querysiglen" -.Fa "u_char *sig" -.Fa "int *siglen" -.Fa "time_t in_timesigned" -.Fa "int nostrip" -.Fc -.Ft int -.Fn ns_verify_tcp "u_char *msg" "int *msglen" "ns_tcp_tsig_state *state" \ - "int required" -.Ft int -.Fn ns_verify_tcp_init "void *k" "const u_char *querysig" "int querysiglen" \ - "ns_tcp_tsig_state *state" -.Ft u_char * -.Fn ns_find_tsig "u_char *msg" "u_char *eom" -.Sh DESCRIPTION -The TSIG routines are used to implement transaction/request security of -DNS messages. -.Pp -.Fn ns_sign -and -.Fn ns_verify -are the basic routines. -.Fn ns_sign_tcp -and -.Fn ns_verify_tcp -are used to sign/verify TCP messages that may be split into multiple packets, -such as zone transfers, and -.Fn ns_sign_tcp_init, -.Fn ns_verify_tcp_init -initialize the state structure necessary for TCP operations. -.Fn ns_find_tsig -locates the TSIG record in a message, if one is present. -.Pp -.Fn ns_sign -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv msg -the incoming DNS message, which will be modified -.It Dv msglen -the length of the DNS message, on input and output -.It Dv msgsize -the size of the buffer containing the DNS message on input -.It Dv error -the value to be placed in the TSIG error field -.It Dv key -the (DST_KEY *) to sign the data -.It Dv querysig -for a response, the signature contained in the query -.It Dv querysiglen -the length of the query signature -.It Dv sig -a buffer to be filled with the generated signature -.It Dv siglen -the length of the signature buffer on input, the signature length on output -.El -.Pp -.Fn ns_sign_tcp -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv msg -the incoming DNS message, which will be modified -.It Dv msglen -the length of the DNS message, on input and output -.It Dv msgsize -the size of the buffer containing the DNS message on input -.It Dv error -the value to be placed in the TSIG error field -.It Dv state -the state of the operation -.It Dv done -non-zero value signifies that this is the last packet -.El -.Pp -.Fn ns_sign_tcp_init -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv k -the (DST_KEY *) to sign the data -.It Dv querysig -for a response, the signature contained in the query -.It Dv querysiglen -the length of the query signature -.It Dv state -the state of the operation, which this initializes -.El -.Pp -.Fn ns_verify -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv msg -the incoming DNS message, which will be modified -.It Dv msglen -the length of the DNS message, on input and output -.It Dv key -the (DST_KEY *) to sign the data -.It Dv querysig -for a response, the signature contained in the query -.It Dv querysiglen -the length of the query signature -.It Dv sig -a buffer to be filled with the signature contained -.It Dv siglen -the length of the signature buffer on input, the signature length on output -.It Dv nostrip -non-zero value means that the TSIG is left intact -.El -.Pp -.Fn ns_verify_tcp -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv msg -the incoming DNS message, which will be modified -.It Dv msglen -the length of the DNS message, on input and output -.It Dv state -the state of the operation -.It Dv required -non-zero value signifies that a TSIG record must be present at this step -.El -.Pp -.Fn ns_verify_tcp_init -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv k -the (DST_KEY *) to verify the data -.It Dv querysig -for a response, the signature contained in the query -.It Dv querysiglen -the length of the query signature -.It Dv state -the state of the operation, which this initializes -.El -.Pp -.Fn ns_find_tsig -.Bl -tag -width "in_timesigned" -compact -offset indent -.It Dv msg -the incoming DNS message -.It Dv msglen -the length of the DNS message -.El -.Sh RETURN VALUES -.Fn ns_find_tsig -returns a pointer to the TSIG record if one is found, and NULL otherwise. -.Pp -All other routines return 0 on success, modifying arguments when necessary. -.Pp -.Fn ns_sign -and -.Fn ns_sign_tcp -return the following errors: -.Bl -tag -width "NS_TSIG_ERROR_NO_SPACE" -compact -offset indent -.It Dv (-1) -bad input data -.It Dv (-ns_r_badkey) -The key was invalid, or the signing failed -.It Dv NS_TSIG_ERROR_NO_SPACE -the message buffer is too small. -.El -.Pp -.Fn ns_verify -and -.Fn ns_verify_tcp -return the following errors: -.Bl -tag -width "NS_TSIG_ERROR_NO_SPACE" -compact -offset indent -.It Dv (-1) -bad input data -.It Dv NS_TSIG_ERROR_FORMERR -The message is malformed -.It Dv NS_TSIG_ERROR_NO_TSIG -The message does not contain a TSIG record -.It Dv NS_TSIG_ERROR_ID_MISMATCH -The TSIG original ID field does not match the message ID -.It Dv (-ns_r_badkey) -Verification failed due to an invalid key -.It Dv (-ns_r_badsig) -Verification failed due to an invalid signature -.It Dv (-ns_r_badtime) -Verification failed due to an invalid timestamp -.It Dv ns_r_badkey -Verification succeeded but the message had an error of BADKEY -.It Dv ns_r_badsig -Verification succeeded but the message had an error of BADSIG -.It Dv ns_r_badtime -Verification succeeded but the message had an error of BADTIME -.El -.Pp -.Sh SEE ALSO -.Xr resolver 3 . -.Sh AUTHORS -Brian Wellington, TISLabs at Network Associates -.\" .Sh BUGS diff --git a/contrib/bind/doc/misc/DynamicUpdate b/contrib/bind/doc/misc/DynamicUpdate deleted file mode 100644 index fb4152c74f77b..0000000000000 --- a/contrib/bind/doc/misc/DynamicUpdate +++ /dev/null @@ -1,284 +0,0 @@ - - - Description of Dynamic Update and T_UNSPEC Code - - - - - Added by Mike Schwartz - University of Washington Computer Science Department - 11/86 - schwartz@cs.washington.edu - - - - -I have incorporated 2 new features into BIND: - 1. Code to allow (unauthenticated) dynamic updates: surrounded by - #ifdef ALLOW_UPDATES - 2. Code to allow data of unspecified type: surrounded by - #ifdef ALLOW_T_UNSPEC - -Note that you can have one or the other or both (or neither) of these -modifications running, by appropriately modifying the makefiles. Also, -the external interface isn't changed (other than being extended), i.e., -a BIND server that allows dynamic updates and/or T_UNSPEC data can -still talk to a 'vanilla' server using the 'vanilla' operations. - -The description that follows is broken into 3 parts: a functional -description of the dynamic update facility, a functional description of -the T_UNSPEC facility, and a discussion of the implementation of -dynamic updates. The implementation description is mostly intended for -those who want to make future enhancements (especially the addition of -a good authentication mechanism). If you make enhancements, I would be -interested in hearing about them. - - - - - - 1. Dynamic Update Facility - -I added this code in conjunction with my research into naming in large -heterogeneous systems. For the purposes of this research, I ignored -security issues. In other words, no authentication/authorization -mechanism exists to control updates. Authentication will hopefully be -addressed at some future point (although probably not by me). In the -mean time, BIND Internet name servers (as opposed to "private" name -server networks operating with their own port numbers, as I use in my -research) should be compiled *without* -DALLOW_UPDATES, so that the -integrity of the Internet name database won't be compromised by this -code. - - -There are 5 different dynamic update interfaces: - UPDATEA - add a resource record - UPDATED - delete a specific resource record - UPDATEDA - delete all named resource records - UPDATEM - modify a specific resource record - UPDATEMA - modify all named resource records - -These all work through the normal resolver interface, i.e., these -interfaces are opcodes, and the data in the buffers passed to -res_mkquery must conform to what is expected for the particular -operation (see the #ifdef ALLOW_UPDATES extensions to nstest.c for -example usage). - -UPDATEM is logically equivalent to an UPDATED followed by an UPDATEA, -except that the updates occur atomically at the primary server (as -usual with Domain servers, secondaries may become temporarily -inconsistent). The difference between UPDATED and UPDATEDA is that the -latter allows you to delete all RRs associated with a name; similarly -for UPDATEM and UPDATEMA. The reason for the UPDATE{D,M}A interfaces -is two-fold: - - 1. Sometimes you want to delete/modify some data, but you know you'll - only have a single RR for that data; in such a case, it's more - convenient to delete/modify the RR by just giving the name; - otherwise, you would have to first look it up, and then - delete/modify it. - - 2. It is sometimes useful to be able to delete/modify multiple RRs - this way, since one can then perform the operation atomically. - Otherwise, one would have to delete/modify the RRs one-by-one. - -One additional point to note about UPDATEMA is that it will return a -success status if there were *zero* or more RRs associated with the given -name (and the RR add succeeds), whereas UPDATEM, UPDATED, and UPDATEDA -will return a success status if there were *one* or more RRs associated -with the given name. The reason for the difference is to handle the -(probably common) case where what you want to do is set a particular -name to contain a single RR, irrespective of whether or not it was -already set. - - - - - 2. T_UNSPEC Facility - -Type T_UNSPEC allows you to store data whose layout BIND doesn't -understand. Data of this type is not marshalled (i.e., converted -between host and network representation, as is done, for example, with -Internet addresses) by BIND, so it is up to the client to make sure -things work out ok w.r.t. heterogeneous data representations. The way -I use this type is to have the client marshal data, store it, retrieve -it, and demarshal it. This way I can store arbitrary data in BIND -without having to add new code for each specific type. - -T_UNSPEC data is dumped in an ASCII-encoded, checksummed format so -that, although it's not human-readable, it at least doesn't fill the -dump file with unprintable characters. - -Type T_UNSPEC is important for my research environment, where -potentially lots of people want to store data in the name service, and -each person's data looks different. Instead of having BIND understand -the format of each of their data types, the clients define marshaling -routines and pass buffers of marshalled data to BIND; BIND never tries -to demarshal the data...it just holds on to it, and gives it back to -the client when the client requests it, and the client must then -demarshal it. - -The Xerox Network System's name service (the Clearinghouse) works this -way. The reason 'vanilla' BIND understands the format of all the data -it holds is probably that BIND is tailored for a very specific -application, and wants to make sure the data it holds makes sense (and, -for some types, BIND needs to take additional action depending on the -data's semantics). For more general purpose name services (like the -Clearinghouse and my usage of BIND), this approach is less tractable. - -See the #ifdef ALLOW_T_UNSPEC extensions to nstest.c for example usage of -this type. - - - - - - - 3. Dynamic Update Implementation Description - -This section is divided into 3 subsections: General Discussion, -Miscellaneous Points, and Known Defects. - - - - - 3.1 General Discussion - -The basic scheme is this: When an update message arrives, a call is -made to InitDynUpdate, which first looks up the SOA record for the zone -the update affects. If this is the primary server for that zone, we do -the update and then update the zone serial number (so that secondaries -will refresh later). If this is a secondary server, we forward the -update to the primary, and if that's successful, we update our copy -afterwards. If it's neither, we refuse the update. (One might think -to try to propagate the update to an authoritative server; I figured -that updates will probably be most likely within an administrative -domain anyway; this could be changed if someone has strong feelings -about it). - -Note that this mechanism disallows updates when the primary is -down, preserving the Domain scheme's consistency requirements, -but making the primary a critical point for updates. This seemed -reasonable to me because - 1. Alternative schemes must deal with potentially complex - situations involving merging of inconsistent secondary - updates - 2. Updates are presumed to be rare relative to read accesses, - so this increased restrictiveness for updates over reads is - probably not critical - -I have placed comments through out the code, so it shouldn't be -too hard to see what I did. The majority of the processing is in -doupdate() and InitDynUpdate(). Also, I added a field to the zone -struct, to keep track of when zones get updated, so that only changed -zones get checkpointed. - - - - - - 3.2 Miscellaneous Points - -I use ns_maint to call zonedump() if the database changes, to -provide a checkpointing mechanism. I use the zone refresh times to -set up ns_maint interrupts if there are either secondaries or -primaries. Hence, if there is a secondary, this interrupt can cause -zoneref (as before), and if there is a primary, this interrupt can -cause doadump. I also checkpoint if needed before shutting down. - -You can force a server to checkpoint any changed zones by sending the -maint signal (SIGALRM) to the process. Otherwise it just checkpoints -during maint. interrupts, or when being shutdown (with SIGTERM). -Sending it the dump signal causes the database to be dumped into the -(single) dump file, but doesn't checkpoint (i.e., update the boot -files). Note that the boot files will be overwritten with checkpoint -files, so if you want to preserve the comments, you should keep copies -of the original boot files separate from the versions that are actually -used. - -I disallow T_SOA updates, for several reasons: - - T_SOA deletes at the primary wont be discovered by the secondaries - until they try to request them at maint time, which will cause - a failure - - the corresponding NS record would have to be deleted at the same - time (atomically) to avoid various problems - - T_SOA updates would have to be done in the right order, or else - the primary and secondaries will be out-of-sync for that zone. -My feeling is that changing the zone topology is a weighty enough thing -to do that it should involve changing the load file and reloading all -affected servers. - -There are alot of places where bind exits due to catastrophic failures -(mainly malloc failures). I don't try to dump the database in these -places because it's probably inconsistent anyway. It's probably better -to depend on the most recent dump. - - - - - - 3.2 Known Defects - -1. I put the following comment in nlookup (db_lookup.c): - - Note: at this point, if np->n_data is NULL, we could be in one - of two situations: Either we have come across a name for which - all the RRs have been (dynamically) deleted, or else we have - come across a name which has no RRs associated with it because - it is just a place holder (e.g., EDU). In the former case, we - would like to delete the namebuf, since it is no longer of use, - but in the latter case we need to hold on to it, so future - lookups that depend on it don't fail. The only way I can see - of doing this is to always leave the namebufs around (although - then the memory usage continues to grow whenever names are - added, and can never shrink back down completely when all their - associated RRs are deleted). - - Thus, there is a problem that the memory usage will keep growing for - the situation described. You might just choose to ignore this - problem (since I don't see any good way out), since things probably - wont grow fast anyway (how many names are created and then deleted - during a single server incarnation, after all?) - - The problem is that one can't delete old namebufs because one would - want to do it from db_update, but db_update calls nlookup to do the - actual work, and can't do it there, since we need to maintain place - holders. One could make db_update not call nlookup, so we know it's - ok to delete the namebuf (since we know the call is part of a delete - call); but then there is code with alot of overlapping functionality - in the 2 routines. - - This also causes another problem: If you create a name and then do - UPDATEDA, all it's RRs get deleted, but the name remains; then, if you - do a lookup on that name later, the name is found in the hash table, - but no RRs are found for it. It then forwards the query to itself (for - some reason), and then somehow decides there is no such domain, and then - returns (with the correct answer, but after going through extra work). - But the name remains, and each time it is looked up, we go through - these same steps. This should be fixed, but I don't have time right - now (and the right answer seems to come back anyway, so it's good - enough for now). - -2. There are 2 problems that crop up when you store data (other than - T_SOA and T_NS records) in the root: - a. Can't get primary to doaxfr RRs other than SOA and NS to - secondary. - b. Upon checkpoint (zonedump), this data sometimes comes out after other - data in the root, so that (since the SOA and NS records have null - names), they will get interpreted as being records under the - other names upon the next boot up. For example, if you have a - T_A record called ABC, the checkpoint may look like: - $ORIGIN . - ABC IN A 128.95.1.3 - 99999999 IN NS UW-BORNEO. - IN SOA UW-BORNEO. SCHWARTZ.CS.WASHINGTON.EDU. - ( 50 3600 300 3600000 3600 ) - Then when booting up the next time, the SOA and NS records get - interpreted as being called "ABC" rather than the null root - name. - -3. The secondary server caches the T_A RR for the primary, and hence when - it tries to ns_forw an update, it won't find the address of the primary - using nslookup unless that T_A RR is *also* stored in the main hashtable - (by putting it in a named.db file as well as the named.ca file). - diff --git a/contrib/bind/doc/misc/FAQ.1of2 b/contrib/bind/doc/misc/FAQ.1of2 deleted file mode 100644 index 99619eb37a250..0000000000000 --- a/contrib/bind/doc/misc/FAQ.1of2 +++ /dev/null @@ -1,1602 +0,0 @@ -Newsgroups: comp.protocols.tcp-ip.domains,comp.answers,news.answers -Path: vixie!news1.digital.com!su-news-hub1.bbnplanet.com!cpk-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.mathworks.com!news.kei.com!uhog.mit.edu!rutgers!njitgw.njit.edu!hertz.njit.edu!cdp2582 -From: cdp2582@hertz.njit.edu (Chris Peckham) -Subject: comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ) (Part 1 of 2) -Message-ID: <cptd-faq-1-849940949@njit.edu> -Followup-To: comp.protocols.tcp-ip.domains -Originator: cdp2582@hertz.njit.edu -Keywords: BIND,DOMAIN,DNS -Sender: news@njit.edu -Supersedes: <cptd-faq-1-847336183@njit.edu> -Nntp-Posting-Host: hertz.njit.edu -X-Posting-Frequency: posted during the first week of each month -Reply-To: domain-faq@njit.edu (comp.protocols.tcp-ip.domains FAQ comments) -Organization: NJIT.EDU - New Jersey Institute of Technology, Newark, NJ, USA -Date: Sat, 7 Dec 1996 06:42:36 GMT -Approved: news-answers-request@MIT.EDU -Expires: Sat 11 Jan 97 02:42:29 EDT -Lines: 1582 -Xref: vixie comp.protocols.tcp-ip.domains:12904 comp.answers:22440 news.answers:85682 - -Posted-By: auto-faq 3.1.1.2 -Archive-name: internet/tcp-ip/domains-faq/part1 -Revision: 1.14 1996/12/07 06:42:05 - - -Note that this posting has been split into two parts because of its size. - -$Id: FAQ.1of2,v 8.4 1996/12/18 04:22:33 vixie Exp $ - -A new version of this document appears monthly. If this copy is more -than a month old it may be out of date. - -This FAQ is edited and maintained by Chris Peckham, <cdp@pfmc.net>. The -most recently posted version may be found for anonymous ftp from - -rtfm.mit.edu : /pub/usenet/news.answers/internet/tcp-ip/domains-faq - -It is also available in HTML from -http://www.users.pfmc.net/~cdp/cptd-faq/. - -If you can contribute any answers for items in the TODO section, please do -so by sending e-mail to <domain-faq@pfmc.net> ! If you know of any items -that are not included and you feel that they should be, send the -relevant information to <domain-faq@pfmc.net>. - -=============================================================================== - -Index - - Section 1. TO DO / UPDATES - Q1.1 Contributions needed - Q1.2 UPDATES / Changes since last posting - - Section 2. INTRODUCTION / MISCELLANEOUS - Q2.1 What is this newsgroup ? - Q2.2 More information - Q2.3 What is BIND ? - Q2.4 What is the difference between BIND and DNS ? - Q2.5 Where is the latest version of BIND located ? - Q2.6 How can I find the path taken between two systems/domains ? - Q2.7 How do you find the hostname given the TCP-IP address ? - Q2.8 How do I register a domain ? - Q2.9 How can I change the IP address of our server ? - Q2.10 Issues when changing your domain name - Q2.11 How memory and CPU does DNS use ? - Q2.12 Other things to consider when planning your servers - Q2.13 Proper way to get NS and reverse IP records into DNS - Q2.14 How do I get my address assigned from the NIC ? - Q2.15 Is there a block of private IP addresses I can use? - Q2.16 Does BIND cache negative answers (failed DNS lookups) ? - Q2.17 What does an NS record really do ? - Q2.18 DNS ports - Q2.19 What is the cache file - Q2.20 Obtaining the latest cache file - Q2.21 Selecting a nameserver/root cache - Q2.22 InterNIC and domain names - - Section 3. UTILITIES - Q3.1 Utilities to administer DNS zone files - Q3.2 DIG - Domain Internet Groper - Q3.3 DNS packet analyser - Q3.4 host - Q3.5 How can I use DNS information in my program? - Q3.6 A source of information relating to DNS - - Section 4. DEFINITIONS - Q4.1 TCP/IP Host Naming Conventions - Q4.2 What are slaves and forwarders ? - Q4.3 When is a server authoritative? - Q4.4 My server does not consider itself authoritative ! - Q4.5 NS records don't configure servers as authoritative ? - Q4.6 underscore in host-/domainnames - Q4.7 What is lame delegation ? - Q4.8 How can I see if the server is "lame" ? - Q4.9 What does opt-class field in a zone file do? - Q4.10 Top level domains - Q4.11 Classes of networks - Q4.12 What is CIDR ? - Q4.13 What is the rule for glue ? - - Section 5. CONFIGURATION - Q5.1 Changing a Secondary server to a Primary server ? - Q5.2 Moving a Primary server to another server - Q5.3 How do I subnet a Class B Address ? - Q5.4 Subnetted domain name service - Q5.5 Recommended format/style of DNS files - Q5.6 DNS on a system not connected to the Internet - Q5.7 Multiple Domain configuration - Q5.8 wildcard MX records - Q5.9 How do you identify a wildcard MX record ? - Q5.10 Why are fully qualified domain names recommended ? - Q5.11 Distributing load using named - Q5.12 Order of returned records - Q5.13 resolv.conf - Q5.14 How do I delegate authority for sub-domains ? - Q5.15 DNS instead of NIS on a Sun OS 4.1.x system - Q5.16 Patches to add functionality to BIND - Q5.17 How to serve multiple domains from one server - - Section 6. PROBLEMS - Q6.1 No address for root server - Q6.2 Error - No Root Nameservers for Class XX - Q6.3 Bind 4.9.x and MX querying? - Q6.4 Do I need to define an A record for localhost ? - Q6.5 MX records, CNAMES and A records for MX targets - Q6.6 Can an NS record point to a CNAME ? - Q6.7 Nameserver forgets own A record - Q6.8 General problems (core dumps !) - Q6.9 malloc and DECstations - Q6.10 Can't resolve names without a "." - Q6.11 Err/TO errors being reported - Q6.12 Why does swapping kill BIND ? - - Section 7. ACKNOWLEDGEMENTS - Q7.1 How is this FAQ generated ? - Q7.2 What formats are available ? - Q7.3 Contributors - -=============================================================================== - -Section 1. TO DO / UPDATES - - Q1.1 Contributions needed - Q1.2 UPDATES / Changes since last posting - ------------------------------------------------------------------------------ - -Question 1.1. Contributions needed - -Date: Fri Dec 6 00:40:00 EST 1996 - -* Expand the slave/forward section - ------------------------------------------------------------------------------ - -Question 1.2. UPDATES / Changes since last posting - -Date: Fri Dec 6 00:40:00 EST 1996 - -* The FAQ is now maintained in BFNN (Bizzare format with No Name). This - allows me to create ASCII, HTML, and GNU info (postscript coming soon) - from one source file. -* References to 4.9.4 changed to 4.9.5. -* memory/CPU usage question - removed uunet map reference. Not there... -* Minor edits of information and questions for new format. -* How do I delegate authority for sub-domains ? - edited answer - -=============================================================================== - -Section 2. INTRODUCTION / MISCELLANEOUS - - Q2.1 What is this newsgroup ? - Q2.2 More information - Q2.3 What is BIND ? - Q2.4 What is the difference between BIND and DNS ? - Q2.5 Where is the latest version of BIND located ? - Q2.6 How can I find the path taken between two systems/domains ? - Q2.7 How do you find the hostname given the TCP-IP address ? - Q2.8 How do I register a domain ? - Q2.9 How can I change the IP address of our server ? - Q2.10 Issues when changing your domain name - Q2.11 How memory and CPU does DNS use ? - Q2.12 Other things to consider when planning your servers - Q2.13 Proper way to get NS and reverse IP records into DNS - Q2.14 How do I get my address assigned from the NIC ? - Q2.15 Is there a block of private IP addresses I can use? - Q2.16 Does BIND cache negative answers (failed DNS lookups) ? - Q2.17 What does an NS record really do ? - Q2.18 DNS ports - Q2.19 What is the cache file - Q2.20 Obtaining the latest cache file - Q2.21 Selecting a nameserver/root cache - Q2.22 InterNIC and domain names - ------------------------------------------------------------------------------ - -Question 2.1. What is this newsgroup ? - -Date: Thu Dec 1 11:08:28 EST 1994 - -comp.protocols.tcp-ip.domains is the usenet newsgroup for discussion on -issues relating to the Domain Name System (DNS). - -This newsgroup is not for issues directly relating to IP routing and -addressing. Issues of that nature should be directed towards -comp.protocols.tcp-ip. - ------------------------------------------------------------------------------ - -Question 2.2. More information - -Date: Fri Dec 6 00:41:03 EST 1996 - -You can find more information concerning DNS in the following places: - -* The BOG (BIND Operations Guide) - in the BIND distribution -* The FAQ included with BIND 4.9.5 in doc/misc/FAQ -* DNS and BIND by Albitz and Liu (an O'Reilly & Associates Nutshell - handbook) -* A number of RFCs (920, 974, 1032, 1034, 1101, 1123, 1178, 1183, 1348, - 1535, 1536, 1537, 1591, 1706, 1712, 1713, 1912, 1918) -* The DNS Resources Directory (DNSRD) http://www.dns.net/dnsrd/ -* If you are having troubles relating to sendmail and DNS, you may wish to - refer to the USEnet newsgroup comp.mail.sendmail and/or the FAQ for that - newsgroup which may be found for anonymous ftp at rtfm.mit.edu : - /pub/usenet/news.answers/mail/sendmail-faq -* Information concerning some frequently asked questions relating to the - Internet (i.e., what is the InterNIC, what is an RFC, what is the IETF, - etc) may be found for anonymous ftp from ds.internic.net : /fyi/fyi4.txt - A version may also be obtained with the URL - gopher://ds.internic.net/00/fyi/fyi4.txt. -* Information on performing an initial installation of BIND may be found - using the DNS Resources Directory at - http://www.dns.net/dnsrd/docs/basic.txt -* Three other USEnet newsgroups: - - * comp.protocols.dns.bind - * comp.protocols.dns.ops - * comp.protocols.dns.std - ------------------------------------------------------------------------------ - -Question 2.3. What is BIND ? - -Date: Tue Sep 10 23:15:58 EDT 1996 - -From the BOG Introduction - - -The Berkeley Internet Name Domain (BIND) implements an Internet name -server for the BSD operating system. The BIND consists of a server (or -``daemon'') and a resolver library. A name server is a network -service that enables clients to name resources or objects and share this -information with other objects in the network. This in effect is a -distributed data base system for objects in a computer network. BIND -is fully integrated into BSD (4.3 and later releases) network programs -for use in storing and retrieving host names and address. The system -administrator can configure the system to use BIND as a replacement to -the older host table lookup of information in the network hosts file -/etc/hosts. The default configuration for BSD uses BIND. - ------------------------------------------------------------------------------ - -Question 2.4. What is the difference between BIND and DNS ? - -Date: Tue Sep 10 23:15:58 EDT 1996 - -(text provided by Andras Salamon) DNS is the Domain Name System, a set of -protocols for a distributed database that was originally designed to -replace /etc/hosts files. DNS is most commonly used by applications to -translate domain names of hosts to IP addresses. A client of the DNS is -called a resolver; resolvers are typically located in the application -layer of the networking software of each TCP/IP capable machine. Users -typically do not interact directly with the resolver. Resolvers query the -DNS by directing queries at name servers that contain parts of the -distributed database that is accessed by using the DNS protocols. In -common usage, `the DNS' usually refers just to the data in the database. - -BIND (Berkeley Internet Name Domain) is an implementation of DNS, both -server and client. Development of BIND is funded by the Internet Software -Consortium and is coordinated by Paul Vixie. BIND has been ported to -Windows NT and VMS, but is most often found on Unix. BIND source code is -freely available and very complex; most of the development on the DNS -protocols is based on this code; and most Unix vendors ship BIND-derived -DNS implementations. As a result, the BIND name server is the most widely -used name server on the Internet. In common usage, `BIND' usually refers -to the name server that is part of the BIND distribution, and sometimes to -name servers in general (whether BIND-derived or not). - ------------------------------------------------------------------------------ - -Question 2.5. Where is the latest version of BIND located ? - -Fri Dec 6 00:23:19 EST 1996 - -This information may be found at http://www.vix.com/isc/bind.html - -At this time, BIND version of 4.9.5 may be found for anonymous ftp from - -ftp.vix.com : /pub/bind/release/4.9.5/bind-4.9.5-REL.tar.gz - -Other sites that officially mirror the BIND distribution are - -* bind.fit.qut.edu.au : /pub/bind -* ftp.funet.fi : /pub/unix/tcpip/dns/bind -* ftp.univ-lyon1.fr : /pub/mirrors/unix/bind -* ftp.oleane.net : /pub/mirrors/unix/bind -* ftp.ucr.ac.cr : /pub/Unix/dns/bind -* ftp.luth.se : /pub/unix/dns/bind/beta - -You may need GNU zip, Larry Wall's patch program (if there are any patch -files), and a C compiler to get BIND running from the above mentioned -source. - -GNU zip is available for anonymous ftp from - -prep.ai.mit.edu : /pub/gnu/gzip-1.2.4.tar - -patch is available for anonymous ftp from - -prep.ai.mit.edu : /pub/gnu/patch-2.1.tar.gz - -A version of BIND for Windows NT is available for anonymous ftp from - -ftp.vix.com : /pub/bind/release/4.9.5/contrib/ntdns495relbin.zip - -and - -ftp.vix.com : /pub/bind/release/4.9.5/contrib/ntbind495rel.zip - ------------------------------------------------------------------------------ - -Question 2.6. How can I find the path taken between two systems/domains ? - -Date: Fri Dec 6 00:10:31 EST 1996 - -On a Unix system, use traceroute. If it is not available to you, you may -obtain the source source for 'traceroute', compile it and install it on -your system. - -One version of this program with additional functionality may be found for -anonymous ftp from - -ftp.nikhef.nl : /pub/network/traceroute.tar.Z - -Another version may be found for anonymous ftp from - -ftp.psc.edu : /pub/net_tools/traceroute.tar - ------------------------------------------------------------------------------ - -Question 2.7. How do you find the hostname given the TCP-IP address ? - -Date: Thu Dec 1 09:55:24 EST 1994 - -For an address a.b.c.d you can always do: - - % nslookup - > set q=ptr - > d.c.b.a.in-addr.arpa. - -Most newer version of nslookup (since 4.8.3) will recognize an address, so -you can just say: - - % nslookup a.b.c.d - -DiG will work like this also: - - % dig -x a.b.c.d - -host from the contrib/host from the bind distribution may also be used. - ------------------------------------------------------------------------------ - -Question 2.8. How do I register a domain ? - -Date: Wed Sep 4 23:59:42 EDT 1996 - -You can talk to your Internet Service Provider (ISP). They can submit the -registration for you. If you are not going to be directly connected, they -should be able to offer MX records for your domain for mail delivery (so -that mail sent to the new domain will be sent to your "standard" account). -In the case where the registration is done by the organization itself, it -still makes the whole process much easier if the ISP is approached for -secondary servers _before_ the InterNIC is approached for registration. - -For information about making the registration yourself, look to the -InterNIC (or other similar organization). - -* anonymout ftp from internic.net : /templates -* gopher://rs.internic.net/ -* http://rs.internic.net/reg/reg-forms.html -* http://www.ripe.net/ - -You will need at least two domain name servers when you register your -domain. Many ISP's are willing to provide primary and/or secondary name -service for their customers. - -Please note that the InterNIC is now charging a fee for domain names in -the "COM", "ORG", and "NET". More information may be found from the -Internic at - -http://rs.internic.net/domain-info/fee-policy.html - -Many times, registration of a domain name can be initiated by sending -e-mail to the zone contact. You can obtain the contact in the SOA record -for the country, or in a whois server: - - $ nslookup -type=SOA fr. - origin = ns1.nic.fr - mail addr = nic.nic.fr - ... - -The mail address to contact in this case is 'nic@nic.fr' (you must -substitute an '@' for the first dot in the mail addr field). - -An alternate method to obtain the e-mail address of the national NIC is -the 'whois' server at InterNIC. - -You may be requested to make your request to another email address or -using a certain information template/application. - ------------------------------------------------------------------------------ - -Question 2.9. How can I change the IP address of our server ? - -Date: Sun May 5 22:46:28 EDT 1996 - -(From Mark Andrews) Before the move. - -* Ensure you are running a modern nameserver. BIND 4.9.3-REL + Patch1 is a - good choice. -* Inform all your secondaries that you are going to change. Have them - install both the current and new addresses in their named.boot's. -* Drop the ttl of the A's associated with the nameserver to something - small (5 min is usually good). -* Drop the refesh and retry times of the zone containing the forward - records for the server. -* Configure the new reverse zone before the move and make sure it is - operational. -* On the day of the move add the new A record(s) for the server. Don't - forget to have these added to parent domains. You will look like you are - multihomed with one interface dead. - -Move the machine after gracefully terminating any other services it is -offering. Then, - -* Fixup the A's, ttl, refresh and retry counters. (If you are running an - all server EDIT out all references to the old addresses in the cache - files). -* Inform all the secondaries the move is complete. -* Inform the parents of all zones you are primary of the new NS/A pairs - for the relevent zones. -* Inform all the administators of zones you are secondaring that the - machine has moved. -* For good measure update the serial no for all zones you are primary for. - This will flush out old A's. - ------------------------------------------------------------------------------ - -Question 2.10. Issues when changing your domain name - -Date: Sun Nov 27 23:32:41 EST 1994 - -If you are changing your domain name from abc.foobar.com to foobar.net, -the forward zones are easy and there are a number of ways to do it. One -way is the following: - -Have a single db file for the 2 domains, and have a single machine be the -primary server for both abc.foobar.com and foobar.net. - -To resolve the host foo in both domains, use a single zone file which -merely uses this for the host: - -foo IN A 1.2.3.4 - -Use a "@" wherever the domain would be used ie for the SOA: - -@ IN SOA (... - -Then use this pair of lines in your named.boot: - -primary abc.foobar.com db.foobar -primary foobar.net db.foobar - -The reverse zones should either contain PTRs to both names, or to -whichever name you believe to be canonical currently. - ------------------------------------------------------------------------------ - -Question 2.11. How memory and CPU does DNS use ? - -Date: Fri Dec 6 01:07:56 EST 1996 - -It can use quite a bit ! The main thing that BIND needs is memory. It -uses very little CPU or network bandwidth. The main considerations to -keep in mind when planning are: - -* How many zones do you have and how large are they ? -* How many clients do you expect to serve and how active are they ? - -As an example, here is a snapshot of memory usage from CSIRO Division of -Mathematics and Statistics, Australia - - Named takes several days to stabalize its memory usage. - - Our main server stabalises at ~10Mb. It takes about 3 days to - reach this size from 6 M at startup. This is under Sun OS 4.1.3U1. - -As another example, here is the configuration of ns.uu.net (from late -1994): - - ns.uu.net only does nameservice. It is running a version of BIND - 4.9.3 on a Sun Classic with 96 MB of RAM, 220 MB of swap (remember - that Sun OS will reserve swap for each fork, even if it is not needed) - running Sun OS 4.1.3_U1. - - Joseph Malcolm, of Alternet, states that named generally hovers at - 5-10% of the CPU, except after a reload, when it eats it all. - ------------------------------------------------------------------------------ - -Question 2.12. Other things to consider when planning your servers - -Date: Mon Jan 2 14:24:51 EST 1995 - -When making the plans to set up your servers, you may want to also -consider the following issues: - - A) Server O/S limitations/capacities (which tend to be widely - divergent from vendor to vendor) - B) Client resolver behavior (even more widely divergent) - C) Expected query response time - D) Redundancy - E) Desired speed of change propagation - F) Network bandwidth availability - G) Number of zones/subdomain-levels desired - H) Richness of data stored (redundant MX records? HINFO records?) - I) Ease of administration desired - J) Network topology (impacts reverse-zone volume) - - Assuming a best-possible case for the factors above, particularly (A), (B), - (C), (F), (G) & (H), it would be possible to run a 1000-node domain - using a single lowly 25 or 40 MHz 386 PC with a fairly modest amount of RAM - by today's standards, e.g. 4 or 8 Meg. However, this configuration would - be slow, unreliable, and would provide no functionality beyond your basic - address-to-name and name-to-address mappings. - - Beyond that baseline case, depending on what factors listed above, - you may want look at other strategies, such splitting up the DNS - traffic among several machines strategically located, possibly larger ones, - and/or subdividing your domain itself. There are many options, tradeoffs, - and DNS architectural paradigms from which to choose. ------------------------------------------------------------------------------ - -Question 2.13. Proper way to get NS and reverse IP records into DNS - -Date: Mon Jan 2 13:03:53 EST 1995 - -Reverse domain registration is separate from forward domain registration. -Blocks of network addresses have been delegated by the InterNIC. Check if -your network a.b.c.0 is in such a block by using nslookup: - - nslookup -type=soa c.b.a.in-addr.arpa. - nslookup -type=soa b.a.in-addr.arpa. - nslookup -type=soa a.in-addr.arpa. - -One of the above should give you the information you are looking for (the -others will return with an error something like `*** No start of authority -(SOA) records available for ...') This will give you the email address of -the person to whom you should address your change request. - -If none of these works, your network probably has not been delegated by -the InterNIC and you need to contact them directly. - -CIDR has meant that the registration is delegated, but registration of -in-addr.arpa has always been separate from forward zones - and for good -reason - in that the forward and reverse zones may have different -policies, contents etc, may be served by a different set of nameservers, -and exist at different times (usually only at point of creation). There -isn't a one-to-one mapping between the two, so merging the registration -would probably cause more problems than people forgetting/not-knowing that -they had to register in-addr.arpa zones separately. For example, there -are organizations that have hundreds of networks and two or more domains, -with a sprinkling of machines from each network in each of the domains. - ------------------------------------------------------------------------------ - -Question 2.14. How do I get my address assigned from the NIC ? - -Date: Fri Dec 6 01:11:34 EST 1996 - -You should probably ask your Internet provider to give you an address. -These days, addresses are being distributed through the providers, so that -they can assign adjacent blocks of addresses to sites that go through the -same provider, to permit more efficient routing on the backbones. - -Unless you have thousands of hosts, you probably won't be able to get a -class B these days. Instead, you can get a series of class C networks. -Large requests will be queried, so be ready to provide a network plan if -you ask for more than 16 class C networks. - -If you can't do this through your Internet provider, you can look for a -subnet registration form on rs.internic.net. See the answer in this FAQ -to the question "How do I register a domain" for a URL to these forms. - ------------------------------------------------------------------------------ - -Question 2.15. Is there a block of private IP addresses I can use? - -Date: Sun May 5 23:02:49 EDT 1996 - -Yes there is. Please refer to RFC 1918: - - 1918 Address Allocation for Private Internets. Y. Rekhter, B. - Moskowitz, D. Karrenberg, G. de Groot, & E. Lear. February 1996. - (Format: TXT=22270 bytes) - -RFC 1918 documents the allocation of the following addresses for use by -``private internets'': - - 10.0.0.0 - 10.255.255.255 - 172.16.0.0 - 172.31.255.255 - 192.168.0.0 - 192.168.255.255 - ------------------------------------------------------------------------------ - -Question 2.16. Does BIND cache negative answers (failed DNS lookups) ? - -Date: Mon Jan 2 13:55:50 EST 1995 - -Yes, BIND 4.9.3 and more recent versions will cache negative answers. - ------------------------------------------------------------------------------ - -Question 2.17. What does an NS record really do ? - -Date: Wed Sep 4 22:52:18 EDT 1996 - -The NS records in your zone data file pointing to the zone's name servers -(as opposed to the servers of delegated subdomains) don't do much. -They're essentially unused, though they are returned in the authority -section of reply packets from your name servers. - -However, the NS records in the zone file of the parent domain are used to -find the right servers to query for the zone in question. These records -are more important than the records in the zone itself. - ------------------------------------------------------------------------------ - -Question 2.18. DNS ports - -Date: Fri Feb 10 15:40:10 EST 1995 - -The following table shows what TCP/UDP ports DNS uses to send and receive -queries: - - Prot Src Dst Use - udp 53 53 Queries between servers (eg, recursive queries) - Replies to above - tcp 53 53 Queries with long replies between servers, zone - transfers Replies to above - udp >1023 53 Client queries (sendmail, nslookup, etc ...) - udp 53 >1023 Replies to above - tcp >1023 53 Client queries with long replies - tcp 53 >1023 Replies to above - - Note: >1023 is for non-priv ports on Un*x clients. On other client - types, the limit may be more or less. - -Another point to keep in mind when designing filters for DNS is that a DNS -server uses port 53 both as the source and destination for it's queries. -So, a client queries an initial server from an unreserved port number to -UDP port 53. If the server needs to query another server to get the -required info, it sends a UDP query to that server with both source and -destination ports set to 53. The response is then sent with the same -src=53 dest=53 to the first server which then responds to the original -client from port 53 to the original source port number. - -The point of all this is that putting in filters to only allow UDP between -a high port and port 53 will not work correctly, you must also allow the -port 53 to port 53 UDP to get through. - -Also, ALL versions of BIND use TCP for queries in some cases. The -original query is tried using UDP. If the response is longer than the -allocated buffer, the resolver will retry the query using a TCP -connection. If you block access to TCP port 53 as suggested above, you -may find that some things don't work. - -Newer version of BIND allow you to configure a list of IP addresses from -which to allow zone transfers. This mechanism can be used to prevent -people from outside downloading your entire namespace. - ------------------------------------------------------------------------------ - -Question 2.19. What is the cache file - -Date: Fri Dec 6 01:15:22 EST 1996 - -From the "Name Server Operations Guide" - - 6.3. Cache Initialization - - 6.3.1. root.cache - - The name server needs to know the servers that - are the authoritative name servers for the root - domain of the network. To do this we have to prime - the name server's cache with the addresses of these - higher authorities. The location of this file is - specified in the boot file. ... - ------------------------------------------------------------------------------ - -Question 2.20. Obtaining the latest cache file - -Date: Fri Dec 6 01:15:22 EST 1996 - -If you have a version of dig running, you may obtain the information with -the command - - dig @a.root-servers.net. . ns - -A perl script to handle some possible problems when using this method -from behind a firewall and that can also be used to periodically obtain -the latest cache file was posted to comp.protocols.tcp-ip.domains during -early October, 1996. It was posted with the subject "Keeping db.cache -current". It is available at -http://www.users.pfmc.net/~cdp/cptd-faq/current_db_cache.txt. - -The latest cache file may also be obtained from the InterNIC via ftp or -gopher: - - ; This file is made available by InterNIC registration services - ; under anonymous FTP as - ; file /domain/named.root - ; on server FTP.RS.INTERNIC.NET - ; -OR- under Gopher at RS.INTERNIC.NET - ; under menu InterNIC Registration Services (NSI) - ; submenu InterNIC Registration Archives - ; file named.root - ------------------------------------------------------------------------------ - -Question 2.21. Selecting a nameserver/root cache - -Date: Mon Aug 5 22:54:11 EDT 1996 - -Exactly how is the a root server selected from the root cache? Does the -resolver attempt to pick the closest host or is it random or is it via -sortlist-type workings? If the root server selected is not available (for -whatever reason), will the the query fail instead of attempting another -root server in the list ? - -Every recursive BIND name server (that is, one which is willing to go out -and find something for you if you ask it something it doesn't know) will -remember the measured round trip time to each server it sends queries to. -If it has a choice of several servers for some domain (like "." for -example) it will use the one whose measured RTT is lowest. - -Since the measured RTT of all NS RRs starts at zero (0), every one gets -tried one time. Once all have responded, all RTT's will be nonzero, and -the "fastest server" will get all queries henceforth, until it slows down -for some reason. - -To promote dispersion and good recordkeeping, BIND will penalize the RTT -by a little bit each time a server is reused, and it will penalize the RTT -a _lot_ if it ever has to retransmit a query. For a server to stay "#1", -it has to keep on answering quickly and consistently. - -Note that this is something BIND does that the DNS Specification does not -mention at all. So other servers, those not based on BIND, might behave -very differently. - ------------------------------------------------------------------------------ - -Question 2.22. InterNIC and domain names - -Date: Sun Jun 2 11:23:49 EDT 1996 - -The current InterNIC policy on what to do if someone wants to use a domain -name that is already in use may be found at - -rs.internic.net : /policy/internic/internic-domain-4.txt - -or - -http://rs.internic.net/domain-info/internic-domain-4.html. - -The following information was submitted by Carl Oppedahl -<oppedahl@patents.com> : - -If the jealous party happens to have a trademark registration, it is quite -likely that the domain name owner will lose the domain name, even if they -aren't infringing the trademark. This presents a substantial risk of loss -of a domain name on only 30 days' notice. Anyone who is the manager of an -Internet-connected site should be aware of this risk and should plan for -it. - -See "How do I protect myself from loss of my domain name?" at -http://www.patents.com/weblaw.sht#domloss. - -For an example of an ISP's battle to keep its domain name, see -http://www.patents.com/nsi.sht. - -A compendium of information on the subject may be found at -http://www.law.georgetown.edu/lc/internic/domain1.html. - -=============================================================================== - -Section 3. UTILITIES - - Q3.1 Utilities to administer DNS zone files - Q3.2 DIG - Domain Internet Groper - Q3.3 DNS packet analyser - Q3.4 host - Q3.5 How can I use DNS information in my program? - Q3.6 A source of information relating to DNS - ------------------------------------------------------------------------------ - -Question 3.1. Utilities to administer DNS zone files - -Date: Wed Sep 4 22:53:53 EDT 1996 - -There are a few utilities available to ease the administration of zone -files in the DNS. - -Two common ones are h2n and makezones. Both are perl scripts. h2n is -used to convert host tables into zone data files. It is available for -anonymous ftp from - -ftp.uu.net : /published/oreilly/nutshell/dnsbind/dns.tar.Z - -makezones works from a single file that looks like a forward zone file, -with some additional syntax for special cases. It is included in the -current BIND distribution. The newest version is always available for -anonymous ftp from - -ftp.cus.cam.ac.uk : /pub/software/programs/DNS/makezones - -More information may be found using the DNS Resources Directory - -http://www.dns.net/dnsrd/. - ------------------------------------------------------------------------------ - -Question 3.2. DIG - Domain Internet Groper - -Date: Thu Dec 1 11:09:11 EST 1994 - -The latest and greatest, official, accept-no-substitutes version of the -Domain Internet Groper (DiG) is the one that comes with BIND. Get the -latest kit. - ------------------------------------------------------------------------------ - -Question 3.3. DNS packet analyser - -Date: Wed Sep 4 23:43:57 EDT 1996 - -There is a free ethernet analyser called Ethload available for PC's -running DOS. The latest filename is ETHLD104.ZIP. It understands lots of -protocols including TCP/UDP. It'll look inside there and display -DNS/BOOTP/ICMP packets etc. (Ed. note: something nice for someone to add -to tcpdump ;^) ). Depending on the ethernet controller it's given it'll -perform slightly differently. It handles NDIS/Novell/Packet drivers. It -works best with Novell's promiscuous mode drivers. A SimTel mirror site -should have the program available for anonymous ftp. One is - -ftp.coast.net : /SimTel/msdos/lan/ethld104.zip - ------------------------------------------------------------------------------ - -Question 3.4. host - -Date: Sun Dec 4 21:15:38 EST 1994 - -A section from the host man page: - - host looks for information about Internet hosts and domain - names. It gets this information from a set of intercon- - nected servers that are spread across the world. The infor- - mation is stored in the form of "resource records" belonging - to hierarchically organized "zones". - - By default, the program simply converts between host names - and Internet addresses. However, with the -t, -a and -v - options, it can be used to find all of the information about - domain names that is maintained by the domain nameserver - system. The information printed consists of various fields - of the associated resource records that were retrieved. - - The arguments can be either host names (domain names) or - numeric Internet addresses. - -'host' is compatible with both BIND 4.9 and BIND 4.8 - -'host' may be found in contrib/host in the BIND distribution. The latest -version always available for anonymous ftp from - -ftp.nikhef.nl : /pub/network/host.tar.Z - -It may also be found for anonymous ftp from - -ftp.uu.net : /networking/ip/dns/host.tar.Z - ------------------------------------------------------------------------------ - -Question 3.5. How can I use DNS information in my program? - -Date: Fri Feb 10 15:25:11 EST 1995 - -It depends on precisely what you want to do: - -* Consider whether you need to write a program at all. It may well be - easier to write a shell program (e.g. using awk or perl) to parse the - output of dig, host or nslookup. -* If all you need is names and addresses, there will probably be system - routines 'gethostbyname' and 'gethostbyaddr' to provide this - information. -* If you need more details, then there are system routines (res_query and - res_search) to assist with making and sending DNS queries. However, - these do not include a routine to parse the resulting answer (although - routines to assist in this task are provided). There is a separate - library available that will take a DNS response and unpick it into its - constituent parts, returning a C structure that can be used by the - program. The source for this library is available for anonymous ftp at - - hpux.csc.liv.ac.uk : /hpux/Networking/Admin/resparse-1.2 - ------------------------------------------------------------------------------ - -Question 3.6. A source of information relating to DNS - -Date: Tue Nov 5 23:42:21 EST 1996 - -You may find utilities and tools to help you manage your zone files -(including WWW front-ends) in the "tools" section of the DNS resources -directory: - -http://www.dns.net/dnsrd/tools.html - -There are also a number of IP management tools available. Data -Communications had an article on the subject in Sept/Oct of 1996. The -tools mentioned in the article and a few others may be found at the -following sites: - -* IP Address management, http://www.accugraph.com -* IP-Track, http://www.on.com -* NetID, http://www.isotro.com -* QIP, http://www.quadritek.com -* UName-It, http://www.esm.com - -=============================================================================== - -Section 4. DEFINITIONS - - Q4.1 TCP/IP Host Naming Conventions - Q4.2 What are slaves and forwarders ? - Q4.3 When is a server authoritative? - Q4.4 My server does not consider itself authoritative ! - Q4.5 NS records don't configure servers as authoritative ? - Q4.6 underscore in host-/domainnames - Q4.7 What is lame delegation ? - Q4.8 How can I see if the server is "lame" ? - Q4.9 What does opt-class field in a zone file do? - Q4.10 Top level domains - Q4.11 Classes of networks - Q4.12 What is CIDR ? - Q4.13 What is the rule for glue ? - ------------------------------------------------------------------------------ - -Question 4.1. TCP/IP Host Naming Conventions - -Date: Mon Aug 5 22:49:46 EDT 1996 - -One guide that may be used when naming hosts is RFC 1178, "Choosing a Name -for Your Computer", which is available via anonymous FTP from - -ftp.internic.net : /rfc/rfc1178.txt - -RFCs (Request For Comments) are specifications and guidelines for how many -aspects of TCP/IP and the Internet (should) work. Most RFCs are fairly -technical documents, and some have semantics that are hotly contested in -the newsgroups. But a few, like RFC 1178, are actually good to read for -someone who's just starting along a TCP/IP path. - ------------------------------------------------------------------------------ - -Question 4.2. What are slaves and forwarders ? - -Date: Thu Dec 1 10:32:43 EST 1994 - -"forwarders" is a list of NS records that are _prepended_ to a list of NS -records to query if the data is not available locally. This allows a rich -cache of records to be built up at a centralized location. This is good -for sites that have sporadic or very slow connections to the Internet. -(demand dial-up, for example) It's also just a good idea for very large -distributed sites to increase the chance that you don't have to go off to -the Internet to get an IP address. (sometimes for addresses across the -street!) - -"slave" modifies this to say to replace the list of NS records with the -forwarders entry, instead of prepending to it. This is for firewalled -environments, where the nameserver can't directly get out to the Internet -at all. - -"slave" is meaningless (and invalid, in late-model BINDs) without -"forwarders". "forwarders" is an entry in named.boot, and therefore -applies only to the nameserver (not to resolvers). - ------------------------------------------------------------------------------ - -Question 4.3. When is a server authoritative? - -Date: Mon Jan 2 13:15:13 EST 1995 - -In the case of BIND: - -* The server contains current data in files for the zone in question (Data - must be current for secondaries, as defined in the SOA) -* The server is told that it is authoritative for the zone, by a 'primary' - or 'secondary' keyword in /etc/named.boot. -* The server does an error-free load of the zone. - ------------------------------------------------------------------------------ - -Question 4.4. My server does not consider itself authoritative ! - -Date: Mon Jan 2 13:15:13 EST 1995 - -The question was: - - What if I have set up a DNS where there is an SOA record for - the domain, but the server still does not consider itself - authoritative. (when using nslookup and set server=the correct machine.) - It seems that something is not matching up somewhere. I suspect - that this is because the service provider has not given us control - over the IP numbers in our own domain, and so while the machine listed - has an A record for an address, there is no corresponding PTR record. -With the answer: - - That's possible too, but is unrelated to the first question. - You need to be delegated a zone before outside people will start - talking to your server. However, a server can still be authoritative - for a zone even though it hasn't been delegated authority (it's just - that only the people who use that as their server will see the data). - - A server may consider itself non-authoritative even though it's a - primary if there is a syntax error in the zone (see the list in the - previous question). ------------------------------------------------------------------------------ - -Question 4.5. NS records don't configure servers as authoritative ? - -Date: Fri Dec 6 16:13:34 EST 1996 - -Nope, delegation is a separate issue from authoritativeness. You can -still be authoritative, but not delegated. (you can also be delegated, -but not authoritative -- that's a "lame delegation") - ------------------------------------------------------------------------------ - -Question 4.6. underscore in host-/domainnames - -Date: Mon Aug 5 22:39:02 EDT 1996 - -The question is "Are underscores are allowed in host- or domainnames" ? - RFC 1033 allows them. - RFC 1035 doesn't. - RFC 1123 doesn't. - dnswalk complains about them. - - -Which RFC is the final authority these days? - -Actually RFC 1035 deals with names of machines or names of mail domains. -i.e "_" is not permitted in a hostname or on the RHS of the "@" in -local@domain. - -Underscore is permitted where ever the domain is NOT one of these types -of addresses. - -In general the DNS mostly contains hostnames and mail domainnames. This -will change as new resource record types for authenticating DNS queries -start to appear. - -The latest version of 'host' checks for illegal characters in A/MX record -names and the NS/MX target names. - -After saying all of that, remember that RFC 1123 is a Required Internet -Standard (per RFC 1720), and RFC 1033 isn't. Even RFC 1035 isn't a -required standard. Therefore, RFC 1123 wins, no contest. - -From RFC 1123, Section 2.1 - - 2.1 Host Names and Numbers - - The syntax of a legal Internet host name was specified in RFC-952 - [DNS:4]. One aspect of host name syntax is hereby changed: the - restriction on the first character is relaxed to allow either a - letter or a digit. Host software MUST support this more liberal - syntax. - - And described by Dave Barr in RFC1912: - - Allowable characters in a label for a host name are only ASCII - letters, digits, and the `-' character. Labels may not be all - numbers, but may have a leading digit (e.g., 3com.com). Labels must - end and begin only with a letter or digit. See [RFC 1035] and [RFC - 1123]. (Labels were initially restricted in [RFC 1035] to start with - a letter, and some older hosts still reportedly have problems with - the relaxation in [RFC 1123].) Note there are some Internet - hostnames which violate this rule (411.org, 1776.com). - -Finally, one more piece of information (From Paul Vixie): - - RFC 1034 says only that domain names have characters in them, though it - says so with enough fancy and indirection that it's hard to tell exactly. - - Generally, for second level domains (i.e., something you would get from - InterNIC or from the US Domain Registrar and probably other ISO 3166 - country code TLDs), RFC 952 is thought to apply. RFC 952 was about host - names rather than domain names, but the rules seemed good enough. - - <domainname> ::= <hname> - - <hname> ::= <name>*["."<name>] - <name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>] - -There has been a recent update on this subject which may be found in - -ftp.internic.net : /internet-drafts/draft-andrews-dns-hostnames-03.txt. - ------------------------------------------------------------------------------ - -Question 4.7. What is lame delegation ? - -Date: Mon Aug 5 22:45:02 EDT 1996 - -Two things are required for a lame delegation: - -* A nameserver X is delegated as authoritative for a zone. -* Nameserver X is not performing nameservice for that zone. - -Try to think of a lame delegation as a long-term condition, brought about -by a misconfiguration somewhere. Bryan Beecher's 1992 LISA paper on lame -delegations is good to read on this. The problem really lies in -misconfigured nameservers, not "lameness" brought about by transient -outages. The latter is common on the Internet and hard to avoid, while -the former is correctable. - -In order to be performing nameservice for a zone, it must have (presumed -correct) data for that zone, and it must be answering authoritatively to -resolver queries for that zone. (The AA bit is set in the flags section) - -The "classic" lame delegation case is when nameserver X is delegated as -authoritative for domain Y, yet when you ask Y about X, it returns -non-authoritative data. - -Here's an example that shows what happens most often (using dig, dnswalk, -and doc to find). - -Let's say the domain bogus.com gets registered at the NIC and they have -listed 2 primary name servers, both from their *upstream* provider: - - bogus.com IN NS ns.bogus.com - bogus.com IN NS upstream.com - bogus.com IN NS upstream1.com - -So the root servers have this info. But when the admins at bogus.com -actually set up their zone files they put something like: - - bogus.com IN NS upstream.com - bogus.com IN NS upstream1.com - -So your name server may have the nameserver info cached (which it may have -gotten from the root). The root says "go ask ns.bogus.com" since they are -authoritative - -This is usually from stuff being registered at the NIC (either nic.ddn.mil -or rs.internic.net), and then updated later, but the folks who make the -updates later never let the folks at the NIC know about it. - ------------------------------------------------------------------------------ - -Question 4.8. How can I see if the server is "lame" ? - -Date: Mon Aug 5 22:45:02 EDT 1996 - -Go to the authoritative servers one level up, and ask them who they think -is authoritative, and then go ask each one of those delegees if they think -that they themselves are authoritative. If any responds "no", then you -know who the lame delegation is, and who is delegating lamely to them. -You can then send off a message to the administrators of the level above. - -The 'lamers' script from Byran Beecher really takes care of all this for -you. It parses the lame delegation notices from BIND's syslog and -summarizes them for you. It may be found in the contrib section of the -latest BIND distribution. The latest version is available for anonymous -ftp from - -terminator.cc.umich.edu : /dns/lame-delegations/ - - If you want to actively check for lame delegations, you can use 'doc' -and 'dnswalk'. You can check things manually with 'dig'. - -The InterNIC recently announced a new lame delegation that will be in -effect on 01 October, 1996. Here is a summary: - -* After receipt/processing of a name registration template, and at random - intervals thereafter, the InterNIC will perform a DNS query via UDP - Port 53 on domain names for an SOA response for the name being - registered. -* If the query of the domain name returns a non-authoritative response - from all the listed name servers, the query will be repeated four times - over the next 30 days at random intervals approximately 7 days apart, - with notification to all listed whois and nameserver contacts of the - possible pending deletion. If at least one server answers correctly, - but one or more are lame, FYI notifications will be sent to all contacts - and checking will be discontinued. Additionally, e-mail notices will be - provided to the contact for the name servers holding the delegation to - alert them to the "lame" condition. Notifications will state explicitly - the consequences of not correcting the "lame" condition and will be - assigned a descriptive subject as follows: - - Subject: Lame Delegation Notice: DOMAIN_NAME - - The notification will include a timestamp for when the query was - performed. -* If, following 30 days, the name servers still provide no SOA response, - the name will be placed in a "hold" status and the DNS information will - no longer be propagated. The administrative contact will be notified by - postal mail and all whois contacts will be notified by e-mail, with - instructions for taking corrective action. -* Following 60 days in a "hold" status, the name will be deleted and made - available for reregistration. Notification of the final deletion will - be sent to the name server and domain name contacts listed in the NIC - database. - ------------------------------------------------------------------------------ - -Question 4.9. What does opt-class field in a zone file do? - -Date: Thu Dec 1 11:10:39 EST 1994 - -This field is the address class. From the BOG - - - ...is the address class; currently, only one class - is supported: IN for internet addresses and other - internet information. Limited support is included for - the HS class, which is for MIT/Athena ``Hesiod'' - information. ------------------------------------------------------------------------------ - -Question 4.10. Top level domains - -Date: Fri Dec 6 15:13:35 EST 1996 - -A section from RFC 1591: - - 2. The Top Level Structure of the Domain Names - - In the Domain Name System (DNS) naming of computers there is a - hierarchy of names. The root of system is unnamed. There are a set - of what are called "top-level domain names" (TLDs). These are the - generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two - letter country codes from ISO-3166. It is extremely unlikely that - any other TLDs will be created. - ------ - -[ Ed note: the ISO-3166 country codes may be found for anonymous ftp -from: - -* ftp.isi.edu : /in-notes/iana/assignments/country-codes -* ftp.ripe.net : /iso3166-codes - -] - -[ Ed note: Since the Internic started charging for registration services, -(and for other reasons) there are a number of groups that want to offer -an alternative to registering a domain under a "standard" TLD. More -information on some of these options may be found at: - -* http://www.alternic.net/ -* http://www.eu.org/ -* http://www.ml.org/mljoin.html - -You may participate in one of the discussions on iTLD proposals at - -* To sign up: http://www.newdom.com/lists -* Old postings: http://www.newdom.com/archive - -] - ------ - - ... - Under each TLD may be created a hierarchy of names. Generally, under - the generic TLDs the structure is very flat. That is, many - organizations are registered directly under the TLD, and any further - structure is up to the individual organizations. - - In the country TLDs, there is a wide variation in the structure, in - some countries the structure is very flat, in others there is - substantial structural organization. In some country domains the - second levels are generic categories (such as, AC, CO, GO, and RE), - in others they are based on political geography, and in still others, - organization names are listed directly under the country code. The - organization for the US country domain is described in RFC 1480. - - Each of the generic TLDs was created for a general category of - organizations. The country code domains (for example, FR, NL, KR, - US) are each organized by an administrator for that country. These - administrators may further delegate the management of portions of the - naming tree. These administrators are performing a public service on - behalf of the Internet community. Descriptions of the generic - domains and the US country domain follow. - - Of these generic domains, five are international in nature, and two - are restricted to use by entities in the United States. - - World Wide Generic Domains: - - COM - This domain is intended for commercial entities, that is - companies. This domain has grown very large and there is - concern about the administrative load and system performance if - the current growth pattern is continued. Consideration is - being taken to subdivide the COM domain and only allow future - commercial registrations in the subdomains. - - EDU - This domain was originally intended for all educational - institutions. Many Universities, colleges, schools, - educational service organizations, and educational consortia - have registered here. More recently a decision has been taken - to limit further registrations to 4 year colleges and - universities. Schools and 2-year colleges will be registered - in the country domains (see US Domain, especially K12 and CC, - below). - - NET - This domain is intended to hold only the computers of network - providers, that is the NIC and NOC computers, the - administrative computers, and the network node computers. The - customers of the network provider would have domain names of - their own (not in the NET TLD). - - ORG - This domain is intended as the miscellaneous TLD for - organizations that didn't fit anywhere else. Some non- - government organizations may fit here. - - INT - This domain is for organizations established by international - treaties, or international databases. - - United States Only Generic Domains: - - GOV - This domain was originally intended for any kind of government - office or agency. More recently a decision was taken to - register only agencies of the US Federal government in this - domain. State and local agencies are registered in the country - domains (see US Domain, below). - - MIL - This domain is used by the US military. - - Example country code Domain: - - US - As an example of a country domain, the US domain provides for - the registration of all kinds of entities in the United States - on the basis of political geography, that is, a hierarchy of - <entity-name>.<locality>.<state-code>.US. For example, - "IBM.Armonk.NY.US". In addition, branches of the US domain are - provided within each state for schools (K12), community - colleges (CC), technical schools (TEC), state government - agencies (STATE), councils of governments (COG),libraries - (LIB), museums (MUS), and several other generic types of - entities (see RFC 1480 for details). - - -A section from RFC 1480: - - 2. NAMING STRUCTURE - - The US Domain hierarchy is based on political geography. The - basic name space under US is the state name space, then the - "locality" name space, (like a city, or county) then - organization or computer name and so on. - - For example: - - BERKELEY.CA.US - PORTLAND.WA.US - - There is of course no problem with running out of names. - - The things that are named are individual computers. - - If you register now in one city and then move, the database can - be updated with a new name in your new city, and a pointer can - be set up from your old name to your new name. This type of - pointer is called a CNAME record. - - The use of unregistered names is not effective and causes problems - for other users. Inventing your own name and using it without - registering is not a good idea. - - In addition to strictly geographically names, some special names - are used, such as FED, STATE, AGENCY, DISTRICT, K12, LIB, CC, - CITY, and COUNTY. Several new name spaces have been created, - DNI, GEN, and TEC, and a minor change under the "locality" name - space was made to the existing CITY and COUNTY subdomains by - abbreviating them to CI and CO. A detailed description - follows. - - Below US, Parallel to States: - ----------------------------- - - "FED" - This branch may be used for agencies of the federal - government. For example: <org-name>.<city>.FED.US - - "DNI" - DISTRIBUTED NATIONAL INSTITUTES - The "DNI" branch was - created directly under the top-level US. This branch is to be used - for distributed national institutes; organizations that span state, - regional, and other organizational boundaries; that are national in - scope, and have distributed facilities. For example: - <org-name>.DNI.US. - - Name Space Within States: - ------------------------ - - "locality" - cities, counties, parishes, and townships. Subdomains - under the "locality" would be like CI.<city>.<state>.US, - CO.<county>.<state>.US, or businesses. For example: - Petville.Marvista.CA.US. - - "CI" - This branch is used for city government agencies and is a - subdomain under the "locality" name (like Los Angeles). For example: - Fire-Dept.CI.Los-Angeles.CA.US. - - "CO" - This branch is used for county government agencies and is a - subdomain under the "locality" name (like Los Angeles). For example: - Fire-Dept.CO.San-Diego.CA.US. - - "K12" - This branch may be used for public school districts. A - special name "PVT" can be used in the place of a school district name - for private schools. For example: <school-name>.K12.<state>.US and - <school-name>.PVT.K12.<state>.US. - - "CC" - COMMUNITY COLLEGES - This branch was established for all state - wide community colleges. For example: <school-name>.CC.<state>.US. - - "TEC" - TECHNICAL AND VOCATIONAL SCHOOLS - The branch "TEC" was - established for technical and vocational schools and colleges. For - example: <school-name>.TEC.<state>.US. - - "LIB" - LIBRARIES (STATE, REGIONAL, CITY, COUNTY) - This branch may - be used for libraries only. For example: <lib-name>.LIB.<state>.US. - - "STATE" - This branch may be used for state government agencies. For - example: <org-name>.STATE.<state>.US. - - "GEN" - GENERAL INDEPENDENT ENTITY - This branch is for the things - that don't fit easily into any other structure listed -- things that - might fit in to something like ORG at the top-level. It is best not - to use the same keywords (ORG, EDU, COM, etc.) that are used at the - top-level to avoid confusion. GEN would be used for such things as, - state-wide organizations, clubs, or domain parks. For example: - <org-name>.GEN.<state-code>.US. - -The application form for the US domain may be found: - -* for anonymous ftp from internic.net : /templates/us-domain-template.txt -* http://www.isi.edu/us-domain/ - -The application form for the EDU, COM, NET, ORG, and GOV domains may be -found for anonymous ftp from: - -internic.net : /templates/domain-template.txt - ------------------------------------------------------------------------------ - -Question 4.11. Classes of networks - -Date: Wed Sep 4 22:59:27 EDT 1996 - -The usage of 'classes of networks' (class A, B, C) are historical and have -been replaced by CIDR blocks on the Internet. That being said... - -An Internet Protocol (IP) address is 32 bit in length, divided into two -or three parts (the network address, the subnet address (if present), and -the host address. The subnet addresses are only present if the network -has been divided into subnetworks. The length of the network, subnet, and -host field are all variable. - -There are five different network classes. The leftmost bits indicate the -class of the network. - - # of # of - bits in bits in - network host -Class field field Internet Protocol address in binary Ranges -============================================================================ - A 7 24 0NNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH 1-127.x.x.x - B 14 16 10NNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH 128-191.x.x.x - C 22 8 110NNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH 192-223.x.x.x - D NOTE 1 1110xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx 224-239.x.x.x - E NOTE 2 11110xxx.xxxxxxxx.xxxxxxxx.xxxxxxxx 240-247.x.x.x - - where N represents part of the network address and H represents part of - the host address. When the subnet address is defined, the needed bits - are assigned from the host address space. - - NOTE 1: Reserved for multicast groups - RFC 1112 - NOTE 2: Reserved for future use - - 127.0.0.1 is reserved for local loopback. - ------------------------------------------------------------------------------ - -Question 4.12. What is CIDR ? - -Date: Tue Nov 5 23:47:29 EST 1996 - -CIDR is "Classless Inter-Domain Routing (CIDR). From RFC 1517: - - ...Classless Inter-Domain Routing (CIDR) attempts to deal with - these problems by defining a mechanism to slow the growth of - routing tables and reduce the need to allocate new IP network - numbers. - -Much more information may be obtained in RFCs 1467, 1517, 1518, 1520; -with primary reference 1519. - -Also please see the CIDR FAQ at - -* http://www.ibm.net.il/~hank/cidr.html -* http://www.rain.net/faqs/cidr.faq.html -* http://www.lab.unisource.ch/services/internet/direct/cidr.html - ------------------------------------------------------------------------------ - -Question 4.13. What is the rule for glue ? - -Date: Fri Apr 28 13:31:24 EDT 1995 - -A glue record is an A record for a name that appears on the right-hand -side of a NS record. So, if you have this: - - - sub.foobar.com. IN NS dns.sub.foobar.com. - dns.sub.foobar.com. IN A 1.2.3.4 - -then the second record is a glue record (for the NS record above it). - -You need glue records when -- and only when -- you are delegating -authority to a nameserver that "lives" in the domain you are delegating -*and* you aren't a secondary server for that domain. - -In other words, in the example above, you need to add an A record for -dns.sub.foobar.com since it "lives" in the domain it serves. This boot -strapping information is necessary: How are you supposed to find out the -IP address of the nameserver for domain FOO if the nameserver for FOO -"lives" in FOO? - -If you have this NS record: - - sub.foobar.com. IN NS dns.xyz123.com. - -you do NOT need a glue record, and, in fact, adding one is a very bad -idea. If you add one, and then the folks at xyz123.com change the -address, then you will be passing out incorrect data. - -Also, unless you actually have a machine called something.IN-ADDR.ARPA, -you will never have any glue records present in any of your "reverse" -files. - -There is also a sort of implicit glue record that can be useful (or -confusing :^) ). If the parent server (abc.foobar.com domain in example -above) is a secondary server for the child, then the A record will be -fetched from the child server when the zone transfer is done. The glue is -still there but it's a little different, it's in the ip address in the -named.boot line instead of explicitly in the data. In this case you can -leave out the explicit glue A record and leave the manually configured -"glue" in just the one place in the named.boot file. - -RFC 1537 says it quite nicely: - - 2. Glue records - - Quite often, people put unnecessary glue (A) records in their - zone files. Even worse is that I've even seen *wrong* glue records - for an external host in a primary zone file! Glue records need only - be in a zone file if the server host is within the zone and there - is no A record for that host elsewhere in the zone file. - - Old BIND versions ("native" 4.8.3 and older versions) showed the - problem that wrong glue records could enter secondary servers in - a zone transfer. - - -The remainder of the FAQ is in the next part (Part 2 of 2). - diff --git a/contrib/bind/doc/misc/FAQ.2of2 b/contrib/bind/doc/misc/FAQ.2of2 deleted file mode 100644 index 40e16494b5bfb..0000000000000 --- a/contrib/bind/doc/misc/FAQ.2of2 +++ /dev/null @@ -1,1298 +0,0 @@ -Newsgroups: comp.protocols.tcp-ip.domains,comp.answers,news.answers -Path: vixie!news1.digital.com!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cam-news-hub1.bbnplanet.com!news.mathworks.com!news.kei.com!uhog.mit.edu!rutgers!njitgw.njit.edu!hertz.njit.edu!cdp2582 -From: cdp2582@hertz.njit.edu (Chris Peckham) -Subject: comp.protocols.tcp-ip.domains Frequently Asked Questions (FAQ) (Part 2 of 2) -Message-ID: <cptd-faq-2-849940949@njit.edu> -Followup-To: comp.protocols.tcp-ip.domains -Originator: cdp2582@hertz.njit.edu -Keywords: BIND,DOMAIN,DNS -Sender: news@njit.edu -Supersedes: <cptd-faq-2-847336183@njit.edu> -Nntp-Posting-Host: hertz.njit.edu -X-Posting-Frequency: posted during the first week of each month -Reply-To: domain-faq@njit.edu (comp.protocols.tcp-ip.domains FAQ comments) -Organization: NJIT.EDU - New Jersey Institute of Technology, Newark, NJ, USA -References: <cptd-faq-1-849940949@njit.edu> -Date: Sat, 7 Dec 1996 06:42:49 GMT -Approved: news-answers-request@MIT.EDU -Expires: Sat 11 Jan 97 02:42:29 EDT -Lines: 1277 -Xref: vixie comp.protocols.tcp-ip.domains:12905 comp.answers:22441 news.answers:85683 - -Posted-By: auto-faq 3.1.1.2 -Archive-name: internet/tcp-ip/domains-faq/part2 -Revision: 1.13 1996/12/07 06:42:15 - - -(Continued from Part 1, where you'll find the introduction and -table of contents.) - - -=============================================================================== - -Section 5. CONFIGURATION - - Q5.1 Changing a Secondary server to a Primary server ? - Q5.2 Moving a Primary server to another server - Q5.3 How do I subnet a Class B Address ? - Q5.4 Subnetted domain name service - Q5.5 Recommended format/style of DNS files - Q5.6 DNS on a system not connected to the Internet - Q5.7 Multiple Domain configuration - Q5.8 wildcard MX records - Q5.9 How do you identify a wildcard MX record ? - Q5.10 Why are fully qualified domain names recommended ? - Q5.11 Distributing load using named - Q5.12 Order of returned records - Q5.13 resolv.conf - Q5.14 How do I delegate authority for sub-domains ? - Q5.15 DNS instead of NIS on a Sun OS 4.1.x system - Q5.16 Patches to add functionality to BIND - Q5.17 How to serve multiple domains from one server - ------------------------------------------------------------------------------ - -Question 5.1. Changing a Secondary server to a Primary server ? - -Date: Fri Jul 5 23:54:35 EDT 1996 - -For 4.8.3, it's prudent to kill and restart following any changes to -named.boot. - -In BIND 4.9.3, you only have to kill and restart named if you change a -primary zone to a secondary or v-v, or if you delete a zone and remain -authoritative for its parent. Every other case should be taken care of by -a HUP. (Ed. note: 4.9.3b9 may still require you to kill and restart the -server due to some bugs in the HUP code). - -You will also need to update the server information on the root servers. -You can do this by filing a new domain registration form to inform -InterNIC of the change. They will then update the root server's SOA -records. This process usually takes 10-12 business days after they -receive the request. - ------------------------------------------------------------------------------ - -Question 5.2. Moving a Primary server to another server - -Date: Fri Jul 5 23:54:35 EDT 1996 - -The usual solution is to move the primary to ns.newserver.com, and have -ns.oldserver.com be configured as a secondary server until the change to -the root servers takes place after the request has been made to the -InterNIC. - -If you are moving to a different ISP which will change your IP's, the -recommened setting for the SOA that would minimize problems for your name -servers using the old settings can be done as follows: - -Gradually lower the TTL value in your SOA (that's the last one of the five -numbers) to always be equal to the time left until you change over. -(assuming that none of your resource records have individual TTL's set, if -so, do likewise witht them.) So, the day before, lower to 43200 seconds -(12 hours). Then lower every few hours to be the time remaining until -the change-over. So, an hour before the change, you may just want to -lower it all the way to 60 seconds or so. That way no one can cache -information past the change-over. - -After the change, start gradually incrementing the TTL value, because -you'll probably be making changes to work out problems. Once everything -stabilizes, move the TTL up to whatever your normal values are. - -To minimize name servers from using the "old settings", you can do the -same thing with the "refresh" interval in the SOA (the second number of -the SOA). That will tell the secondaries to refresh every X seconds. -Lower that value as you approach the changeover date. You probably don't -want to go much below an hour or you'll start the primary thrashing as all -the secondaries perpetually refresh. - -Also see the answer to the "How can I change the IP address of our server -?" in the INTRODUCTION section. - ------------------------------------------------------------------------------ - -Question 5.3. How do I subnet a Class B Address ? - -Date: Fri Apr 28 13:34:52 EDT 1995 - -That you need to subnet at all is something of a misconception. You can -also think of a class B network as giving you 65,534 individual hosts, and -such a network will work. You can also configure your class B as 16,384 -networks of 2 hosts each. That's obviously not very practical, but it -needs to be made clear that you are not constrained by the size of an -octet (remember that many older devices would not work in a network -configured in this manner). - -So, the question is: why do you need to subnet? One reason is that it is -easier to manage a subnetted network, and in fact, you can delegate the -responsibility for address space management to local administrators on the -various subnets. Also, IP based problems will end up localized rather -than affecting your entire network. - -If your network is a large backbone with numerous segments individually -branching off the backbone, that too suggests subnetting. - -Subnetting can also be used to improve routing conditions. - -You may wish to partition your network to disallow certain protocols on -certain segments of your net. You can, for example, restrict IP or IPX to -certain segments only by adding a router routing high level protocols, -and across the router you may have to subnet. - -Finally, as far as how many subnets you need depends on the answer to the -above question. As far as subnet masks are concerned, the mask can be -anything from 255.0.0.0 to 255.255.255.252. You'll probably be looking at -9 or 10 bits for the subnet (last octet 128 or 192 respectively). RFC -1219 discusses the issue of subnetting very well and leaves the network -administrator with a large amount of flexibility for future growth. - ------------------------------------------------------------------------------ - -Question 5.4. Subnetted domain name service - -Date: Mon Aug 5 23:00:16 EDT 1996 - -If you are looking for some examples of handling subnetted class C -networks as separate DNS domains, see the Internet Draft - -draft-ietf-cidrd-classless-inaddr-02.txt - -for more information. This file is available for anonymous ftp at - -ds.internic.net : -/internet-drafts/draft-ietf-cidrd-classless-inaddr-02.txt - -or other IETF mirror sites (ftp.is.ca.za [Africa], nic.nordu.net [Europe], -munnari.oz.au [Pacific Rim], ds.internic.net [US East Coast], or -ftp.isi.edu [US West Coast]). - -Details follow- You need to delegate down to the fourth octet, so you will -have one domain per IP address ! Here is how you can subdelegate a -in-addr.arpa address for non-byte aligned subnet masks: - -Take as an example the net 192.1.1.x, and example subnet mask -255.255.255.240. - -We first define the domain for the class C net, - - $origin 1.1.192.in-addr.arpa - @ SOA (usual stuff) - @ ns some.nameserver - ns some.other.nameserver - ; delegate a subdomain - one ns one.nameserver - ns some.nameserver - ; delegate another - two ns two.nameserver - ns some.nameserver - ; CNAME pointers to subdomain one - 0 CNAME 0.one - 1 CNAME 1.one - ; through - 15 CNAME 15.one - ; CNAME pointers to subdomain two - 16 CNAME 16.two - 17 CNAME 17.two - 31 CNAME 31.two - ; CNAME as many as required. - -Now, in the delegated nameserver, one.nameserver - - $origin one.1.1.192.in-addr.arpa - @ SOA (usual stuff) - NS one.nameserver - NS some.nameserver ; secondary for us - 0 PTR onenet.one.domain - 1 PTR onehost.one.domain - ; through - 15 PTR lasthost.one.domain - -And similar for the two.1.1.192.in-addr.arpa delegated domain. - -There is additional documentation and a perl script that may be used for -this purpose available for anonymous ftp from: - -ftp.vix.com : /pub/bind/contrib/gencidrzone - ------------------------------------------------------------------------------ - -Question 5.5. Recommended format/style of DNS files - -Date: Sun Nov 27 23:32:41 EST 1994 - -This answer is quoted from an article posted by Paul Vixie: - - I've gone back and forth on the question of whether the BOG should - include a section on this topic. I know what I myself prefer, but - I'm wary of ramming my own stylistic preferences down the throat of - every BOG reader. But since you ask :-)... - - Create /var/named. If your system is too old to have a /var, either - create one or use /usr/local/adm/named instead. Put your named.boot - in it, and make /etc/named.boot a symlink to it. If your system - doesn't have symlinks, you're S-O-L (but you knew that). In - named.boot, put a "directory" directive that specifies your actual - BIND working directory: - - directory /var/named - - All relative pathnames used in "primary", "secondary", and "cache" - directives will be evaluated relative to this directory. Create two - subdirectories, /var/named/pri and /var/named/sec. Whenever you add - a "primary" directive to your named.boot, use "pri/WHATEVER" as the - path name. And then put the primary zone file into "pri/WHATEVER". - Likewise when you add "secondary" directives, use "sec/WHATEVER" and - BIND (really named-xfer) will create the files in that - subdirectory. - - (Variations: (1) make a midlevel directory "zones" and put "pri" and - "sec" into it; (2) if you tend to pick up a lot of secondaries from - a few hosts, group them together in their own subdirectories -- - something like /var/named/zones/uucp if you're a UUCP Project name - server.) - - For your forward files, name them after the zone. dec.com becomes - "/var/named/zones/pri/dec.com". For your reverse files, name them - after the network number. 0.1.16.in-addr.arpa becomes - "/var/named/zones/pri/16.1.0". - - When creating or maintaining primary zone files, try to use the same - SOA values everywhere, except for the serial number which varies per - zone. Put a $ORIGIN directive at the top of the primary zone file, - not because its needed (it's not since the default origin is the - zone named in the "primary" directive) but because it make it easier - to remember what you're working on when you have a lot of primary - zones. Put some comments up there indicating contact information - for the real owner if you're proxying. Use RCS and put the "Id" - in a ";" comment near the top of the zone file. - - The SOA and other top level information should all be listed - together. But don't put IN on every line, it defaults nicely. For - example: - -============== -@ IN SOA gw.home.vix.com. postmaster.vix.com. ( - 1994082501 ; serial - 3600 ; refresh (1 hour) - 1800 ; retry (30 mins) - 604800 ; expire (7 days) - 3600 ) ; minimum (1 hour) - - NS gw.home.vix.com. - NS ns.uu.net. - NS uucp-gw-1.pa.dec.com. - NS uucp-gw-2.pa.dec.com. - - MX 10 gw.home.vix.com. - MX 20 uucp-gw-1.pa.dec.com. - MX 20 uucp-gw-1.pa.dec.com. -============== - - I don't necessarily recommend those SOA values. Not every zone is - as volatile as the example shown. I do recommend that serial number - format; it's in date format with a 2-digit per-day revision number. - This format will last us until 2147 A.D. at which point I expect a - better solution will have been found :-). (Note that it would last - until 4294 A.D. except that there are some old BINDs out there that - use a signed quantity for representing serial number interally; I - suppose that as long as none of these are still running after 2047 - A.D., that we can use the above serial number format until 4294 - A.D., at which point a better solution will HAVE to be found.) - - You'll note that I use a tab stop for "IN" even though I never again - specify it. This leaves room for names longer than 7 bytes without - messing up the columns. You might also note that I've put the MX - priority and destination in the same tab stop; this is because both - are part of the RRdata and both are very different from MX which is - an RRtype. Some folks seem to prefer to group "MX" and the priority - together in one tab stop. While this looks neat it's very confusing - to newcomers and for them it violates the law of least - astonishment. - - If you have a multi-level zone (one which contains names that have - dots in them), you can use additional $ORIGIN statements but I - recommend against it since there is no "back" operator. That is, - given the above example you can add: - -============= -$ORIGIN home -gw A 192.5.5.1 -============= - - The problem with this is that subsequent RR's had better be - somewhere under the "home.vix.com" name or else the $ORIGIN that - introduces them will have to use a fully qualified name. FQDN - $ORIGIN's aren't bad and I won't be mad if you use them. - Unqualified ones as shown above are real trouble. I usually stay - away from them and just put the whole name in: - -============= -gw.home A 192.5.5.1 -============= - - In your reverse zones, you're usually in some good luck because the - owner name is usually a single short token or sometimes two. - -============= -$ORIGIN 5.5.192.in-addr.arpa. -@ IN SOA ... - NS ... -1 PTR gw.home.vix.com. -========================================= -$ORIGIN 1.16.in-addr.arpa. -@ IN SOA ... - NS ... -2.0 PTR gatekeeper.dec.com. -============= - - It is usually pretty hard to keep your forward and reverse zones in - synch. You can avoid that whole problem by just using "h2n" (see - the ORA book, DNS and BIND, and its sample toolkit, included in the - BIND distribution or on ftp.uu.net (use the QUOTE SITE EXEC INDEX - command there to find this -- I never can remember where it's at). - "h2n" and many tools like it can just read your old /etc/hosts file - and churn it into DNS zone files. (May I recommend - contrib/decwrl/mkdb.pl from the BIND distribution?) However, if you - (like me) prefer to edit these things by hand, you need to follow - the simple convention of making all of your holes consistent. If - you use 192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in - your forward file you will have something like - -============= -... -gw.home A 192.5.5.1 -;avail A 192.5.5.2 -pc.home A 192.5.5.3 -============= - - and in your reverse file you will have something like - -============= -... -1 PTR gw.home.vix.com. -;2 PTR avail -3 PTR pc.home.vix.com. -============= - - This convention will allow you to keep your sanity and make fewer - errors. Any kind of automation (h2n, mkdb, or your own - perl/tcl/awk/python tools) will help you maintain a consistent - universe even if it's also a complex one. Editing by hand doesn't - have to be deadly but you MUST take care. - ------------------------------------------------------------------------------ - -Question 5.6. DNS on a system not connected to the Internet - -Date: Sun Nov 27 23:32:41 EST 1994 - -You need to create your own root domain name server until you connect to -the internet. Your roots need to delegate to mydomain.com and any -in-addr.arpa subdomains you might have, and that's about it. As soon as -you're connected, rip out the fake roots and use the real ones. - -It does not actually have to be another server pretending to be the root. -You can set up the name server so that it is primary for each domain above -you and leave them empty (i.e. you are foo.bar.com - claim to be primary -for bar.com and com) - -If you connect intermittently and want DNS to work when you are connected, -and "fail" when you are not, you can point the resolver at the name server -at the remote site and if the connection (SLIP/PPP) isn't up, the resolver -doesn't have a route to the remote server and since there's only one name -server in resolv.conf, the resolver quickly backs off the using -/etc/hosts. No problem. You could do the same with multiple name server -and a resolver that did configurable /etc/hosts fallback. - ------------------------------------------------------------------------------ - -Question 5.7. Multiple Domain configuration - -Date: Fri Dec 2 15:40:49 EST 1994 - -If you want to have multiple domain names pointing to the same -destination, such as: - - ftp ftp.biff.com connects user to -> ftp.biff.com - ftp ftp.fred.com connects user to -> ftp.biff.com - ftp ftp.bowser.com connects user to -> ftp.biff.com - -You may do this by using CNAMEs: - - ftp.bowser.com. IN CNAME ftp.biff.com. - -You can also do the same thing with multiple A records. - ------------------------------------------------------------------------------ - -Question 5.8. wildcard MX records - -Date: Sun Nov 27 23:32:41 EST 1994 - -Does BIND not understand wildcard MX records such as the following? - - *.foo.com MX 0 mail.foo.com. - -No. It just doesn't work. - -Explicit RR's at one level of specificity will, by design, "block" a -wildcard at a lesser level of specificity. I suspect that you have an RR -(an A RR, perhaps?) for "bar.foo.com" which is blocking the application of -your "*.foo.com" wildcard. The initial MX query is thus failing (NOERROR -but an answer count of 0), and the backup query finds the A RR for -"bar.foo.com" and uses it to deliver the mail directly (which is what you -DIDN'T want it to do). Adding an explicit MX RR for the host is therefore -the right way to handle this situation. - -See RFC 1034, Section 4.3.3 ("Wildcards") for more information on this -"blocking" behavior, along with an illustrative example. See also RFC 974 -for an explanation of standard mailer behavior in the face of an "empty" -response to one's MX query. - -Basically, what it boils down to is, there is no point in trying to use a -wildcard MX for a host which is otherwise listed in the DNS. - -It just doesn't work. - ------------------------------------------------------------------------------ - -Question 5.9. How do you identify a wildcard MX record ? - -Date: Thu Dec 1 11:10:39 EST 1994 - -You don't really need to "identify" a wildcard MX RR. The precedence for -u@dom is: - - exact match MX - exact match A - wildcard MX - -One way to implement this is to query for ("dom",IN,MX) and if the answer -name that comes back is "*." something, you know it's a wildcard, -therefore you know there is no exact match MX, and you therefore query for -("dom",IN,A) and if you get something, use it. if you don't, use the -previous wildcard response. - -RFC 974 explains this pretty well. - ------------------------------------------------------------------------------ - -Question 5.10. Why are fully qualified domain names recommended ? - -Date: Sun Nov 27 23:32:41 EST 1994 - -The documentation for BIND 4.9.2 says that the hostname should be set to -the full domain style name (i.e host.our.domain rather than host). What -advantages are there in this, and are there any adverse consequences if we -don't? - -Paul Vixie likes to do it :-) He lists a few reasons - - -* Sendmail can be configured to just use Dj$w rather than Dj$w.mumble - where "mumble" is something you have to edit in by hand. Granted, most - people use "mumble" elsewhere in their config files ("tack on local - domain", etc) but why should it be a requirement ? -* The real reason is that not doing it violates a very useful invariant: - gethostbyname(gethostname) == gethostbyaddr(primary_interface_address) - - If you take an address and go "backwards" through the PTR's with it, - you'll get a FQDN, and if you push that back through the A RR's, you get - the same address. Or you should. Many multi-homed hosts violate this - uncaringly. - - If you take a non-FQDN hostname and push it "forwards" through the A - RR's, you get an address which, if you push it through the PTR's, comes - back as a FQDN which is not the same as the hostname you started with. - Consider the fact that, absent NIS/YP, there is no "domainname" command - analogous to the "hostname" command. (NIS/YP's doesn't count, of - course, since it's sometimes-but-only-rarely the same as the Internet - domain or subdomain above a given host's name.) The "domain" keyword in - resolv.conf doesn't specify the parent domain of the current host; it - specifies the default domain of queries initiated on the current host, - which can be a very different thing. (As of RFC 1535 and BIND 4.9.2's - compliance with it, most people use "search" in resolv.conf, which - overrides "domain", anyway.) - - What this means is that there is NO authoritative way to - programmatically discover your host's FQDN unless it is set in the - hostname, or unless every application is willing to grovel the "netstat - -in" tables, find what it hopes is the primary address, and do a PTR - query on it. - - FQDN /bin/hostnames are, intuitively or not, the simplest way to go. - ------------------------------------------------------------------------------ - -Question 5.11. Distributing load using named - -Date: Wed Mar 1 11:04:43 EST 1995 - -When you attempt to distribute the load on a system using named, the first -response be cached, and then later queries use the cached value (This -would be for requests that come through the same server). Therefore, it -can be useful to use a lower TTL on records where this is important. You -can use values like 300 or 500 seconds. - -If your local caching server has ROUND_ROBIN, it does not matter what the -authoritative servers have -- every response from the cache is rotated. - -But if it doesn't, and the authoritative server site is depending on this -feature (or the old "shuffle-A") to do load balancing, then if one doesn't -use small TTLs, one could conceivably end up with a really nasty -situation, e.g., hundreds of workstations at a branch campus pounding on -the same front end at the authoritative server's site during class -registration. - -Not nice. - -Paul Vixie has an example of the ROUND_ROBIN code in action. Here is -something that he wrote regarding his example: - - >I want users to be distributed evenly among those 3 hosts. - - Believe it or not :-), BIND offers an ugly way to do this. I offer - for your collective amusement the following snippet from the - ugly.vix.com zone file: - - hydra cname hydra1 - cname hydra2 - cname hydra3 - hydra1 a 10.1.0.1 - a 10.1.0.2 - a 10.1.0.3 - hydra2 a 10.2.0.1 - a 10.2.0.2 - a 10.2.0.3 - hydra3 a 10.3.0.1 - a 10.3.0.2 - a 10.3.0.3 - - Note that having multiple CNAME RR's at a given name is - meaningless according to the DNS RFCs but BIND doesn't mind (in - fact it doesn't even complain). If you call - gethostbyname("hydra.ugly.vix.com") (try it!) you will get - results like the following. Note that there are two round robin - rotations going on: one at ("hydra",CNAME) and one at each - ("hydra1",A) et al. I used a layer of CNAME's above the layer of - A's to keep the response size down. If you don't have nine - addresses you probably don't care and would just use a pile of - CNAME's pointing directly at real host names. - - {hydra.ugly.vix.com - name: hydra2.ugly.vix.com - aliases: hydra.ugly.vix.com - addresses: 10.2.0.2 10.2.0.3 10.2.0.1 - - {hydra.ugly.vix.com - name: hydra3.ugly.vix.com - aliases: hydra.ugly.vix.com - addresses: 10.3.0.2 10.3.0.3 10.3.0.1 - - {hydra.ugly.vix.com - name: hydra1.ugly.vix.com - aliases: hydra.ugly.vix.com - addresses: 10.1.0.2 10.1.0.3 10.1.0.1 - - {hydra.ugly.vix.com - name: hydra2.ugly.vix.com - aliases: hydra.ugly.vix.com - addresses: 10.2.0.3 10.2.0.1 10.2.0.2 - - {hydra.ugly.vix.com - name: hydra3.ugly.vix.com - aliases: hydra.ugly.vix.com - addresses: 10.3.0.3 10.3.0.1 10.3.0.2 - ------------------------------------------------------------------------------ - -Question 5.12. Order of returned records - -Sorting, is the *resolver's* responsibility. RFC 1123: - - - 6.1.3.4 Multihomed Hosts - - When the host name-to-address function encounters a host - with multiple addresses, it SHOULD rank or sort the - addresses using knowledge of the immediately connected - network number(s) and any other applicable performance or - history information. - - DISCUSSION: - The different addresses of a multihomed host generally - imply different Internet paths, and some paths may be - preferable to others in performance, reliability, or - administrative restrictions. There is no general way - for the domain system to determine the best path. A - recommended approach is to base this decision on local - configuration information set by the system - administrator. - -In BIND 4.9.x's resolver code, the "sortlist" directive in resolv.conf -can be used to configure this. - ------------------------------------------------------------------------------ - -Question 5.13. resolv.conf - -Date: Fri Feb 10 15:46:17 EST 1995 - -The question was asked one time, "Why should I use 'real' IP addresses in -/etc/resolv.conf and not 0.0.0.0 or 127.0.0.1" ? - -Paul Vixie writes on the issue of the contents of resolv.conf: - - It's historical. Some kernels can't unbind a UDP socket's source - address, and some resolver versions (notably not including BIND - 4.9.2 or 4.9.3's) try to do this. The result can be wide area - network traffic with 127.0.0.1 as the source address. Rather than - giving out a long and detailed map of version/vendor combinations of - kernels/BINDs that have/don't this problem, I just tell folks not to - use 127.0.0.1 at all. - - 0.0.0.0 is just an alias for the first interface address assigned - after a system boot, and if that interface is a up-and-down point to - point link (PPP, SLIP, whatever), there's no guarantee that you'll - be able to reach yourself via 0.0.0.0 during the entire lifetime of - any system instance. On most kernels you can finesse this by adding - static routes to 127.0.0.1 for each of your interface addresses, but - some kernels don't like that trick and rather than give a detailed - map of which ones work and which ones don't, I just globally - recommend against 0.0.0.0. - - If you know enough to know that 127.0.0.1 or 0.0.0.0 is safe on your - kernel and resolver, then feel free to use them. If you don't know - for sure that it is safe, don't use them. I never use them (except - on my laptop, whose hostname is "localhost" and whose 0.0.0.0 is - 127.0.0.1 since I ifconfig my lo0 before any other interface). The - operational advantage to using a real IP address rather than an - wormhole like 0.0.0.0 or 127.0.0.1, is that you can then "rdist" or - otherwise share identical copies of your resolv.conf on all the - systems on any given subnet, not all of which will be servers. - -The problem was with older versions of the resolver (4.8.X). If you -listed 127.0.0.1 as the first entry in resolv.conf, and for whatever -reason the local name server wasn't running and the resolver fell back to -the second name server listed, it would send queries to the name server -with the source IP address set to 127.0.0.1 (as it was set when the -resolver was trying to send to 127.0.0.1--you use the loopback address to -send to the loopback address). - ------------------------------------------------------------------------------ - -Question 5.14. How do I delegate authority for sub-domains ? - -Date: Sat Dec 7 02:04:17 EST 1996 - -When you start having a very big domain that can be broken into logical -and separate entities that can look after their own DNS information, you -will probably want to do this. Maintain a central area for the things -that everyone needs to see and delegate the authority for the other parts -of the organization so that they can manage themselves. - -Another essential piece of information is that every domain that exists -must have it NS records associated with it. These NS records denote the -name servers that are queried for information about that zone. For your -zone to be recognized by the outside world, the server responsible for the -zone above you must have created a NS record for your your new servers -(NOTE that the new servers DO NOT have to be in the new domain). For -example, putting the computer club onto the network and giving them -control over their own part of the domain space we have the following. - -The machine authorative for gu.uwa.edu.au is mackerel and the machine -authorative for ucc.gu.uwa.edu.au is marlin. - -in mackerel's data for gu.uwa.edu.au we have the following - - @ IN SOA ... - IN A 130.95.100.3 - IN MX mackerel.gu.uwa.edu.au. - IN MX uniwa.uwa.edu.au. - - marlin IN A 130.95.100.4 - - ucc IN NS marlin.gu.uwa.edu.au. - IN NS mackerel.gu.uwa.edu.au. - -Marlin is also given an IP in our domain as a convenience. If they blow -up their name serving there is less that can go wrong because people can -still see that machine which is a start. You could place "marlin.ucc" in -the first column and leave the machine totally inside the ucc domain as -well. - -The second NS line is because mackerel will be acting as secondary name -server for the ucc.gu domain. Do not include this line if you are not -authorative for the information included in the sub-domain. - ------------------------------------------------------------------------------ - -Question 5.15. DNS instead of NIS on a Sun OS 4.1.x system - -Date: Sat Dec 7 01:14:17 EST 1996 - -Comments relating to running bind 4.9.x on a Sun OS 4.1.x system and the -effect on sendmail, ftp, telnet and other TCP/IP services bypassing NIS -and directly using named is documented quite well in the -comp.sys.sun.admin FAQ in questions one and two. You can get them from: - -* ftp.ece.uc.edu : /pub/sun-faq/FAQs/sun-faq.general -* http://www.cis.ohio-state.edu/hypertext/faq/usenet/comp-sys-sun-faq - -as well as from rtfm.mit.edu in the usual place, etc. - ------------------------------------------------------------------------------ - -Question 5.16. Patches to add functionality to BIND - -Date: Tue Nov 5 23:53:47 EST 1996 - -There are others, but these are listed here: - -* When using the round robin DNS and assigning 3 IPs to a host (for - example), a process to guarantee that all 3 IPs are reachable may be - found at - http://www-leland.stanford.edu/~schemers/docs/lbnamed/lbnamed.html - -* Patches for 4.9.3-REL that will support the IPv6 AAAA record format may - be found at ftp.inria.fr : /network/ipv6/ - -* A patch for 4.9.3-REL that will allow you to turn off forwarding of - information from my server may be found at ftp.vix.com : - /pub/bind/release/4.9.3/contrib/noforward.tar.gz - -* How do I tell a server to listen to a particular interface to listen and - respond to DNS queries on ? - - Mark Andrews has a patch that will tell a 4.9.4 server to listen to a - particular interface and respond to DNS queries. It may be found at an - unofficial location: http://www.ultra.net/~jzp/andrews.patch.txt - ------------------------------------------------------------------------------ - -Question 5.17. How to serve multiple domains from one server - -Date: Tue Nov 5 23:44:02 EST 1996 - -Most name server implementations allow information about multiple domains -to be kept on one server, and questions about those domains to be -answered by that one server. For instance, there are many large servers -on the Internet that each serve information about more than 1000 -different domains. - -To be completely accurate, a server contains information about zones, -which are parts of domains that are kept as a single unit. [Ed note: for -a definition of zones and domains, see Section 2: The Name Service in the -"Name Server Operations Guide" included with the BIND 4.9.5 distribution.] - -In the configuration of the name server, the additional zones need to be -specified. An important consideration is whether a particular server is -primary or secondary for any specific zone--a secondary server maintains -only a copy of the zone, periodically refreshing its copy from another, -specified, server. In BIND, to set up a server as a secondary server for -the x.y.z zone, to the configuration file /etc/named.boot add the line - - secondary x.y.z 10.0.0.1 db.x.y.z - -where 10.0.0.1 is the IP address of the server that the zone will be -copied from, and db.x.y.z is a local filename that will contain the copy -of the zone. - -If this is a question related to how to set up multiple IP numbers on one -system, which you do not need to do to act as a domain server for -multiple domains, see - -http://www.thesphere.com/%7Edlp/TwoServers/. - -=============================================================================== - -Section 6. PROBLEMS - - Q6.1 No address for root server - Q6.2 Error - No Root Nameservers for Class XX - Q6.3 Bind 4.9.x and MX querying? - Q6.4 Do I need to define an A record for localhost ? - Q6.5 MX records, CNAMES and A records for MX targets - Q6.6 Can an NS record point to a CNAME ? - Q6.7 Nameserver forgets own A record - Q6.8 General problems (core dumps !) - Q6.9 malloc and DECstations - Q6.10 Can't resolve names without a "." - Q6.11 Err/TO errors being reported - Q6.12 Why does swapping kill BIND ? - ------------------------------------------------------------------------------ - -Question 6.1. No address for root server - -Date: Mon Jan 2 13:49:43 EST 1995 - -Q: I've been getting the following messages lately from bind-4.9.2.. - ns_req: no address for root server - -We are behind a firewall and have the following for our named.cache file - - - ; list of servers - . 99999999 IN NS POBOX.FOOBAR.COM. - 99999999 IN NS FOOHOST.FOOBAR.COM. - foobar.com. 99999999 IN NS pobox.foobar.com. -You can't do that. Your nameserver contacts POBOX.FOOBAR.COM, gets the -correct list of root servers from it, then tries again and fails because -of your firewall. - -You will need a 'forwarder' definition, to ensure that all requests are -forwarded to a host which can penetrate the firewall. And it is unwise to -put phony data into 'named.cache'. - ------------------------------------------------------------------------------ - -Question 6.2. Error - No Root Nameservers for Class XX - -Date: Sun Nov 27 23:32:41 EST 1994 - -Q: I've received errors before about "No root nameservers for class XX" - but they've been because of network connectivity problems. - I believe that Class 1 is Internet Class data. - And I think I heard someone say that Class 4 is Hesiod?? - Does anyone know what the various Class numbers are? -From RFC 1700: - - DOMAIN NAME SYSTEM PARAMETERS - The Internet Domain Naming System (DOMAIN) includes several - parameters. These are documented in [RFC1034] and [RFC1035]. The - CLASS parameter is listed here. The per CLASS parameters are - defined in separate RFCs as indicated. - - Domain System Parameters: - - Decimal Name References - -------- ---- ---------- - 0 Reserved [PM1] - 1 Internet (IN) [RFC1034,PM1] - 2 Unassigned [PM1] - 3 Chaos (CH) [PM1] - 4 Hesoid (HS) [PM1] - 5-65534 Unassigned [PM1] - 65535 Reserved [PM1] - -DNS information for RFC 1700 was taken from -ftp.isi.edu : /in-notes/iana/assignments/dns-parameters - -Hesiod is class 4, and there are no official root nameservers for class 4, -so you can safely declare yourself one if you like. You might want to -put up a packet filter so that no one outside your network is capable of -making Hesiod queries of your machines, if you define yourself to be a -root nameserver for class 4. - ------------------------------------------------------------------------------ - -Question 6.3. Bind 4.9.x and MX querying? - -Date: Sun Nov 27 23:32:41 EST 1994 - -If you query a 4.9.x DNS server for MX records, a list of the MX records -as well as a list of the authorative nameservers is returned. This -happens because bind 4.9.2 returns the list of nameserver that are -authorative for a domain in the response packet, along with their IP -addresses in the additional section. - ------------------------------------------------------------------------------ - -Question 6.4. Do I need to define an A record for localhost ? - -Date: Sat Sep 9 00:36:01 EDT 1995 - -Somewhere deep in the BOG (BIND Operations Guide) that came with 4.9.3 -(section 5.4.3), it says that you define this yourself (if need be) in -the same zone files as your "real" IP addresses for your domain. Quoting -the BOG: - - - ... As implied by this PTR - record, there should be a ``localhost.my.dom.ain'' - A record (with address 127.0.0.1) in every domain - that contains hosts. ``localhost.'' will lose its - trailing dot when 1.0.0.127.in-addr.arpa is queried - for;... - -The sample files in the BIND distribution show you what needs to be done -(see the BOG). - -Some HP boxen (especially those running HP OpenView) will also need -"loopback" defined with this IP address. You may set it as a CNAME -record pointing to the "localhost." record. - ------------------------------------------------------------------------------ - -Question 6.5. MX records, CNAMES and A records for MX targets - -Date: Sun Nov 27 23:32:41 EST 1994 - -The O'Reilly "DNS and Bind" book warns against using non-canonical names -in MX records, however, this warning is given in the context of mail hubs -that MX to each other for backup purposes. How does this apply to mail -spokes. RFC 974 has a similar warning, but where is it specifically -prohibited to us an alias in an MX record ? - -Without the restrictions in the RFC, a MTA must request the A records for -every MX listed to determine if it is in the MX list then reduce the list. -This introduces many more lookups than would other wise be required. If -you are behind a 1200 bps link YOU DON'T WANT TO DO THIS. The addresses -associated with CNAMES are not passed as additional data so you will force -additional traffic to result even if you are running a caching server -locally. - -There is also the problem of how does the MTA find all of it's IP -addresses. This is not straight forward. You have to be able to do this is -you allow CNAMEs (or extra A's) as MX targets. - -The letter of the law is that an MX record should point to an A record. - -There is no "real" reason to use CNAMEs for MX targets or separate As for -nameservers any more. CNAMEs for services other than mail should be used -because there is no specified method for locating the desired server yet. - -People don't care what the names of MX targets are. They're invisible to -the process anyway. If you have mail for "mary" redirected to "sue" is -totally irrelevant. Having CNAMEs as the targets of MX's just needlessly -complicates things, and is more work for the resolver. - -Having separate A's for nameservers like "ns.your.domain" is pointless -too, since again nobody cares what the name of your nameserver is, since -that too is invisible to the process. If you move your nameserver from -"mary.your.domain" to "sue.your.domain" nobody need care except you and -your parent domain administrator (and the InterNIC). Even less so for -mail servers, since only you are affected. - -Q: Given the example - - - hello in cname realname - mailx in mx 0 hello - - Now, while reading the operating manual of bind it clearly states - that this is *not* valid. These two statements clearly contradict - each other. Is there some later rfc than 974 that overrides what is - said in there with respect to MX and CNAMEs? Anyone have the - reference handy? - -A: This isn't what the BOG says at all. See below. You can have a CNAME - that points to some other RR type; in fact, all CNAMEs have to point - to other names (Canonical ones, hence the C in CNAME). What you - can't have is an MX that points to a CNAME. MX RR's that point to - names which have only CNAME RR's will not work in many cases, and - RFC 974 intimates that it's a bad idea: - - Note that the algorithm to delete irrelevant RRs breaks if LOCAL has - a alias and the alias is listed in the MX records for REMOTE. (E.g. - REMOTE has an MX of ALIAS, where ALIAS has a CNAME of LOCAL). This - can be avoided if aliases are never used in the data section of MX - RRs. - - Here's the relevant BOG snippet: - - aliases {ttl addr-class CNAME Canonical name - ucbmonet IN CNAME monet - - The Canonical Name resource record, CNAME, speci- - fies an alias or nickname for the official, or - canonical, host name. This record should be the - only one associated with the alias name. All other - resource records should be associated with the - canonical name, not with the nickname. Any - resource records that include a domain name as - their value (e.g., NS or MX) must list the canoni- - cal name, not the nickname. - ------------------------------------------------------------------------------ - -Question 6.6. Can an NS record point to a CNAME ? - -Date: Wed Mar 1 11:14:10 EST 1995 - -Can I do this ? Is it legal ? - - - @ SOA (.........) - NS ns.host.this.domain. - NS second.host.another.domain. - ns CNAME third - third IN A xxx.xxx.xxx.xxx - -No. Only one RR type is allowed to refer, in its data field, to a CNAME, -and that's CNAME itself. So CNAMEs can refer to CNAMEs but NSs and MXs -cannot. - -BIND 4.9.3 (Beta11 and later) explicitly syslogs this case rather than -simply failing as pre-4.9 servers did. Here's a current example: - - Dec 7 00:52:18 gw named[17561]: "foobar.com IN NS" \ - points to a CNAME (foobar.foobar.com) - -Here is the reason why: - -Nameservers are not required to include CNAME records in the Additional -Info section returned after a query. It's partly an implementation -decision and partly a part of the spec. The algorithm described in RFC -1034 (pp24,25; info also in RFC 1035, section 3.3.11, p 18) says 'Put -whatever addresses are available into the additional section, using glue -RRs [if necessary]'. Since NS records are speced to contain only primary -names of hosts, not CNAMEs, then there's no reason for algorithm to -mention them. If, on the other hand, it's decided to allow CNAMEs in NS -records (and indeed in other records) then there's no reason that CNAME -records might not be included along with A records. The Additional Info -section is intended for any information that might be useful but which -isn't strictly the answer to the DNS query processed. It's an -implementation decision in as much as some servers used to follow CNAMEs -in NS references. - ------------------------------------------------------------------------------ - -Question 6.7. Nameserver forgets own A record - -Date: Fri Dec 2 16:17:31 EST 1994 - -Q: Lately, I've been having trouble with named 4.9.2 and 4.9.3. - Periodically, the nameserver will seem to "forget" its own A record, - although the other information stays intact. One theory I had was - that somehow a site that the nameserver was secondary for was - "corrupting" the A record somehow. - -A: This is invariably due to not removing ALL of the cached zones - when you moved to 4.9.X. Remove ALL cached zones and restart - your nameservers. - - You get "ignoreds" because the primaries for the relevant zones are - running old versions of BIND which pass out more glue than is - required. named-xfer trims off this extra glue. - ------------------------------------------------------------------------------ - -Question 6.8. General problems (core dumps !) - -Date: Sun Dec 4 22:21:22 EST 1994 - -Paul Vixie says: - - I'm always interested in hearing about cases where BIND dumps core. - However, I need a stack trace. Compile with -g and not -O (unless - you are using gcc and know what you are doing) and then when it - dumps core, get into dbx or gdb using the executable and the core - file and use "bt" to get a stack trace. Send it to me - <paul@vix.com> along with specific circumstances leading to or - surrounding the crash (test data, tail of the debug log, tail of the - syslog... whatever matters) and ideally you should save your core - dump for a day or so in case I have questions you can answer via - gdb/dbx. - ------------------------------------------------------------------------------ - -Question 6.9. malloc and DECstations - -Date: Mon Jan 2 14:19:22 EST 1995 - -We have replaced malloc on our DECstations with a malloc that is more -compact in memory usage, and this helped the operation of bind a lot. The -source is now available for anonymous ftp from - -ftp.cs.wisc.edu : /pub/misc/malloc.tar.gz - ------------------------------------------------------------------------------ - -Question 6.10. Can't resolve names without a "." - -(Answer written by Mark Andrews) You are not using a RFC 1535 aware -resolver. Depending upon the age of your resolver you could try adding a -search directive to resolv.conf. - - e.g. - domain <domain> - search <domain> [<domain2> ...] - -If that doesn't work you can configure you server to serve the parent and -grandparent domains as this is the default search list. - -"domain langley.af.mil" has an implicit "search langley.af.mil af.mil mil" -in the old resolvers, and you are timing out trying to resolve the -address with one of these domains tacked on. - -When resolving internic.net the following will be tried in order. - internic.net.langley.af.mil - internic.net.af.mil - internic.net.mil - internic.net. - -RFC 1535 aware resolvers try qualified address first. - - internic.net. - internic.net.langley.af.mil - internic.net.af.mil - internic.net.mil -RFC 1535 documents the problems associated with the old search -algorithim, including security issues, and how to alleviate some of the -problems. - ------------------------------------------------------------------------------ - -Question 6.11. Err/TO errors being reported - -Date: Sun May 5 23:46:32 EDT 1996 - -Why are errors like - - Apr 2 20:41:58 nameserver named[25846]: Err/TO getting serial# for - "foobar.domain1.com" - Apr 2 20:41:59 nameserver named[25846]: Err/TO getting serial# for - "foobar.domain2.com" - -reported ? These generally indicate that there is one of the following -problems: - -* A network problem between you and the primary, -* A bad IP address in named.boot, -* The primary is Lame for the zone. - -An external check to see if you can retrieve the SOA is the best way to -work out which it is. - ------------------------------------------------------------------------------ - -Question 6.12. Why does swapping kill BIND ? - -Date: Thu Jul 4 23:20:20 EDT 1996 - -The question was: - - I've been diagnosing a problem with BIND 4.9.x (where x is usually 3BETA9 - or 3REL) for several months now. I finally tracked it down to swap space - utilization on the unix boxes. - - This happens under (at least) under Linux 1.2.9 & 1.2.13, SunOS 4.1.3U1, - 4.1.1, and Solaris 2.5. The symptom is that if these machines get into - swap at all bind quits resolving most, if not all queries. Mind you that - these machines are not "swapping hard", but rather we're talking about a - several hundred K TEMPORARY deficiency. I have noticed while digging - through various archives that there is some referral to "bind thrashing - itself to death". Is this what is happening ? - -And the answer is: - - Yes it is. Bind can't tolerate having even a few pages swapped out. - The time required to send responses climbs to several seconds/request, - and the request queue fills and overflows. - - It's possible to shrink memory consumption a lot by undefining STATS - and XSTATS, and recompiling. You could nuke DEBUG too, which will - cut the code size down some, but probably not the data size. If that - doesn't do the job then it sounds like you'll need to move DNS onto a - separate box. - - BIND tends to touch all of its resident pages all of the time with - normal activity... if you look at the RSS verses the total process - size, you will always see the RSS within, usually, 90% of the total - size of the process. This means that *any* paging of named-owned - pages will stall named. Thus, a machine running a heavily accessed - named process cannot afford to swap *at all*. - - (Paul Vixie continues on this subject): - I plan to try to get BIND to exhibit slightly better locality of - reference in some future release. Of course, I can only do this if - the query names also exhibit some kind of hot spots. If someone - queries all your names often, BIND will have to touch all of its VM - pool that often. (Right now, BIND touches everything pretty often - even if you're just hammering on some hot spots -- that's the part - I'd like to fix. Malloc isn't cooperating.) - -=============================================================================== - -Section 7. ACKNOWLEDGEMENTS - - Q7.1 How is this FAQ generated ? - Q7.2 What formats are available ? - Q7.3 Contributors - ------------------------------------------------------------------------------ - -Question 7.1. How is this FAQ generated ? - -Date: Fri Dec 6 16:51:31 EST 1996 - -This FAQ is maintained in BFNN (Bizzarre Format with No Name). This -allows me to create ASCII, HTML, and GNU info (postscript coming soon) -from one source file. - -The perl script "bfnnconv.pl" that is available with the linux FAQ is used -to generate the various output files from the BFNN source. - ------------------------------------------------------------------------------ - -Question 7.2. What formats are available ? - -Date: Fri Dec 6 16:51:31 EST 1996 - -You may obtain one of the following formats for this document: - -* ASCII: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.ascii -* BFNN: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.bfnn -* GNU info: http://www.users.pfmc.net/~cdp/cptd-faq/cptd-faq.info -* HTML: http://www.users.pfmc.net/~cdp/cptd-faq/index.html - ------------------------------------------------------------------------------ - -Question 7.3. Contributors - -Date: Sat Dec 7 01:29:29 EST 1996 - -Many people have helped put this list together. Listed in e-mail address -alphabetical order, the following people have contributed to this FAQ: - -* <Benoit.Grange@inria.fr> (Benoit.Grange) -* <D.T.Shield@csc.liv.ac.uk> (Dave Shield) -* <Todd.Aven@BankersTrust.Com> -* <adam@comptech.demon.co.uk> (Adam Goodfellow) -* <andras@is.co.za> (Andras Salamon) -* <barmar@nic.near.net> (Barry Margolin) -* <barr@pop.psu.edu> (David Barr) -* <bj@herbison.com> (B.J. Herbison) -* <bje@cbr.fidonet.org> (Ben Elliston) -* <brad@birch.ims.disa.mil> (Brad Knowles) -* <ckd@kei.com> (Christopher Davis) -* <cdp2582@hertz.njit.edu> (Chris Peckham) -* <cricket@hp.com> (Cricket Liu) -* <cudep@csv.warwick.ac.uk> (Ian 'Vato' Dickinson [ID17]) -* <dillon@best.com> (Matthew Dillon) -* <dparter@cs.wisc.edu> (David Parter) -* <e07@nikhef.nl> (Eric Wassenaar) -* <fitz@think.com> (Tom Fitzgerald) -* <fwp@CC.MsState.Edu> (Frank Peters) -* <gah@cco.caltech.edu> (Glen A. Herrmannsfeldt) -* <glenn@popco.com> (Glenn Fleishman) -* <harvey@indyvax.iupui.edu> (James Harvey) -* <hubert@cac.washington.edu> (Steve Hubert) -* <ivanl@pacific.net.sg> (Ivan Leong) -* <jhawk@panix.com> (John Hawkinson) -* <jmalcolm@uunet.uu.net> (Joseph Malcolm) -* <jprovo@augustus.ultra.net> (Joe Provo) -* <kevin@cfc.com> (Kevin Darcy) -* <lamont@abstractsoft.com> (Sean T. Lamont) -* <lavondes@tidtest.total.fr> (Michel Lavondes) -* <mark@ucsalf.ac.uk> (Mark Powell) -* <marka@syd.dms.CSIRO.AU> (Mark Andrews) -* <mathias@unicorn.swi.com.sg> (Mathias Koerber) -* <mjo@iao.ford.com> (Mike O'Connor) -* <nick@flapjack.ieunet.ie> (Nick Hilliard) -* <oppedahl@popserver.panix.com> (Carl Oppedahl) -* <patrick@oes.amdahl.com> (Patrick J. Horgan) -* <paul@software.com> (Paul Wren) -* <pb@fasterix.frmug.fr.net> (Pierre Beyssac) -* <ph10@cus.cam.ac.uk> (Philip Hazel) -* <phil@netpart.com> (Phil Trubey) -* <rocky@panix.com> (R. Bernstein) -* <rv@seins.Informatik.Uni-Dortmund.DE> (Ruediger Volk) -* <shields@tembel.org> (Michael Shields) -* <tanner@george.arc.nasa.gov> (Rob Tanner) -* <vixie@vix.com> (Paul A Vixie) -* <wag@swl.msd.ray.com> (William Gianopoulos {84718) -* <whg@inel.gov> (Bill Gray) -* <wolf@pasteur.fr> (Christophe Wolfhugel) - -Thank you ! - diff --git a/contrib/bind/doc/misc/IPv6 b/contrib/bind/doc/misc/IPv6 deleted file mode 100644 index 49fc3f5ec37cc..0000000000000 --- a/contrib/bind/doc/misc/IPv6 +++ /dev/null @@ -1,72 +0,0 @@ -IPv6 notes for BIND 4.9.3 Patch 2 Candidate 5 (and later?) -Paul Vixie, May 20, 1996 -doc/misc/IPv6 - - *** Introduction *** - -The IPv6 support in this release is latent, in that its presence is not -documented. The support is not optional, since its presence ought not to -affect anyone who does not go looking for it. The support includes: - - inet_ntop() new function. - inet_pton() new function. - RES_USE_INET6 causes gethostby*() to return either real IPv6 - addresses (if available) or mapped (::FFFF:a.b.c.d) - addresses if only IPv4 address records are found. - gethostbyname() can search for T_AAAA in preference to T_A. - gethostbyaddr() can search in IP6.INT for PTR RR's. - named can load, transfer, cache, and dump T_AAAA RRs. - - *** Some notes on the new functions *** - -The inet_pton() and inet_ntop() functions differ from the current (as of -this writing) IPv6 BSD API draft. Discussions were held, primarily between -myself and Rich Stevens, on the ipng@sunroof.eng.sun.com mailing list, and -the BIND definitions of these functions are likely to go into the next draft. -(If not, and BIND has to change its definitions of these functions, then you -will know why I chose not to document them yet!) - -These functions can return error values, and as such the process of porting -code that used inet_aton() to use inet_pton() is not just syntactic. Not all -nonzero values indicate success; consider "-1". Likewise, inet_ntoa() is not -just smaller than inet_ntop() -- it's a whole new approach. Inet_ntop() does -not return a static pointer, the caller has to supply a sized buffer. Also, -inet_ntop() can return NULL, so you should only printf() the result if you -have verified that your arguments will be seen as error free. - -The inet_pton() function is much pickier about its input format than the old -inet_aton() function has been. You can't abbreviate 10.0.0.53 as 10.53 any -more. Hexadecimal isn't accepted. You have to supply four decimal numeric -strings, each of whose value is within the range from 0 to 255. No spaces -are allowed either before, after, or within an address. If you need the older -functionality with all the shortcuts and exceptions, continue using inet_aton() -for your IPv4 address parsing needs. - - *** Some notes on RES_USE_INET6 *** - -You can set this by modifying _res.options after calling res_init(), or you -can turn it on globally by setting "options inet6" in /etc/resolv.conf. This -latter option ought to be used carefully, since _all_ applications will then -receive IPv6 style h_addr_list's from their gethostby*() calls. Once you know -that every application on your system can cope with IPv6 addressing, it is safe -and reasonable to turn on the global option. Otherwise, don't do it. - - *** Some notes on mapped IPv4 addresses *** - -There are two IPv6 prefixes set aside for IPv4 address encapsulation. See -RFC 1884 for a detailed explaination. The ::a.b.c.d form is used for -tunnelling, which means wrapping an IPv4 header around IPv6 packets and using -the existing IPv4 routing infrastructure to reach what are actually IPv6 -endpoints. The ::FFFF:a.b.c.d form can be used on dual-stack (IPv4 and IPv6) -hosts to signal a predominantly IPv6 stack that it should use ``native'' IPv4 -to reach a given destination, even though the socket's address family is -AF_INET6. - -BIND supports both of these address forms, to the extent that inet_pton() will -parse them, inet_ntop() will generate them, gethostby*() will map IPv4 into -IPv6 if the RES_USE_INET6 option is set, and gethostbyaddr() will search the -IN-ADDR.ARPA domain rather than the IP6.INT domain when it needs a PTR RR. -This last bit of behaviour is still under discussion and it's not clear that -tunnelled addresses should be mapped using IN-ADDR.ARPA. In other words, this -bit of behaviour may change in a subsequent BIND release. So now you know -another reason why none of this stuff is ``officially'' documented. diff --git a/contrib/bind/doc/misc/dns-setup b/contrib/bind/doc/misc/dns-setup deleted file mode 100644 index 19f0197f7e81d..0000000000000 --- a/contrib/bind/doc/misc/dns-setup +++ /dev/null @@ -1,1081 +0,0 @@ - Setting up a basic DNS server for a domain - Revision 1.1.1 - - Craig Richmond - craig@ecel.uwa.edu.au - 15th August 1993 - - -About this document - -I have written this file because it seems that the same questions seem to -pop up time and time again and when I had to install DNS from scratch the -first time, we found very little to help us. - -This document covers setting up a Domain Name Server with authority over -your domain and using a few of the more useful but less well known -(hopefully this document will take care of that) features of nslookup to -get information about the DNS and to work out why yours isn't working. - -If you are using a Sun Workstation and you want to make NIS interact with -the DNS, then this is not the FAQ for you (but it may well be when you try -to set up the DNS). Mark J. McIntosh <Mark.McIntosh@engr.UVic.CA> points -out that it is included in the comp.sys.sun.admin FAQ and for the benefit -of those of you who can't get that (it is posted in comp.sys.sun.admin, -comp.sys.sun.misc, comp.unix.solaris, comp.answers and news.answers) I have -included the relevant parts at the bottom in appendix C. - -Contents: - - Contents - An Overview of the DNS - Installing the DNS - *The Boot File - *The Cache File - *The Forward Mapping File - *The Reverse Mapping File - Delegating authority for domains within your domain - Troubleshooting your named - *Named doesn't work! What is wrong? - *I changed my named database and my local machine has noticed, - but nobody else has the new information? - *My local machine knows about all the name server information, - but no other sites know about me? - *My forward domain names work, but the backward names do not? - How to get useful information from nslookup - *Getting number to name mappings. - *Finding where mail goes when a machine has no IP number. - *Getting a list of machines in a domain from nslookup. - Appendicies - *Appendix A sample root.cache file - *Appendix B Excerpt from RFC 1340 - Assigned Numbers - July 1992 - *Appendix C Installing DNS on a Sun when running NIS - - -An Overview of the DNS: - -The Domain Name System is the software that lets you have name to number -mappings on your computers. The name decel.ecel.uwa.edu.au is the number -130.95.4.2 and vice versa. This is achieved through the DNS. The DNS is a -heirarchy. There are a small number of root domain name servers that are -responsible for tracking the top level domains and who is under them. The -root domain servers between them know about all the people who have name -servers that are authoritive for domains under the root. - -Being authoritive means that if a server is asked about something in that -domain, it can say with no ambiguity whether or not a given piece of -information is true. For example. We have domains x.z and y.z. There are -by definition authoritive name servers for both of these domains and we -shall assume that the name server in both of these cases is a machine -called nic.x.z and nic.y.z but that really makes no difference. - -If someone asks nic.x.z whether there is a machine called a.x.z, then -nic.x.z can authoritively say, yes or no because it is the authoritive name -server for that domain. If someone asks nic.x.z whether there is a machine -called a.y.z then nic.x.z asks nic.y.z whether such a machine exists (and -caches this for future requests). It asks nic.y.z because nic.y.z is the -authoritive name server for the domain y.z. The information about -authoritive name servers is stored in the DNS itself and as long as you -have a pointer to a name server who is more knowledgable than yourself then -you are set. - -When a change is made, it propogates slowly out through the internet to -eventually reach all machines. The following was supplied by Mark Andrews -Mark.Andrews@syd.dms.csiro.au. - - If both the primary and all secondaries are up and talking when - a zone update occurs and for the refresh period after the - update the old data will live for max(refresh + mininum) - average (refresh/2 +mininum) for the zone. New information will - be available from all servers after refresh. - -So with a refresh of 3 hours and a minimum of a day, you can expect -everything to be working a day after it is changed. If you have a longer -minimum, it may take a couple of days before things return to normal. - -There is also a difference between a zone and a domain. The domain is the -entire set of machines that are contained within an organisational domain -name. For example, the domain uwa.edu.au contains all the machines at the -University of Western Australia. A Zone is the area of the DNS for which a -server is responsible. The University of Western Australia is a large -organisation and trying to track all changes to machines at a central -location would be difficult. The authoritive name server for the zone -uwa.edu.au delegates the authority for the zone ecel.uwa.edu.au to -decel.ecel.uwa.edu.au. Machine foo.ecel.uwa.edu.au is in the zone that -decel is authoritive for. Machine bar.uwa.edu.au is in the zone that -uniwa.uwa.edu.au is authoritive for. - -Installing the DNS: - -First I'll assume you already have a copy of the Domain Name Server -software. It is probably called named or in.named depending on your -flavour of unix. I never had to get a copy, but if anyone thinks that -information should be here then by all means tell me and I'll put it in. -If you intend on using the package called Bind, then you should be sure -that you get version 4.9, which is the most recent version at this point in -time. - -The Boot File: - -First step is to create the file named.boot. This describes to named -(we'll dispense with the in.named. Take them to be the same) where the -information that it requires can be found. This file is normally found in -/etc/named.boot and I personally tend to leave it there because then I know -where to find it. If you don't want to leave it there but place it in a -directory with the rest of your named files, then there is usually an -option on named to specify the location of the boot file. - -Your typical boot file will look like this if you are an unimportant leaf -node and there are other name servers at your site. - -directory /etc/namedfiles - -cache . root.cache -primary ecel.uwa.edu.au ecel.uwa.domain -primary 0.0.127.in-addr.arpa 0.0.127.domain -primary 4.95.130.in-addr.arpa 4.95.130.domain -forwarders 130.95.128.1 - -Here is an alternative layout used by Christophe Wolfhugel -<Christophe.Wolfhugel@grasp.insa-lyon.fr> He finds this easier because of -the large number of domains he has. The structure is essentially the same, -but the file names use the domain name rather than the IP subnet to -describe the contents. - -directory /usr/local/etc/bind -cache . p/root -; -; Primary servers -; -primary fr.net p/fr.net -primary frmug.fr.net p/frmug.fr.net -primary 127.in-addr.arpa p/127 -; -; Secondary servers -; -secondary ensta.fr 147.250.1.1 s/ensta.fr -secondary gatelink.fr.net 134.214.100.1 s/gatelink.fr.net -secondary insa-lyon.fr 134.214.100.1 s/insa-lyon.fr -secondary loesje.org 145.18.226.21 s/loesje.org -secondary nl.loesje.org 145.18.226.21 s/nl.loesje.org -secondary pcl.ac.uk 161.74.160.5 s/pcl.ac.uk -secondary univ-lyon1.fr 134.214.100.1 s/univ-lyon1.fr -secondary wmin.ac.uk 161.74.160.5 s/wmin.ac.uk -secondary westminster.ac.uk 161.74.160.5 s/westminster.ac.uk -; -; -; Secondary for addresses -; -secondary 74.161.in-addr.arpa 161.74.160.5 s/161.74 -secondary 214.134.in-addr.arpa 134.214.100.1 s/134.214 -secondary 250.147.in-addr.arpa 147.250.1.1 s/147.250 -; -; Classes C -; -secondary 56.44.192.in-addr.arpa 147.250.1.1 s/192.44.56 -secondary 57.44.192.in-addr.arpa 147.250.1.1 s/192.44.57 - -The lines in the named.boot file have the following meanings. - -directory - -This is the path that named will place in front of all file names -referenced from here on. If no directory is specified, it looks for files -relative to /etc. - -cache - -This is the information that named uses to get started. Named must know -the IP number of some other name servers at least to get started. -Information in the cache is treated differently depending on your version -of named. Some versions of named use the information included in the cache -permenantly and others retain but ignore the cache information once up and -running. - -primary - -This is one of the domains for which this machine is authorative for. You -put the entire domain name in. You need forwards and reverse lookups. The -first value is the domain to append to every name included in that file. -(There are some exceptions, but they will be explained later) The name at -the end of the line is the name of the file (relative to /etc of the -directory if you specified one). The filename can have slashes in it to -refer to subdirectories so if you have a lot of domains you may want to -split it up. - -BE VERY CAREFUL TO PUT THE NUMBERS BACK TO FRONT FOR THE REVERSE LOOK UP -FILE. The example given above is for the subnet ecel.uwa.edu.au whose IP -address is 130.95.4.*. The reverse name must be 4.95.130.in-addr.arpa. -It must be backwards and it must end with .in-addr.arpa. If your reverse -name lookups don't work, check this. If they still don't work, check this -again. - -forwarders - -This is a list of IP numbers for forward requests for sites about which we -are unsure. A good choice here is the name server which is authoritive for -the zone above you. - -secondary (This line is not in the example, but is worth mentioning.) - -A secondary line indicates that you wish to be a secondary name server for -this domain. You do not need to do this usually. All it does is help make -the DNS more robust. You should have at least one secondary server for -your site, but you do not need to be a secondary server for anyone else. -You can by all means, but you don't need to be. If you want to be a -secondary server for another domain, then place the line - -secondary gu.uwa.edu.au 130.95.100.3 130.95.128.1 - -in your named.boot. This will make your named try the servers on both of -the machines specified to see if it can obtain the information about those -domains. You can specify a number of IP addresses for the machines to -query that probably depends on your machine. Your copy of named will upon -startup go and query all the information it can get about the domain in -question and remember it and act as though it were authoritive for that -domain. - -Next you will want to start creating the data files that contain the name -definitions. - -The cache file: - -You can get a copy of the cache file from FTP.RS.INTERNIC.NET. The current -copy can be found in Appendix A. - -The Forward Mapping file: -The file ecel.uwa.edu.au. will be used for the example with a couple of -machines left in for the purpose of the exercise. Here is a copy of what -the file looks like with explanations following. - -; Authoritative data for ecel.uwa.edu.au -; -@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( - 93071200 ; Serial (yymmddxx) - 10800 ; Refresh 3 hours - 3600 ; Retry 1 hour - 3600000 ; Expire 1000 hours - 86400 ) ; Minimum 24 hours - IN A 130.95.4.2 - IN MX 100 decel - IN MX 150 uniwa.uwa.edu.au. - IN MX 200 relay1.uu.net. - IN MX 200 relay2.uu.net. - -localhost IN A 127.0.0.1 - -decel IN A 130.95.4.2 - IN HINFO SUN4/110 UNIX - IN MX 100 decel - IN MX 150 uniwa.uwa.edu.au. - IN MX 200 relay1.uu.net - IN MX 200 relay2.uu.net - -gopher IN CNAME decel.ecel.uwa.edu.au. - -accfin IN A 130.95.4.3 - IN HINFO SUN4/110 UNIX - IN MX 100 decel - IN MX 150 uniwa.uwa.edu.au. - IN MX 200 relay1.uu.net - IN MX 200 relay2.uu.net - -chris-mac IN A 130.95.4.5 - IN HINFO MAC-II MACOS - -The comment character is ';' so the first two lines are just comments -indicating the contents of the file. - -All values from here on have IN in them. This indicates that the value is -an InterNet record. There are a couple of other types, but all you need -concern yourself with is internet ones. - -The SOA record is the Start Of Authority record. It contains the -information that other nameservers will learn about this domain and how to -treat the information they are given about it. The '@' as the first -character in the line indicates that you wish to define things about the -domain for which this file is responsible. The domain name is found in the -named.boot file in the corresponding line to this filename. All -information listed refers to the most recent machine/domain name so all -records from the '@' until 'localhost' refer to the '@'. The SOA record -has 5 magic numbers. First magic number is the serial number. If you -change the file, change the serial number. If you don't, no other name -servers will update their information. The old information will sit around -for a very long time. - -Refresh is the time between refreshing information about the SOA (correct -me if I am wrong). Retry is the frequency of retrying if an authorative -server cannot be contacted. Expire is how long a secondary name server -will keep information about a zone without successfully updating it or -confirming that the data is up to date. This is to help the information -withstand fairly lengthy downtimes of machines or connections in the -network without having to recollect all the information. Minimum is the -default time to live value handed out by a nameserver for all records in -a zone without an explicit TTL value. This is how long the data will live -after being handed out. The two pieces of information before the 5 magic -numbers are the machine that is considered the origin of all of this -information. Generally the machine that is running your named is a good -one for here. The second is an email address for someone who can fix any -problems that may occur with the DNS. Good ones here are postmaster, -hostmaster or root. NOTE: You use dots and not '@' for the email address. - -eg root.decel.ecel.uwa.edu.au is correct - and - root@decel.ecel.uwa.edu.au is incorrect. - -We now have an address to map ecel.uwa.edu.au to. The address is -130.95.4.2 which happens to be decel, our main machine. If you try to find -an IP number for the domain ecel.uwa.edu.au it will get you the machine -decel.ecel.uwa.edu.au's IP number. This is a nicety which means that -people who have non-MX record mailers can still mail fred@ecel.uwa.edu.au -and don't have to find the name of a machine name under the domain to mail. - -Now we have a couple of MX records for the domain itself. The MX records -specify where to send mail destined for the machine/domain that the MX -record is for. In this case we would prefer if all mail for -fred@ecel.uwa.edu.au is sent to decel.ecel.uwa.edu.au. If that does not -work, we would like it to go to uniwa.uwa.edu.au because there are a number -of machines that might have no idea how to get to us, but may be able to get -to uniwa. And failing that, try the site relay1.uu.net. A small number -indicates that this site should be tried first. The larget the number the -further down the list of sites to try the site is. NOTE: Not all machines -have mailers that pay attention to MX records. Some only pay attention to -IP numbers, which is really stupid. All machines are required to have -MX-capable Mail Transfer Agents (MTA) as there are many addresses that can -only be reached via this means. - -There is an entry for localhost now. Note that this is somewhat of a -kludge and should probably be handled far more elegantly. By placing -localhost here, a machine comes into existance called -localhost.ecel.uwa.edu.au. If you finger it, or telnet to it, you get your -own machine, because the name lookup returns 127.0.0.1 which is the special -case for your own machine. I have used a couple of different DNS packages. -The old BSD one let you put things into the cache which would always work, -but would not be exported to other nameservers. In the newer Sun one, they -are left in the cache and are mostly ignored once named is up and running. -This isn't a bad solution, its just not a good one. - -Decel is the main machine in our domain. It has the IP number 130.95.4.2 -and that is what this next line shows. It also has a HINFO entry. HINFO -is Host Info which is meant to be some sort of an indication of what the -machine is and what it runs. The values are two white space seperated -values. First being the hardware and second being the software. HINFO is -not compulsory, its just nice to have sometimes. We also have some MX -records so that mail destined for decel has some other avenues before it -bounces back to the sender if undeliverable. - -It is a good idea to give all machines capable of handling mail an MX -record because this can be cached on remote machines and will help to -reduce the load on the network. - -gopher.ecel.uwa.edu.au is the gopher server in our division. Now because -we are cheapskates and don't want to go and splurge on a seperate machine -just for handling gopher requests we have made it a CNAME to our main -machine. While it may seem pointless it does have one main advantage. -When we discover that our placing terrabytes of popular quicktime movies -on our gopher server (no we haven't and we don't intend to) causes an -unbearable load on our main machine, we can quickly move the CNAME to -point at a new machine by changing the name mentioned in the CNAME. Then -the slime of the world can continue to get their essential movies with a -minimal interuption to the network. Other good CNAMEs to maintain are -things like ftp, mailhost, netfind, archie, whois, and even dns (though the -most obvious use for this fails). It also makes it easier for people to -find these services in your domain. - -We should probably start using WKS records for things like gopher and whois -rather than making DNS names for them. The tools are not in wide -circulation for this to work though. (Plus all those comments in many DNS -implementation of "Not implemented" next to the WKS record) - -Finally we have a macintosh which belongs to my boss. All it needs is an -IP number, and we have included the HINFO so that you can see that it is in -fact a macII running a Mac System. To get the list of preferred values, -you should get a copy of RFC 1340. It lists lots of useful information -such as /etc/services values, ethernet manufacturer hardware addresses, -HINFO defualts and many others. I will include the list as it stands at -the moment, but if any RFC superceeds 1340, then it will have a more -complete list. See Appendix B for that list. - -NOTE: If Chris had a very high profile and wanted his mac to appear like a -fully connected unix machine as far as internet services were concerned, he -could simply place an MX record such as - - IN MX 100 decel - -after his machine and any mail sent to chris@chris-mac.ecel.uwa.edu.au -would be automatically rerouted to decel. - -The Reverse Mapping File - -The reverse name lookup is handled in a most bizarre fashion. Well it all -makes sense, but it is not immediately obvious. - -All of the reverse name lookups are done by finding the PTR record -associated with the name w.x.y.z.in-addr.arpa. So to find the name -associated with the IP number 1.2.3.4, we look for information stored in -the DNS under the name 4.3.2.1.in-addr.arpa. They are organised this way -so that when you are allocated a B class subnet for example, you get all of -the IP numbers in the domain 130.95. Now to turn that into a reverse name -lookup domain, you have to invert the numbers or your registered domains -will be spread all over the place. It is a mess and you need not understand -the finer points of it all. All you need to know is that you put the -reverse name lookup files back to front. - -Here is the sample reverse name lookup files to go with our example. - -0.0.127.in-addr.arpa --- -; Reverse mapping of domain names 0.0.127.in-addr.arpa -; Nobody pays attention to this, it is only so 127.0.0.1 -> localhost. -@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( - 91061801 ; Serial (yymmddxx) - 10800 ; Refresh 3 hours - 3600 ; Retry 1 hour - 3600000 ; Expire 1000 hours - 86400 ) ; Minimum 24 hours -; -1 IN PTR localhost.ecel.uwa.edu.au. --- - -4.95.130.in-addr.arpa --- -; reverse mapping of domain names 4.95.130.in-addr.arpa -; -@ IN SOA decel.ecel.uwa.edu.au. postmaster.ecel.uwa.edu.au. ( - 92050300 ; Serial (yymmddxx format) - 10800 ; Refresh 3hHours - 3600 ; Retry 1 hour - 3600000 ; Expire 1000 hours - 86400 ) ; Minimum 24 hours -2 IN PTR decel.ecel.uwa.edu.au. -3 IN PTR accfin.ecel.uwa.edu.au. -5 IN PTR chris-mac.ecel.uwa.edu.au. --- - -It is important to remember that you must have a second start of authority -record for the reverse name lookups. Each reverse name lookup file must -have its own SOA record. The reverse name lookup on the 127 domain is -debatable seeing as there is likely to be only one number in the file and -it is blatantly obvious what it is going to map to. - -The SOA details are the same as in the forward mapping. - -Each of the numbers listed down the left hand side indicates that the line -contains information for that number of the subnet. Each of the subnets -must be the more significant digits. eg the 130.95.4 of an IP number -130.95.4.2 is implicit for all numbers mentioned in the file. - -The PTR must point to a machine that can be found in the DNS. If the name -is not in the DNS, some versions of named just bomb out at this point. - -Reverse name lookups are not compulsory, but nice to have. It means that -when people log into machines, they get names indicating where they are -logged in from. It makes it easier for you to spot things that are wrong -and it is far less cryptic than having lots of numbers everywhere. Also if -you do not have a name for your machine, some brain dead protocols such as -talk will not allow you to connect. - -Since I had this I had one suggestion of an alternative way to do the -localhost entry. I think it is a matter of personal opinion so I'll -include it here in case anyone things that this is a more appropriate -method. - -The following is courtesy of jep@convex.nl (JEP de Bie) - - The way I did it was: - - 1) add in /etc/named.boot: - - primary . localhost - primary 127.in-addr.ARPA. IP127 - -(Craig: It has been suggested by Mark Andrews that this is a bad practice - particularly if you have upgraded to Bind 4.9. You also run the risk of - polluting the root name servers. This comes down to a battle of idealogy - and practicality. Think twice before declaring yourself authorative for - the root domain.) - - So I not only declare myself (falsely? - probably, but nobody is going to - listen anyway most likely [CPR]:-) athorative in the 127.in-addr.ARPA domain - but also in the . (root) domain. - - 2) the file localhost has: - - $ORIGIN . - localhost IN A 127.0.0.1 - - 3) and the file IP127: - - $ORIGIN 127.in-addr.ARPA. - 1.0.0 IN PTR localhost. - - 4) and I have in my own domain file (convex.nl) the line: - - $ORIGIN convex.nl. - localhost IN CNAME localhost. - - The advantage (elegancy?) is that a query (A) of localhost. gives the - reverse of the query of 1.0.0.127.in-addr.ARPA. And it also shows that - localhost.convex.nl is only a nickname to something more absolute. - (While the notion of localhost is of course relative :-)). - - And I also think there is a subtle difference between the lines - - primary 127.in-addr.ARPA. IP127 - and - primary 0.0.127.in-addr.ARPA. 4.95.130.domain - ============= - JEP de Bie - jep@convex.nl - ============= - - - -Delegating authority for domains within your domain: - -When you start having a very big domain that can be broken into logical and -seperate entities that can look after their own DNS information, you will -probably want to do this. Maintain a central area for the things that -everyone needs to see and delegate the authority for the other parts of the -organisation so that they can manage themselves. - -Another essential piece of information is that every domain that exists -must have it NS records associated with it. These NS records denote the -name servers that are queried for information about that zone. For your -zone to be recognised by the outside world, the server responsible for the -zone above you must have created a NS record for your machine in your -domain. For example, putting the computer club onto the network and giving -them control over their own part of the domain space we have the following. - -The machine authorative for gu.uwa.edu.au is mackerel and the machine -authorative for ucc.gu.uwa.edu.au is marlin. - -in mackerel's data for gu.uwa.edu.au we have the following - -@ IN SOA ... - IN A 130.95.100.3 - IN MX mackerel.gu.uwa.edu.au. - IN MX uniwa.uwa.edu.au. - -marlin IN A 130.95.100.4 - -ucc IN NS marlin.gu.uwa.edu.au. - IN NS mackerel.gu.uwa.edu.au. - -Marlin is also given an IP in our domain as a convenience. If they blow up -their name serving there is less that can go wrong because people can still -see that machine which is a start. You could place "marlin.ucc" in the -first column and leave the machine totally inside the ucc domain as well. - -The second NS line is because mackerel will be acting as secondary name -server for the ucc.gu domain. Do not include this line if you are not -authorative for the information included in the sub-domain. - - -Troubleshooting your named: - -Named doesn't work! What is wrong? - -Step 1: Run nslookup and see what nameserver it tries to connect you to. -If nslookup connects you to the wrong nameserver, create a /etc/resolv.conf -file that points your machine at the correct nameserver. If there is no -resolv.conf file, the the resolver uses the nameserver on the local -machine. - -Step 2: Make sure that named is actually running. - -Step 3: Restart named and see if you get any error messages on the -console and in also check /usr/adm/messages. - -Step 4: If named is running, nslookup connects to the appropriate -nameserver and nslookup can answer simple questions, but other programs -such as 'ping' do not work with names, then you need to install resolv+ -most likely. - - -I changed my named database and my local machine has noticed, but nobody -else has the new information? - -Change the serial number in the SOA for any domains that you modified and -restart named. Wait an hour and check again. The information propogates -out. It won't change immediately. - - -My local machine knows about all the name server information, but no other -sites know about me? - -Find an upstream nameserver (one that has an SOA for something in your -domain) and ask them to be a secondary name server for you. eg if you are -ecel.uwa.edu.au, ask someone who has an SOA for the domain uwa.edu.au. -Get NS records (and glue) added to your parent zone for your zone. This is -called delegating. It should be done formally like this or you will get -inconsistant answers out of the DNS. ALL NAMSERVERS FOR YOUR ZONE SHOULD -BE LISTED IN THIS MANNER. - - -My forward domain names work, but the backward names do not? - -Make sure the numbers are back to front and have the in-addr.arpa on the -end. -Make sure you reverse zone is registered. For Class C nets this can be done -by mailing to hostmaster@internic.net. For class A & B nets make sure that -you are registeres with the primary for your net and that the net itself -is registered with hostmaster@internic.net. - - -How to get useful information from nslookup: - -Nslookup is a very useful program but I'm sure there are less than 20 -people worldwide who know how to use it to its full usefulness. I'm most -certainly not one of them. If you don't like using nslookup, there is at -least one other program called dig, that has most/all(?) of the -functionality of nslookup and is a hell of a lot easier to use. - -I won't go into dig much here except to say that it is a lot easier to get -this information out of. I won't bother because nslookup ships with almost -all machines that come with network software. - -To run nslookup, you usually just type nslookup. It will tell you the -server it connects to. You can specify a different server if you want. -This is useful when you want to tell if your named information is -consistent with other servers. - -Getting name to number mappings. - -Type the name of the machine. Typing 'decel' is enough if the machine is -local. - -(Once you have run nslookup successfully) -> decel -Server: ecel.uwa.edu.au -Address: 130.95.4.2 - -Name: decel.ecel.uwa.edu.au -Address: 130.95.4.2 - -> - -One curious quirk of some name resolvers is that if you type a -machine name, they will try a number of permutations. For example if my -machine is in the domain ecel.uwa.edu.au and I try to find a machine -called fred, the resolver will try the following. - - fred.ecel.uwa.edu.au. - fred.uwa.edu.au. - fred.edu.au. - fred.au. - fred. - -This can be useful, but more often than not, you would simply prefer a good -way to make aliases for machines that are commonly referenced. If you are -running resolv+, you should just be able to put common machines into the -host file. - -DIG: dig <machine name> - -Getting number to name mappings. - -Nslookup defaults to finding you the Address of the name specified. For -reverse lookups you already have the address and you want to find the -name that goes with it. If you read and understood the bit above where it -describes how to create the number to name mapping file, you would guess -that you need to find the PTR record instead of the A record. So you do -the following. - -> set type=ptr -> 2.4.95.130.in-addr.arpa -Server: decel.ecel.uwa.edu.au -Address: 130.95.4.2 - -2.4.95.130.in-addr.arpa host name = decel.ecel.uwa.edu.au -> - -nslookup tells you that the ptr for the machine name -2.4.95.130.in-addr.arpa points to the host decel.ecel.uwa.edu.au. - -DIG: dig -x <machine number> - -Finding where mail goes when a machine has no IP number. - -When a machine is not IP connected, it needs to specify to the world, where -to send the mail so that it can dial up and collect it every now and then. -This is accomplished by setting up an MX record for the site and not giving -it an IP number. To get the information out of nslookup as to where the -mail goes, do the following. - -> set type=mx -> dialix.oz.au -Server: decel.ecel.uwa.oz.au -Address: 130.95.4.2 - -Non-authoritative answer: -dialix.oz.au preference = 100, mail exchanger = uniwa.uwa.OZ.AU -dialix.oz.au preference = 200, mail exchanger = munnari.OZ.AU -Authoritative answers can be found from: -uniwa.uwa.OZ.AU inet address = 130.95.128.1 -munnari.OZ.AU inet address = 128.250.1.21 -munnari.OZ.AU inet address = 192.43.207.1 -mulga.cs.mu.OZ.AU inet address = 128.250.35.21 -mulga.cs.mu.OZ.AU inet address = 192.43.207.2 -dmssyd.syd.dms.CSIRO.AU inet address = 130.155.16.1 -ns.UU.NET inet address = 137.39.1.3 - -You tell nslookup that you want to search for mx records and then you give -it the name of the machine. It tells you the preference for the mail -(small means more preferable), and who the mail should be sent to. It also -includes sites that are authorative (have this name in their named database -files) for this MX record. There are multiple sites as a backup. As can -be seen, our local public internet access company dialix would like all of -their mail to be sent to uniwa, where they collect it from. If uniwa is -not up, send it to munnari and munnari will get it to uniwa eventually. - -NOTE: For historical reasons Australia used to be .oz which was changed to -.oz.au to move to the ISO standard extensions upon the advent of IP. We -are now moving to a more normal heirarchy which is where the .edu.au comes -from. Pity, I liked having oz. - -DIG: dig <zone> mx - -Getting a list of machines in a domain from nslookup. - -Find a server that is authorative for the domain or just generally all -knowing. To find a good server, find all the soa records for a given -domain. To do this, you set type=soa and enter the domain just like in the -two previous examples. - -Once you have a server type - -> ls gu.uwa.edu.au. -[uniwa.uwa.edu.au] -Host or domain name Internet address - gu server = mackerel.gu.uwa.edu.au - gu server = uniwa.uwa.edu.au - gu 130.95.100.3 - snuffle-upagus 130.95.100.131 - mullet 130.95.100.2 - mackerel 130.95.100.3 - marlin 130.95.100.4 - gugate 130.95.100.1 - gugate 130.95.100.129 - helpdesk 130.95.100.180 - lan 130.95.100.0 - big-bird 130.95.100.130 - -To get a list of all the machines in the domain. - -If you wanted to find a list of all of the MX records for the domain, you -can put a -m flag in the ls command. - -> ls -m gu.uwa.edu.au. -[uniwa.uwa.edu.au] -Host or domain name Metric Host - gu 100 mackerel.gu.uwa.edu.au - gu 200 uniwa.uwa.edu.au - -This only works for a limited selection of the different types. - -DIG: dig axfr <zone> @<server> - - - -Appendix A - - -; -; This file holds the information on root name servers needed to -; initialize cache of Internet domain name servers -; (e.g. reference this file in the "cache . <file>" -; configuration file of BIND domain name servers). -; -; This file is made available by InterNIC registration services -; under anonymous FTP as -; file /domain/named.root -; on server FTP.RS.INTERNIC.NET -; -OR- under Gopher at RS.INTERNIC.NET -; under menu InterNIC Registration Services (NSI) -; submenu InterNIC Registration Archives -; file named.root -; -; last update: April 21, 1993 -; related version of root zone: 930421 -; -. 99999999 IN NS NS.INTERNIC.NET. -NS.INTERNIC.NET. 99999999 A 198.41.0.4 -. 99999999 NS KAVA.NISC.SRI.COM. -KAVA.NISC.SRI.COM. 99999999 A 192.33.33.24 -. 99999999 NS C.NYSER.NET. -C.NYSER.NET. 99999999 A 192.33.4.12 -. 99999999 NS TERP.UMD.EDU. -TERP.UMD.EDU. 99999999 A 128.8.10.90 -. 99999999 NS NS.NASA.GOV. -NS.NASA.GOV. 99999999 A 128.102.16.10 - 99999999 A 192.52.195.10 -. 99999999 NS NS.NIC.DDN.MIL. -NS.NIC.DDN.MIL. 99999999 A 192.112.36.4 -. 99999999 NS AOS.ARL.ARMY.MIL. -AOS.ARL.ARMY.MIL. 99999999 A 128.63.4.82 - 99999999 A 192.5.25.82 -. 99999999 NS NIC.NORDU.NET. -NIC.NORDU.NET. 99999999 A 192.36.148.17 -; End of File - - -Appendix B - -An Excerpt from -RFC 1340 Assigned Numbers July 1992 - - - MACHINE NAMES - - These are the Official Machine Names as they appear in the Domain Name - System HINFO records and the NIC Host Table. Their use is described in - RFC-952 [53]. - - A machine name or CPU type may be up to 40 characters taken from the - set of uppercase letters, digits, and the two punctuation characters - hyphen and slash. It must start with a letter, and end with a letter - or digit. - - ALTO DEC-1080 - ALTOS-6800 DEC-1090 - AMDAHL-V7 DEC-1090B - APOLLO DEC-1090T - ATARI-104ST DEC-2020T - ATT-3B1 DEC-2040 - ATT-3B2 DEC-2040T - ATT-3B20 DEC-2050T - ATT-7300 DEC-2060 - BBN-C/60 DEC-2060T - BURROUGHS-B/29 DEC-2065 - BURROUGHS-B/4800 DEC-FALCON - BUTTERFLY DEC-KS10 - C/30 DEC-VAX-11730 - C/70 DORADO - CADLINC DPS8/70M - CADR ELXSI-6400 - CDC-170 EVEREX-386 - CDC-170/750 FOONLY-F2 - CDC-173 FOONLY-F3 - CELERITY-1200 FOONLY-F4 - CLUB-386 GOULD - COMPAQ-386/20 GOULD-6050 - COMTEN-3690 GOULD-6080 - CP8040 GOULD-9050 - CRAY-1 GOULD-9080 - CRAY-X/MP H-316 - CRAY-2 H-60/68 - CTIWS-117 H-68 - DANDELION H-68/80 - DEC-10 H-89 - DEC-1050 HONEYWELL-DPS-6 - DEC-1077 HONEYWELL-DPS-8/70 - HP3000 ONYX-Z8000 - HP3000/64 PDP-11 - IBM-158 PDP-11/3 - IBM-360/67 PDP-11/23 - IBM-370/3033 PDP-11/24 - IBM-3081 PDP-11/34 - IBM-3084QX PDP-11/40 - IBM-3101 PDP-11/44 - IBM-4331 PDP-11/45 - IBM-4341 PDP-11/50 - IBM-4361 PDP-11/70 - IBM-4381 PDP-11/73 - IBM-4956 PE-7/32 - IBM-6152 PE-3205 - IBM-PC PERQ - IBM-PC/AT PLEXUS-P/60 - IBM-PC/RT PLI - IBM-PC/XT PLURIBUS - IBM-SERIES/1 PRIME-2350 - IMAGEN PRIME-2450 - IMAGEN-8/300 PRIME-2755 - IMSAI PRIME-9655 - INTEGRATED-SOLUTIONS PRIME-9755 - INTEGRATED-SOLUTIONS-68K PRIME-9955II - INTEGRATED-SOLUTIONS-CREATOR PRIME-2250 - INTEGRATED-SOLUTIONS-CREATOR-8 PRIME-2655 - INTEL-386 PRIME-9955 - INTEL-IPSC PRIME-9950 - IS-1 PRIME-9650 - IS-68010 PRIME-9750 - LMI PRIME-2250 - LSI-11 PRIME-750 - LSI-11/2 PRIME-850 - LSI-11/23 PRIME-550II - LSI-11/73 PYRAMID-90 - M68000 PYRAMID-90MX - MAC-II PYRAMID-90X - MASSCOMP RIDGE - MC500 RIDGE-32 - MC68000 RIDGE-32C - MICROPORT ROLM-1666 - MICROVAX S1-MKIIA - MICROVAX-I SMI - MV/8000 SEQUENT-BALANCE-8000 - NAS3-5 SIEMENS - NCR-COMTEN-3690 SILICON-GRAPHICS - NEXT/N1000-316 SILICON-GRAPHICS-IRIS - NOW SGI-IRIS-2400 - SGI-IRIS-2500 SUN-3/50 - SGI-IRIS-3010 SUN-3/60 - SGI-IRIS-3020 SUN-3/75 - SGI-IRIS-3030 SUN-3/80 - SGI-IRIS-3110 SUN-3/110 - SGI-IRIS-3115 SUN-3/140 - SGI-IRIS-3120 SUN-3/150 - SGI-IRIS-3130 SUN-3/160 - SGI-IRIS-4D/20 SUN-3/180 - SGI-IRIS-4D/20G SUN-3/200 - SGI-IRIS-4D/25 SUN-3/260 - SGI-IRIS-4D/25G SUN-3/280 - SGI-IRIS-4D/25S SUN-3/470 - SGI-IRIS-4D/50 SUN-3/480 - SGI-IRIS-4D/50G SUN-4/60 - SGI-IRIS-4D/50GT SUN-4/110 - SGI-IRIS-4D/60 SUN-4/150 - SGI-IRIS-4D/60G SUN-4/200 - SGI-IRIS-4D/60T SUN-4/260 - SGI-IRIS-4D/60GT SUN-4/280 - SGI-IRIS-4D/70 SUN-4/330 - SGI-IRIS-4D/70G SUN-4/370 - SGI-IRIS-4D/70GT SUN-4/390 - SGI-IRIS-4D/80GT SUN-50 - SGI-IRIS-4D/80S SUN-100 - SGI-IRIS-4D/120GTX SUN-120 - SGI-IRIS-4D/120S SUN-130 - SGI-IRIS-4D/210GTX SUN-150 - SGI-IRIS-4D/210S SUN-170 - SGI-IRIS-4D/220GTX SUN-386i/250 - SGI-IRIS-4D/220S SUN-68000 - SGI-IRIS-4D/240GTX SYMBOLICS-3600 - SGI-IRIS-4D/240S SYMBOLICS-3670 - SGI-IRIS-4D/280GTX SYMMETRIC-375 - SGI-IRIS-4D/280S SYMULT - SGI-IRIS-CS/12 TANDEM-TXP - SGI-IRIS-4SERVER-8 TANDY-6000 - SPERRY-DCP/10 TEK-6130 - SUN TI-EXPLORER - SUN-2 TP-4000 - SUN-2/50 TRS-80 - SUN-2/100 UNIVAC-1100 - SUN-2/120 UNIVAC-1100/60 - SUN-2/130 UNIVAC-1100/62 - SUN-2/140 UNIVAC-1100/63 - SUN-2/150 UNIVAC-1100/64 - SUN-2/160 UNIVAC-1100/70 - SUN-2/170 UNIVAC-1160 - UNKNOWN - VAX-11/725 - VAX-11/730 - VAX-11/750 - VAX-11/780 - VAX-11/785 - VAX-11/790 - VAX-11/8600 - VAX-8600 - WANG-PC002 - WANG-VS100 - WANG-VS400 - WYSE-386 - XEROX-1108 - XEROX-8010 - ZENITH-148 - - SYSTEM NAMES - - These are the Official System Names as they appear in the Domain Name - System HINFO records and the NIC Host Table. Their use is described - in RFC-952 [53]. - - A system name may be up to 40 characters taken from the set of upper- - case letters, digits, and the three punctuation characters hyphen, - period, and slash. It must start with a letter, and end with a - letter or digit. - - AEGIS LISP SUN OS 3.5 - APOLLO LISPM SUN OS 4.0 - AIX/370 LOCUS SWIFT - AIX-PS/2 MACOS TAC - BS-2000 MINOS TANDEM - CEDAR MOS TENEX - CGW MPE5 TOPS10 - CHORUS MSDOS TOPS20 - CHRYSALIS MULTICS TOS - CMOS MUSIC TP3010 - CMS MUSIC/SP TRSDOS - COS MVS ULTRIX - CPIX MVS/SP UNIX - CTOS NEXUS UNIX-BSD - CTSS NMS UNIX-V1AT - DCN NONSTOP UNIX-V - DDNOS NOS-2 UNIX-V.1 - DOMAIN NTOS UNIX-V.2 - DOS OS/DDP UNIX-V.3 - EDX OS/2 UNIX-PC - ELF OS4 UNKNOWN - EMBOS OS86 UT2D - EMMOS OSX V - EPOS PCDOS VM - FOONEX PERQ/OS VM/370 - FUZZ PLI VM/CMS - GCOS PSDOS/MIT VM/SP - GPOS PRIMOS VMS - HDOS RMX/RDOS VMS/EUNICE - IMAGEN ROS VRTX - INTERCOM RSX11M WAITS - IMPRESS RTE-A WANG - INTERLISP SATOPS WIN32 - IOS SCO-XENIX/386 X11R3 - IRIX SCS XDE - ISI-68020 SIMP XENIX - ITS SUN - - - -Appendix C Installing DNS on a Sun when running NIS - -==================== - 2) How to get DNS to be used when running NIS ? - - First setup the appropriate /etc/resolv.conf file. - Something like this should do the "trick". - - ; - ; Data file for a client. - ; - domain local domain - nameserver address of primary domain nameserver - nameserver address of secondary domain nameserver - - where: "local domain" is the domain part of the hostnames. - For example, if your hostname is "thor.ece.uc.edu" - your "local domain" is "ece.uc.edu". - - You will need to put a copy of this resolv.conf on - all NIS(YP) servers including slaves. - - Under SunOS 4.1 and greater, change the "B=" at the top - of the /var/yp/Makefile to "B=-b" and setup NIS in the - usual fashion. - - You will need reboot or restart ypserv for these changes - to take affect. - - Under 4.0.x, edit the Makefile or apply the following "diff": - -*** Makefile.orig Wed Jan 10 13:22:11 1990 ---- Makefile Wed Jan 10 13:22:01 1990 -*************** -*** 63 **** -! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byname; \ ---- 63 ---- -! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byname; \ -*************** -*** 66 **** -! | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/hosts.byaddr; \ ---- 66 ---- -! | $(MAKEDBM) -b - $(YPDBDIR)/$(DOM)/hosts.byaddr; \ -==================== - diff --git a/contrib/bind/doc/misc/style.txt b/contrib/bind/doc/misc/style.txt deleted file mode 100644 index a966066074dd3..0000000000000 --- a/contrib/bind/doc/misc/style.txt +++ /dev/null @@ -1,172 +0,0 @@ -Path: vixie!vixie -From: vixie@vix.com (Paul A Vixie) -Newsgroups: comp.protocols.tcp-ip.domains -Subject: Re: Format of DNS files (style question) -Date: 28 Aug 94 03:17:08 -Organization: Vixie Enterprises -Lines: 159 -Distribution: inet -Message-ID: <VIXIE.94Aug28031708@office.home.vix.com> -References: <33onnr$i4u@zombie.ncsc.mil> -NNTP-Posting-Host: office.home.vix.com -In-reply-to: sjr@zombie.ncsc.mil's message of 27 Aug 1994 21:02:51 -0400 - -> (Style) Suggestions for how to layout DNS configuration files (both -> forward and reverse)? - -I've gone back and forth on the question of whether the BOG should include a -section on this topic. I know what I myself prefer, but I'm wary of ramming -my own stylistic preferences down the throat of every BOG reader. But since -you ask :-)... - -Create /var/named. If your system is too old to have a /var, either create -one or use /usr/local/adm/named instead. Put your named.boot in it, and make -/etc/named.boot a symlink to it. If your system doesn't have symlinks, you're -S-O-L (but you knew that). In named.boot, put a "directory" directive that -specifies your actual BIND working directory: - - directory /var/named - -All relative pathnames used in "primary", "secondary", and "cache" directives -will be evaluated relative to this directory. Create two subdirectories, -/var/named/pri and /var/named/sec. Whenever you add a "primary" directive -to your named.boot, use "pri/WHATEVER" as the path name. And then put the -primary zone file into "pri/WHATEVER". Likewise when you add "secondary" -directives, use "sec/WHATEVER" and BIND (really named-xfer) will create the -files in that subdirectory. - -(Variations: (1) make a midlevel directory "zones" and put "pri" and "sec" -into it; (2) if you tend to pick up a lot of secondaries from a few hosts, -group them together in their own subdirectories -- something like -/var/named/zones/uucp if you're a UUCP Project name server.) - -For your forward files, name them after the zone. dec.com becomes -"/var/named/zones/pri/dec.com". For your reverse files, name them after the -network number. 0.1.16.in-addr.arpa becomes "/var/named/zones/pri/16.1.0". - -When creating or maintaining primary zone files, try to use the same SOA -values everywhere, except for the serial number which varies per zone. Put -a $ORIGIN directive at the top of the primary zone file, not because it's -needed (it's not since the default origin is the zone named in the "primary" -directive) but because it make it easier to remember what you're working on -when you have a lot of primary zones. Put some comments up there indicating -contact information for the real owner if you're proxying. Use RCS and put -the "$Id: style.txt,v 8.1 1995/12/22 21:59:52 vixie Exp $" in a ";" comment near the top of the zone file. - -The SOA and other top level information should all be listed together. But -don't put IN on every line, it defaults nicely. For example: - -============== -@ IN SOA gw.home.vix.com. postmaster.vix.com. ( - 1994082501 ; serial - 3600 ; refresh (1 hour) - 1800 ; retry (30 mins) - 604800 ; expire (7 days) - 3600 ) ; minimum (1 hour) - - NS gw.home.vix.com. - NS ns.uu.net. - NS uucp-gw-1.pa.dec.com. - NS uucp-gw-2.pa.dec.com. - - MX 10 gw.home.vix.com. - MX 20 uucp-gw-1.pa.dec.com. - MX 20 uucp-gw-1.pa.dec.com. -============== - -I don't necessarily recommend those SOA values. Not every zone is as volatile -as the example shown. I do recommend that serial number format; it's in date -format with a 2-digit per-day revision number. This format will last us until -2147 A.D. at which point I expect a better solution will have been found :-). -(Note that it would last until 4294 A.D. except that there are some old BINDs -out there that use a signed quantity for representing serial number interally; -I suppose that as long as none of these are still running after 2047 A.D., -that we can use the above serial number format until 4294 A.D., at which point -a better solution will HAVE to be found.) - -You'll note that I use a tab stop for "IN" even though I never again specify -it. This leaves room for names longer than 7 bytes without messing up the -columns. You might also note that I've put the MX priority and destination -in the same tab stop; this is because both are part of the RRdata and both -are very different from MX which is an RRtype. Some folks seem to prefer to -group "MX" and the priority together in one tab stop. While this looks neat -it's very confusing to newcomers and for them it violates the law of least -astonishment. - -If you have a multi-level zone (one which contains names that have dots in -them), you can use additional $ORIGIN statements but I recommend against it -since there is no "back" operator. That is, given the above example you can -add: - -============= -$ORIGIN home -gw A 192.5.5.1 -============= - -The problem with this is that subsequent RR's had better be somewhere under -the "home.vix.com" name or else the $ORIGIN that introduces them will have -to use a fully qualified name. FQDN $ORIGIN's aren't bad and I won't be mad -if you use them. Unqualified ones as shown above are real trouble. I usually -stay away from them and just put the whole name in: - -============= -gw.home A 192.5.5.1 -============= - -In your reverse zones, you're usually in some good luck because the owner name -is usually a single short token or sometimes two. - -============= -$ORIGIN 5.5.192.in-addr.arpa. -@ IN SOA ... - NS ... -1 PTR gw.home.vix.com. -------------- -$ORIGIN 1.16.in-addr.arpa. -@ IN SOA ... - NS ... -2.0 PTR gatekeeper.dec.com. -============= - -It is usually pretty hard to keep your forward and reverse zones in synch. -You can avoid that whole problem by just using "h2n" (see the ORA book, DNS -and BIND, and its sample toolkit, included in the BIND distribution or on -ftp.uu.net (use the QUOTE SITE EXEC INDEX command there to find this -- I -never can remember where it's at). "h2n" and many tools like it can just -read your old /etc/hosts file and churn it into DNS zone files. (May I -recommend contrib/decwrl/mkdb.pl from the BIND distribution?) However, if -you (like me) prefer to edit these things by hand, you need to follow the -simple convention of making all of your holes consistent. If you use -192.5.5.1 and 192.5.5.3 but not (yet) 192.5.5.2, then in your forward file -you will have something like - -============= -... -gw.home A 192.5.5.1 -;avail A 192.5.5.2 -pc.home A 192.5.5.3 -============= - -and in your reverse file you will have something like - -============= -... -1 PTR gw.home.vix.com. -;2 PTR avail -3 PTR pc.home.vix.com. -============= - -This convention will allow you to keep your sanity and make fewer errors. -Any kind of automation (h2n, mkdb, or your own perl/tcl/awk/python tools) -will help you maintain a consistent universe even if it's also a complex -one. Editing by hand doesn't have to be deadly but you MUST take care. - -Anyone who wants to know how to maintain nonleaf zones, i.e., zones which -have few or no hosts in them but have hundreds or thousands of delegations, -should attend Usenix LISA in San Diego and be there for the SENDS talk. -Contact office@usenix.org for conference information. --- -Paul Vixie -Redwood City, CA -decwrl!vixie!paul -<paul@vix.com> diff --git a/contrib/bind/doc/notes/data b/contrib/bind/doc/notes/data deleted file mode 100644 index e522392a38303..0000000000000 --- a/contrib/bind/doc/notes/data +++ /dev/null @@ -1,51 +0,0 @@ -/* - * We need a registy of name server addresses. For each, we retain an RTT - * and a list of name server names which have used this address. - */ -tree_t *by_nsaddr; -struct by_nsaddr { - u_int32_t rtt; /* measured. */ - char **names; /* NULL terminated array; strdup'd. */ -}; - -/* - * "struct server" is a name server, which can have many addresses. There - * is no central registry of servers, since each creator can have a different - * idea of what the addresses are. - */ -struct server { - char *name; /* made with strdup. */ - struct sockaddr_in *addrs; /* counted array. */ - int n_addrs; /* array size. */ -}; - -/* - * "struct zone" is a zone cut. - */ -tree_t *by_class; /* zone[class]. */ -struct zone { - enum {master, slave, cache, boot} - type; - - /* Servers learned from boot cache, a parent zone, or !auth answer. */ - struct server *servers_notauth; - - /* Servers learned from authoritative answer or local zone. */ - struct server *servers_auth; - - /* Root node of zone. */ - struct node *root; -}; - -struct node { - char *label; /* made with strdup. */ - tree_t *subs; /* subdomains (node[label]). */ - /* really this is "data" since for the zone cut tree we have no sets.*/ - tree_t *rrsets; /* rr sets (rrset[type]). */ -}; - -struct rrset { - rrtype type; - u_int32_t ttl; - u_char data[1]; /* struct size constrains this. */ -}; diff --git a/contrib/bind/doc/notes/db_names.c b/contrib/bind/doc/notes/db_names.c deleted file mode 100644 index 0b4e62c78b833..0000000000000 --- a/contrib/bind/doc/notes/db_names.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright (c) 1996,1999 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include <sys/types.h> -#include <sys/param.h> -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <errno.h> -#include <resolv.h> -#include <stdio.h> - -#include "named.h" -#include "tree.h" - -struct node { - struct node *parent; /* NULL for "."'s node. */ - tree *children; /* Nodes using us as parent. */ - /*void *userdata;*/ /* For future use. */ - char name[sizeof(void*)]; /* Open array. */ -}; - -static struct node rootNode; - -static int -nodeCompare(t1, t2) - const tree_t t1, t2; -{ - const char *n1 = ((struct node *)t1)->name + sizeof(u_char), - *n2 = ((struct node *)t2)->name + sizeof(u_char); - - return (strcasecmp(n1, n2)); -} - -/* void * - * db_findname(const char *name, int storeflag) - * find or store a presentation format domain name. - * returns: - * NULL if an error occurred (check errno) - * else, node's unique, opaque address. - */ -void * -db_findname(name, storeflag) - const char *name; - int storeflag; -{ - struct node *node, *tnode; - const char *tname; - size_t len; - int ch; - - /* The root domain has its own static node. */ - if (name[0] == '\0') - return (&rootNode); - - /* Locate the end of the first label. */ - for (tname = name; (ch = *tname) != '\0'; tname++) { - /* Is this the end of the first label? */ - if (ch == '.') - break; - /* Is it an escaped character? */ - if (ch == '\\') { - ch = *++tname; - if (ch == '\0') - break; - } - } - - /* Make sure the label's length will fit in our length byte. */ - len = tname - name; - if (len > 255) { - errno = ENAMETOOLONG; - return (NULL); - } - - /* If nothing but unescaped dots after this, elide them. */ - while (ch == '.') - ch = *tname++; - - /* - * Make a new node since the comparison function needs it - * and we may yet end up adding it to our parent's tree. - * - * Note that by recursing for tnode->parent, we might be - * creating our parents and grandparents and so on. - */ - tnode = (struct node *)malloc(sizeof(struct node) - sizeof(void *) - + sizeof(u_char) + len + sizeof(char)); - tnode->parent = db_findname(tname); - tnode->children = NULL; - *((u_char *)tnode->name) = (u_char)len; - memcpy(tnode->name + sizeof(u_char), name, len); - tnode->name[sizeof(u_char) + len] = '\0'; - - /* If our first label isn't in our parent's tree, put it there. */ - node = tree_srch(&tnode->parent->children, nodeCompare, (tree_t)tnode); - if (node == NULL) - if (storeflag) - if (tree_add(&tnode->parent->children, nodeCompare, - (tree_t)tnode, NULL)) - node = tnode, tnode = NULL; - else - errno = ENOMEM; - else - errno = ENOENT; - - /* Get rid of tnode if we didn't consume it. */ - if (tnode != NULL) - free(tnode); - - /* Return the (possibly new) node, or NULL, as appropriate. */ - return (node); -} - -/* int - * db_getname(void *node, char *name, size_t size) - * given a node's unique, opaque address, format its name. - * returns: - * -1 = error occurred, check errno - * 0 = success - */ -int -db_getname(vnode, name, size) - const void *vnode; - char *name; - size_t size; -{ - const struct node *node = vnode; - - while (node != NULL) { - size_t len = (size_t)node->name[0]; - - if (size < len + 1) - goto too_long; - memcpy(name, node->name + sizeof(u_char), len); - name += len; - *name++ = '.'; - size -= len + sizeof(char); - node = node->parent; - } - - if (size < sizeof(char)) { - too_long: - errno = ENAMETOOLONG; - return (-1); - } - *name = '\0'; - return (0); -} - -/* - * char * - * db_makename(void *node) - * given a node's unique, opaque address, format and return its name. - * returns: - * pointer to the name or NULL on errors (check errno). - * notes: - * returns pointer to a static buffer, be careful how you call it. - */ -char * -db_makename(vnode) - void *vnode; -{ - static char name[MAXDNAME*2]; - - if (db_getname(vnode, name, sizeof name) < 0) - return (NULL); - return (name); -} diff --git a/contrib/bind/doc/notes/irp.txt b/contrib/bind/doc/notes/irp.txt deleted file mode 100644 index f2b59e263ea1f..0000000000000 --- a/contrib/bind/doc/notes/irp.txt +++ /dev/null @@ -1,521 +0,0 @@ -IRP Commands - -This document describes version 1 of IRP. - -IRP is a text-based command/response protocol like NNTP or SMTP. - -1.0 Response types: textual and status. - -1.1 Textual responses - -Textual responses are sent after a status response which indicates the text -will follow. The text is a series of CR-LF terminated lines. On the last line a -single period ``.'' will appear. If a normal text line starts with a period -then this will be doubled before sending. - -There is no maximum line length for responses. Commands have a maximum line -length of 1024 characters. - -The lines that make up the transmitted data are divided into fields. The fields -are spearated by the colon character ``:'', except in one case (for host data) -where the at-sign ``@'' is used instead. Some fields, such as alias names for -hosts, can have multiple values, and these values are separated by commas. - -Most transmission of data requires no special character changes. The field -separators and subfield separators don't normally appear in the data. However -in one case they can (network names). So to avoid trouble, all ``special'' -characters found in any data fields are encoded in URL-encoding form. That is -they are replaced with the 3-character sequence ``%xx'', where xx is the -hexidecimal value of the ascii-code for the chatacter. i,e, ``:'' becomes -``%58'', ``,'' becomes ``%44'' and ``%'' becomes ``%37''. - -For version 1 of IRP the set of special characters for purposes of encoding, -is: - - `,', '%', ':', '@' - -In a couple cases (password structure and group structure), there may be -encrypted passwords as part of the data. If the client is a privileged user -that the server can verify (e.g. through the use of SunOS doors(2)), then the -encrypted password will be sent back to the client. If the client is not -privileged the password will be replaced with the string ``*''. - - -1.2 Status responses. - -Status responses follow a numbering pattern similar to NNTP. - - 1xx - Informative message - 2xx - Command ok - 3xx - Command ok so far, send the rest of it. - 4xx - Command was correct, but couldn't be performed for - some reason. - 5xx - Command unimplemented, or incorrect, or a serious - program error occurred. - - The next digit in the code indicates the function response category. - - x0x - Connection, setup, and miscellaneous messages - x1x - Host lookup - x2x - Network lookup - x3x - User lookup - x4x - Group lookup - x5x - Service lookup - x6x - Protocol lookup - x7x - Netgroup lookup - x8x - Misc. Information Lookup - x9x - Debugging output - - The final digit in the code indicates whether textual data follows - - xx0 - No textual data follows. - xx1 - Textual data follows. - -2.0 Connection Establishment - - When the client connects to the server, the server will issue a welcome - banner. If the server will accetp commands, then the banner will start with - a status code indicating this, followed by a version number of the protocol - it accepts. Other words may come on the line afterwards to indicate to - humans the state of the server, - - If the server wont accept commands then it will issue a banner indicating - that and will then drop the connection. - -2.1 Responses - - 200 1 Ready to go. ; note: The server handles version 1 of the protocol - 200 2 Ready ; note: The server handles version 2 of the protocol - 400 Sorry. Down to due to nightly backups. - -3.0 Commands - -3.1 The HOST commands - -3.1.1 GETHOSTBYNAME hostname -3.1.2 GETHOSTBYNAME2 hostname address-family -3.1.2 GETHOSTBYADDR address address-family -3.1.3 GETHOSTENT - - Returns a textual response containing the information for the given host(s) - (a struct hostent) encoded in an ascii format. gethostbyaddr and - gethostbyname look up a specific host. GETHOSTENT returns the contents - of the /etc/hosts file. The GETHOSTENT command is optional may not be - supported by the server. The address-family paramater is the value - "AF_INET" or "AF_INET6" - -{ XXX GETHOSTENT is optional as the gethostent(3) call isn't always available } - -3.1.4 Responses - - 210 No such host - 211 Host found - - If the hostname given as the command argument doesn't exist, then the 210 - response will be returned. If the host is successfully looked up, then the - 211 response is sent and a textual message is sent after. The textual - message contains the host information encoded in an ascii form. The fields - of the host data are separated by at-signs. Fields that have multiple values - (like the aliases field) have their sub values separated by commas. - - hostname@aliases@address-type@address-length@address-list@ - - - hostname is the FQDN of the host. - - - aliases is a comma separated list of FQDNs for the host aliases. - - - address-type is either the strings "AF_INET" or "AF_INET6" - - - address-length is the length of each address in bytes (after conversion - back to binary form). - - - address-list is a comma separated list of dotted IPv4 if IPv6 addresses. - -{ XXX if we're going to include TTLs where should they go? Perhaps the -address-list field should be "addr/ttl,addr/ttl,..." } - - For example: - - C: GETHOSTBYNAME gw.downtown.vix.com - - S: 210 No such host. - - C: GETHOSTBYNAME gw.home.vix.com - - S: 211 OK - gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@ - . - - C: GETHOSTBYNAME2 gw.home.vix.com AF_INET6 - gw.home.vix.com@@AF_INET6@ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255@ - . - - C: GETHOSTBYADDR 192.5.5.1 - - S: 211 OK - gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@ - . - - C: GETHOSTENT - - S: 211 OK - gw.home.vix.com@ftp.vix.com,www.vix.com@AF_INET@4@192.5.5.1,192.5.5.1@ - data.pa.vix.com@@AF_INET@4@204.152.184.37@ - . - - -3.2 The USER commands. - -3.2.1 GETPWNAM username -3.2.2 GETPWUID uid -3.2.3 GETPWENT - - Returns a textual response with the user information (a struct passwd) - enocoded in an ascii format. The optional GETPWENT command transmits the - entire /etc/password file - -{ XXX It's optional only cause it doesn't seem right to spit the password out -to whoever wants it, even with encrypted passwords not being sent } - -3.2.4 Reponses - - 230 No such user - 231 User found - - If the username or uid given as the command argument doesn't exist, then - the 230 response will be returned. If the user is successfully looked up, - then the 231 response is sent and a textual message is sent after. The - textual message contains the user information encoded in an ascii form. The - fields of the user data are separated by colons. The format is very similar - to the /etc/password format (see passwd(5)) - - username:password:uid:gid:class:change:expire:gecos:home_dir:shell: - - - username is the user's login name - - - password User's encrypted password (or the string "*" if the client is - unprivileged) - - - uid User's numeric id. - - - gid User's numeric login group id. - - - class User's general classification (a string) - - - change Password change time (integer seconds from epoch) - - - expire Account expiration time (integer seconds from epoch) - - - gecos General information about the user. - - - home_dir User's home directory. - - - shell User's login shell. - - For example. Client being a non-privileged user: - - C: GETPWNAM brister - - S: 231 User found - brister:*:1364:100:James Brister:/udir/brister:/bin/csh: - . - - C: GETPWUID 6 - games:*:7:13:Games Pseudo-user:/usr/games:nologin - . - - S: GETPWENT - root:*:0:0:System Administrator:/root:/bin/csh - postmast:*:4:4:Postmaster:/:/nologin - daemon:*:1:1:System Daemon:/:nologin - sys:*:2:2:Operating System:/tmp:nologin - bin:*:3:7:BSDI Software:/usr/bsdi:nologin - operator:*:5:5:System Operator:/usr/opr:/bin/csh - uucp:*:6:6:UNIX-to-UNIX Copy:/var/spool/uucppublic:/usr/libexec/uucico - . - - If a priviled user looks up a username: - - C: GETPWNAM www - - S: 231 User found - www:WZajcgFCaAd8s:51:84::0:0:WWW-server:/var/www:/bin/sh - . - -3.3 The NETWORK commands - -3.3.1 GETNETBYNAME network -3.3.2 GETNETBYADDR dotted-ip-address address-family -3.3.4 GETNETENT - - Returns a textual response with the network information (an IRS struct - nwent, *not* a struct netent) enocoded in an ascii format. The optionally - supported GETNETENT command transmits the entire /etc/networks file - -{ XXX should it be optional? } - -3.2.4 Reponses - - 220 No such network - 221 Netork found - - If the network given as the command argument doesn't exist, then the 220 - response will be returned. If the network is successfully looked up, then - the 221 response is sent and a textual message is sent after. The textual - message contains the network information encoded in an ascii form. The fields - of the network data are separated by colons. - - network-name:aliases:address-type:address-length:network-address: - - - network-name is the name of the network - - - aliases is a comma separated list of aliases for the network - - - address-type is ``AF_INET'' or ``AF_INET6''. - - - address-length is the number of bits the following network address uses. - - - address is the network address in a dotted ascii format. AF_INET address - are padded with 0 bits to the full 32 bits before conversion to ascii for - transmission. AF_INET6 addresses are padded to the full 128 bits with 0 - bits before conversion. - - For example: - - C: GETNETBYNAME vixie-net - - S: 221 Network found - vixie-net::AF_INET:24:192.5.5.0: - . - - C: GETNETBYADDR 10.0.0.1 - - S: 221 Network found - private-net:home-net,upstairs-net:AF_INET:8:10.0.0.0: - . - - C: GETNETENT - - S: 221 OK - vixie-net::AF_INET:24:192.5.5.0: - private-net:home-net,upstairs-net:AF_INET:8:10.0.0.0: - lookback-net::AF_INET:8:127.0.0.0 - . - -3.4 The GROUP commands - -3.4.1 GETGRNAM group -3.4.2 GETGRGID gid -3.4.3 GETGRENT - - Returns a textual response with the group information (a struct group) - enocoded in an ascii format. The optionally supported GETGRENT command - transmits the entire /etc/group file. - -3.4.4 Reponses - - 240 No such group - 241 Group found - - If the group given as the command argument doesn't exist, then the 240 - response will be returned. If the group is successfully looked up, then - the 241 response is sent and a textual message is sent after. The textual - message contains the group information encoded in an ascii form. The fields - of the group data are separated by colons. - - group-name:group-password:group-gid:group-members: - - - group-name is the name of the group. - - - group-password is the group's password. This will be correct if the - client has appropriate privileges (see discussion above on the USER - commands). Otherwise it will be the string ``*'' - - - group-gid is the numeric id for the group - - - group-members is a comma separated list of usernames for all the members - of the group. - - For example: - - C: GETGRNAM wheel - - S: 241 Group found - wheel:*:0:root,brister,nathalie,tester: - - C: GETGRGID 20 - - S: 241 Group found - staff:*:20:root,brister: - - C: GETGRENT - - S: 241 OK - wheel:*:0:root,brister,nathalie,tester: - daemon:*:1:daemon: - kmem:*:2:root: - sys:*:3:root: - tty:*:4:root: - operator:*:5:root: - uucp:*:6:brister: - bin:*:7:: - news:*:8:brister: - utmp:*:12:: - games:*:13:: - mail:*:14:: - staff:*:20:root,brister: - . - -3.5 The SERVICE commands - -3.5.1 GETSERVBYNAME name protocol -3.5.2 GETSERVBYPORT port protocol -3.5.3 GETSERVENT - - Returns a textual response with the service information (a struct servent) - enocoded in an ascii format. The optionally supported GETSERVENT command - transmits the entire /etc/services file. - -3.5.4 Reponses - - 250 No such service - 251 Group found - - If the group given as the command argument doesn't exist, then the 250 - response will be returned. If the service is successfully looked up, then - the 251 response is sent and a textual message is sent after. The textual - message contains the service information encoded in an ascii form. The fields - of the service data are separated by colons. - - service-name:aliases:port-number:protocol: - - - The service name is the offical name of the services. - - - aliases is a comma separated list of aliases for the service. - - - port-number is the decimal number of the port used for the service. - - - protocol is the name of the protocol the service operates under. Usually - either ``TCP'' or ``UCP'' - - For example: - - C: GETSERVBYNAME nntp tcp - - S: 251 Service found - nntp:readnews,untp:119:tcp: - . - - C: GETSERVBYPORT 514 udp - syslog::514:ucp: - . - - C: GETSERVENT - 251 OK - tcpmux::1:tcp: - echo::7:tcp: - echo::7:udp: - discard:sink,null:9:tcp: - discard:sink,null:9:udp: - systat:users:11:tcp: - systat:users:11:udp: - daytime::13:tcp: - daytime::13:udp: - netstat::15:tcp: - qotd:quote:17:tcp: - qotd:quote:17:udp: - . - -3.6 The PROTOCOL commands - -3.6.1 GETPROTOBYNAME protocol-name -3.6.2 GETPROTOBYNUMBER protocol-number -3.6.3 GETPROTOENT - - Returns a textual response with the protocol information (a struct protoent) - enocoded in an ascii format. The optionally supported GETPROTOENT command - transmits the entire /etc/protocols file. - -3.6.4 Reponses - - 260 No such protocol - 261 Protocol found - - If the protocol given as the command argument doesn't exist, then the 260 - response will be returned. If the service is successfully looked up, then - the 261 response is sent and a textual message is sent after. The textual - message contains the protocol information encoded in an ascii form. The fields - of the protocol data are separated by colons. - - protocol-name:aliases:protocol-number: - - - protocol-name is the offical name of the protocol - - - aliases is a comma separated list of aliases for the protocol - - - protocol-nunber is the number of the protocol in decimal. - - - For example: - - C: GETPROTOBYNAME ip - - S: 261 Protocol found - ip:IP:0: - . - - C: GETPROTOBYNUMBER 17 - - S: 261 Protocol found - udp:UDP:17: - . - - C: GETPROTOENT - - S: 261 OK - ip:IP:0: - icmp:ICMP:1: - igmp:IGMP:2: - ggp:GGP:3: - tcp:TCP:6: - egp:EGP:8: - pup:PUP:12: - udp:UDP:17: - hmp:HMP:20: - xns-idp:XNS-IDP:22: - rdp:RDP:27: - iso-tp4:ISO-TP4:29: - iso-ip:ISO-IP:80: - encap:ENCAP:98: - . - -3.7 The NETGROUP commands - -3.7.1 GETNETGRENT netgrouup - - Returns a textual response with the netgroup information enocoded in an - ascii format. - -3.6.4 Reponses - - 270 No such netgroup - 271 Netgroups found - - For the given netgroup a list of the netgroup entries will be - returned. Each netgroup entry is three fields separated by colons. A field - may be empty to indicate wildcarding. - - :hostname:username:domainname: - - For example: - - C: GETNETGRENT devlopers - - S: 271 OK - :gw.home.vix.com:brister:vix.com: - :bb.rc.vix.com:vixie:: - . - - - - diff --git a/contrib/bind/doc/secure/copyright.txt b/contrib/bind/doc/secure/copyright.txt deleted file mode 100644 index cc38356089062..0000000000000 --- a/contrib/bind/doc/secure/copyright.txt +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Portions Copyright (c) 1995,1996 by Trusted Information Systems, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL TRUSTED INFORMATION - * SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - * Trusted Information Systems, Inc. has received approval from the - * United States Government for export and reexport of TIS/DNSSEC - * software from the United States of America under the provisions of - * the Export Administration Regulations (EAR) General Software Note - * (GSN) license exception for mass market software. Under the - * provisions of this license, this software may be exported or - * reexported to all destinations except for the embargoed countries of - * Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export - * or reexport of TIS/DNSSEC software to the embargoed countries - * requires additional, specific licensing approval from the United - * States Government. - */ diff --git a/contrib/bind/doc/secure/install.txt b/contrib/bind/doc/secure/install.txt deleted file mode 100644 index bb5bc94c211d9..0000000000000 --- a/contrib/bind/doc/secure/install.txt +++ /dev/null @@ -1,155 +0,0 @@ - -INSTALL_SEC - - Bind with Secure DNS (TIS/DNSSEC) - Version 1.3.0 Beta - September 1996 - -This version has been compiled and tested on SUNOS 4.1.3, -FreeBSD-2.1.5-REL and Linux 2.0.11. -There may be still be portability problems. -If you have access to other hardware platforms please let us know if -there are any problems porting and send us patches, to include in -future releases. - -This version of secure Bind uses RSAREF-2.0 library from RSA, -First you should get/read the RSAREF FAQ - http://www.consensus.com/rsaref-faq.html -Then you can copy RSAREF from - ftp://ftp.rsa.com/rsaref/README - -You need to read this README file carefully for further instructions. - -Installation: (this version is based on 4.9.4-REL-P1). - -1. The tar ball will create a directory sec_bind in the current directory - untar the archive - The content of the sec_bind directory has the same directory - structure as bind distribution with the addition of the directories - dnssec_lib/ and signer/, some named directories have been - deleted from the distribution. - - dnssec_lib/ contains the library files for signature generation - signer/ contains tools for signing bind boot files and - generating keys. - - In addition, there is a new file, "res/res_sign.c", which - contains library routines that are required in the resolver - for displaying new RR types. - - You need to tailor sec_bind/Makefile to your system as you do - with bind distributions. - - The sec_bind distribution expects to find RSAREF in the - rsaref/ subdirectory. If you install RSAREF in a different - place you can place a pointer to the RSAREF installation - directory in place of sec_bind/rsaref. - - sec_bind/Makefile expects to find the RSAREF library file - at sec_bind/rsaref/lib/rsaref.a. The RSAREF distribution - does not contain that directory. If you are installing RSAREF - for the first time create that directory copy the correct - Makefile from the appropriate rsaref/install/ subdirectory. - Sec_bind will compile RSAREF for you. - - We recommend that you use an ANSI C compliant compiler to - compile this distribution. - -2. Follow Bind installation guidelines on your system - - Set your normal configuration in conf/options.h with the - following exceptions/additions: - ROUND_ROBIN must be OFF (for right now) - DNS_SECURITY must be ON - RSAREF must be ON if you have a copy of RSAREF. - This version of sec_bind does not work well without RSAREF. - -3. make - If you are going to use make install everything will work right - out of the box. If you are going to run programs out of the - sec_bind directory you need to set the DESTEXEC variables - accordingly. - -4. Once everything compiles you can run the simple test that is include in - the distribution. - - First you need to edit the file signer/simple_test/test.boot to - set directory directive to the full path of the directory this - file is in. - - Now the signer program can be run to sign the simple_test data. - The signed zone will be written to /tmp - % cd sec_bind/signer - % make test - The passwords for the keys in the distribution are: - Key: Password: - foo.bar foo.bar - mobile.foo.bar mobile - fix.foo.bar fix.foo.bar - sub.foo.bar sub.foo.bar - some.bar some.bar - - Notice the differences between simple_test/test.boot and - /tmp/test.boot. The pubkey directive are required for correct - behavior of new named. - - To check the if named can read the new zone files and verify - the signatures run following commands - % cd ../named - % make test - - Exit/error code 66 indicates that program completed normally - in "load-only" mode (new -l flag). - - If you want to load up named run same command as make test does - without -l flag. (the -d 3 flag is to make sure the process - does not do a fork). - % ./named -p 12345 -b /tmp/test.boot -d 3 - - % cd ../tools - % ./dig @localhost snore.foo.bar. -p 12345 - This should return an A record + SIG(A) record - % ./dig @localhost no_such_name.foo.bar. -p 12345 - This should return a NXT record +SIG(NXT) for *.foo.bar. - - You can also test against our nameserver for zone sd-bogus.tis.com - the host is uranus.hq.tis.com(192.94.214.95) - % ./dig @uranus.hq.tis.com sd-bogus.tis.com. soa - will return the SOA and SIG(SOA) + KEY - % ./dig @uranus.hq.tis.com sd-bogus.tis.com. mb - will return NXT for sd-bogus.tis.com - % ./dig @uranus.hq.tis.com foo.sd-bogus.tis.com. ns - will NS +KEY for foo.sd-bog.tis.com. - -5. Converting your setup to secure DNS zones. - need to create a key for your zone. - If you have a copy of the last release of sec_bind the key file - format has changed and you need to regenerate all your keys, Sorry. - The new format for private key files is portable between - different architectures and operating systems, the encryption - of the key file is compatible with the des program. - - To generate key use sec_bind/signer/key_gen. To generate zone key - for name you.bar, with 512 bit modulus and exponent of 3, - execute following command - - % cd signer - % ./key_gen -z -g 512 you.bar - - key_gen will ask for an encryption password for the private - key file, if you do not want to encrypt the key hit <Return>. - The program will output resource record suitable for zone file. - key_gen creates two files you.bar.priv and foo.bar.public. - - If you want, at any time, to display the public key for foo.bar - run key_gen without the -g flag or cat file foo.bar.public. - key_gen without any flags will print out the usage information. - key_gen has extensive error checking on flags. - - To modify the flags field for an existing key run key_gen with - the new flags but without the -g flag. - - Note: The key above is suitable for signing records but not for - encrypting data. - -6. Send problems, fixes and suggestions to dns-security@tis.com. diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt deleted file mode 100644 index d7b422ab1caab..0000000000000 --- a/contrib/bind/doc/secure/readme.txt +++ /dev/null @@ -1,93 +0,0 @@ - - Secure DNS (TIS/DNSSEC) - September 1996 - -Copyright (C) 1995,1996 Trusted Information Systems, Incorporated - -Trusted Information Systems, Inc. has received approval from the -United States Government for export and reexport of TIS/DNSSEC -software from the United States of America under the provisions of -the Export Administration Regulations (EAR) General Software Note -(GSN) license exception for mass market software. Under the -provisions of this license, this software may be exported or -reexported to all destinations except for the embargoed countries of -Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export -or reexport of TIS/DNSSEC software to the embargoed countries -requires additional, specific licensing approval from the United -States Government. - -Trusted Information Systems, Inc., is pleased to -provide a reference implementation of the secure Domain Name System -(TIS/DNSSEC). In order to foster acceptance of secure DNS and provide -the community with a usable, working version of this technology, -TIS/DNSSEC is being made available for broad use on the following basis. - -- Trusted Information Systems makes no representation about the - suitability of this software for any purpose. It is provided "as is" - without express or implied warranty. - -- TIS/DNSSEC is distributed in source code form, with all modules written - in the C programming language. It runs on many UNIX derived platforms - and is integrated with the Bind implementation of the DNS protocol. - -- This beta version of TIS/DNSSEC may be used, copied, and modified for - testing and evaluation purposes without fee during the beta test - period, provided that this notice appears in supporting documentation - and is retained in all software modules in which it appears. Any other - use requires specific, written prior permission from Trusted Information - Systems. - -TIS maintains the email distribution list dns-security@tis.com for -discussion of secure DNS. To join, send email to - dns-security-request@tis.com. - -TIS/DNSSEC technical questions and bug reports should be addressed to - dns-security@tis.com. - -To reach the maintainers of TIS/DNSSEC send mail to - tisdnssec-support@tis.com - -TIS/DNSSEC is a product of Trusted Information Systems, Inc. - -This is an beta version of Bind with secure DNS extensions it uses -RSAREF which you must obtain separately. - -Implemented and tested in this version: - Portable key storage format. - Improved authentication API - Support for using different authentication packages. - All Security RRs including KEY SIG, NXT, and support for wild cards - tool for generating KEYs - tool for signing RRs in boot files - verification of RRs on load - verification of RRs over the wire - transmission of SIG RRs - returns NXT when name and/or type does not exist - storage of NXT, KEY, and SIG RRs with CNAME RR - AD/ID bits added to header and setting of these bits - key storage and retrieval - dig and nslookup can display new header bits and RRs - AXFR signature RR - keyfile directive - $SIGNER directive (to turn on and off signing) - adding KEY to answers with NS or SOA - SOA sequence numbers are now set each time zone is signed - SIG AXFR ignores label count of names - generation and inclusion of .PARENT files - Returns only one NXT at delegation points unless two are required - Expired SIG records are now returned in response to query - -Implemented but not fully tested: - -Known bugs: - -Not implemented: - ROUND_ROBIN behaviour - zone transfer in SIG(AXFR) sort order. - transaction SIGs - verification in resolver. (stub resolvers must trust local servers - resolver library is to low level to implement security) - knowing when to trust the AD bit in responses - -Read files INSTALL_SEC and USAGE_SEC for installation and user -instructions, respectively. diff --git a/contrib/bind/doc/secure/usage.txt b/contrib/bind/doc/secure/usage.txt deleted file mode 100644 index aa8eebc670aa9..0000000000000 --- a/contrib/bind/doc/secure/usage.txt +++ /dev/null @@ -1,215 +0,0 @@ - - USAGE_SEC - Secure DNS (TIS/DNSSEC) - September 1996 - -This is the usage documentation for TIS' Secure DNS (TIS/DNSSEC) version -BETA-1.3. This looks like a standard named distribution, with -the following exceptions - - this version is coded against BIND-4.9.4-P1 - - there are three new directories in this distribution - dnssec_lib - signer - rsaref - - - rsaref/ is place holder directory for RSAREF distribution. - You must get RSAREF on your own. - - signer/ contains two applications needed by DNSSEC: - signer: tool to sign zones - key_gen: tool to generate keys - dnssec_lib/ contains common library routines that are used by - named, key_gen and signer. - This is where most of the DNSSEC work is done. - -Before compiling you need to do your standard configurations for named -and the edits explained in INSTALL_SEC. This version has been tested -on SUNOS4.1.3. This version includes portability fixes from previous -beta releases for Linux, Solaris-2.4, HPUX-9 and FreeBSD. - -CHANGES TO BIND - -res/ - - There are minor changes to the files in the res directory. Most of - the changes have to do with displaying NXT - records. There are also some changes related to translating - domain names into uncompressed lower case names upon request. - -tools/ - Minor changes to recognize NXT records and display them. - -named/ - Added code to read and write new record types. - Added code to do signature validation on read. - Added code to return appropriate SIG records. - Added security flags to databuf and zoneinfo structures. - Names can now have CNAME record and security RR's. - Records are stored and transmitted in DNS SEC sort order. - -conf/ - - Turned off ROUND_ROBIN option and installed new sorting required - for signature verification. - -signer/ - NXT record generation. - Key generation - Signing of zones - Converting data records to format required for signatures. - -dnssec_lib/ - Interfacing with Crypto library. - Verifying signatures, - preparing data for signing and verification - -The role of <zone>.PARENT files: - -DNSSEC specification requires change who is authorative for certain -resource records. In order to support certification hierarchy each -zone KEY RR must be signed by parent zone. The parent signed KEY RR -must be distributed by the zone itself as it is the most authorative -for its own records. - -To facilitate this TIS/DNSSEC signer program creates a <name>.PARENT -file for every name in a zone that has a NS record. This file contains -the KEY records stored under this name and -NXT record and corresponding SIG records. If no KEY record is found -for a name with a NS record a NULL-KEY record is generated to indicate -that the child is INSECURE. - -Each <zone>.PARENT file must be sent via an out of band mechanism to -the appropriate primary for the zone, for inclusion. signer program -adds an $INCLUDE <zone>.PARENT command at the end of each zone file, -if no file exists an warning message is printed. - -Potential PROBLEM: It is likely that the parent and child are on a -different signing schedule. If new <zone>.PARENT file is put on the -primary, due to the fact that the zone data changed but the SOA did -not, it may take a long time for new records to propagate to the -secondaries. This is only a problem if zone has added/deleted a KEY -or if the the signatures will expire in the near future. To overcome -this problem, resign your zone when any of above conditions is true. -DNS NOTIFY and/or DNS DYNUPDATE may fix this problem in the future. - -TIS/DNSSEC SOA serial numbers. To facilitate prompt distribution of -zone data to secondaries, signer takes over the management of SOA -serial numbers. Each time signer signs a zone it sets the serial -number to a value reflecting the time the zone was signed, in standard -Unix time seconds since 1970/1/1 0:0:0 GMT. - -How to configure a secure zone. - Create a directory <zone> to contain your zone files. - Create a output directory <outdir> for the signer output. - Put in <zone> a boot file that includes the files from that zone. - Create a KEY for the zone by running key_gen, Name the key <domain>. - - Run signer on your zone writing to the output directory <outdir>. - Signer will rewrite the boot file to include new directive - "pubkey" of the key used to sign the file. If there where - any pubkey declarations in the input boot file they will be - deleted. - Signer generates files that correspond to the load files specified. - - In case of load file that $INCLUDEs another load file, signer will - merge them to the output file. - You will notice that the output files are significantly larger. - The output files will be in a different order than the input files, - all records are sorted into DNSSEC sort order. - NXT and SIG records have been added. - - If there are any NS records for a name other than the zone name of - each input file you will see messages that NULL KEY records - have been created, if this is not correct behavior, add - the correct KEY RRs. - For each domain name that has a NS record but is not a zone name - of load file you will see a file named <name>.PARENT, - this file contains the KEY record for that name and an - NXT record + 2 SIG records. - This file needs to be sent to the nameserver that is primary for that - zone. There are two reasons for this: - 1. To support Certification Hierarchy, each zone key is - signed by the parent zone key. - 2. Zone is the most trustworthy source for itself unless - these records are loaded into the primary server for - the zone, the records may not get propagated. - -how to run SEC_NAMED: - -Included in the distribution there is a small test setup: - -# run signer -./signer boot-f simple_test/test.boot [out-dir /tmp] -# or -make test -# This takes few minutes to run depending on your machine and the size -# of the key selected -# all output files will be stored in /tmp unless out-dir is specified - -# -# Now we are ready to run named -cd ../named -./named -p 12345 -b /tmp/test.boot.save [-d x] - -# -# you can now check for data in the data base -# using the new dig. -# -cd ../tools -./dig @yourhost snore.foo.bar. any in -p 12345 - -# -# Output from new dig will be something like this -# -; <<>> DiG 2.1 <<>> @dnssrv snore.foo.bar. any in -p -; (1 server found) -;; res options: init recurs defnam dnsrch -;; got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 -;; flags: qr rd ra; Ques: 1, Ans: 11, Auth: 0, Addit: 1 -;; QUESTIONS: -;; snore.foo.bar, type = ANY, class = IN - -;; ANSWERS: -snore.foo.bar. 259200 A 10.17.3.20 -snore.foo.bar. 259200 SIG A ( - 1 3; alg labels - 259200 ; TTL - 19950506200636 ; Signature expiration - 19950406200659 ; time signed - 47437 ; Key foot print - foo.bar. ; Signers name - FsqeW3hstM8Q6v8PMCGPsVMfO6dEpHjFgKm2dJRaofFtCQ/CT9O6Vo7J5zgkV+5ciWQwuZwvzW071jnZ1i27Ip/8vqdKGHC63tjWkCHSZV0= - ) ; END Signature -snore.foo.bar. 259200 MX 96 who.foo.bar. -snore.foo.bar. 259200 MX 100 foo.bar. -snore.foo.bar. 259200 MX 120 xxx.foo.bar. -snore.foo.bar. 259200 MX 130 maGellan.foo.bar. -snore.foo.bar. 259200 MX 140 bozo.foo.bar. -snore.foo.bar. 259200 SIG MX ( - 1 3; alg labels - 259200 ; TTL - 19950506200636 ; Signature expiration - 19950406200659 ; time signed - 47437 ; Key foot print - foo.bar. ; Signers name - EV0cJqF3pUOgktggTrFf55YGwQFbUqPJAMTnAkHK3+Z/Ya6GgwwNOGRzq/FYm5P4E+yIj6WUYFh9Ex5eX5TwiIsjM/hy173lSa3qm/ljDk8= - ) ; END Signature -snore.foo.bar. 259200 NXT xxx.foo.bar. -snore.foo.bar. 259200 SIG NXT ( - 1 3; alg labels - 259200 ; TTL - 19950506200636 ; Signature expiration - 19950406200659 ; time signed - 47437 ; Key foot print - foo.bar. ; Signers name - eJUHVm5Q5qYQYFVOW0L5Of67HQvQ9+7T7sQqHv7ayTT2sMnXudxviYv43vALMMwBcJFXFEhLhwYwN7pUDssD/w5si/6JJQTi1o30S8si3zE= - ) ; END Signature - -;; Total query time: 195 msec -;; FROM: dnssrv to SERVER: dnssrv 10.17.3.1 -;; WHEN: Thu Apr 6 16:20:32 1995 -;; MSG SIZE sent: 31 rcvd: 662 |