diff options
Diffstat (limited to 'bin')
118 files changed, 2932 insertions, 2116 deletions
diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in index c191605605b1b..b88be3cb85bf4 100644 --- a/bin/check/Makefile.in +++ b/bin/check/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004-2007, 2009, 2012 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2007, 2009, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2003 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -70,7 +70,7 @@ named-checkzone.@O@: named-checkzone.c -c ${srcdir}/named-checkzone.c named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \ - ${ISCCFGDEPLIBS} ${BIND9DEPLIBS} + ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS} export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \ export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \ ${FINALBUILDCMD} diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 909184ef2f1dd..ad6c497f3a319 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -20,11 +20,11 @@ .\" Title: named\-checkconf .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 14, 2000 +.\" Date: January 10, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9" +.TH "NAMED\-CHECKCONF" "8" "January 10, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index fd3795a57fd2c..a75df96d1fea9 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -143,18 +143,6 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) { } static isc_result_t -config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) { - int i; - - for (i = 0;; i++) { - if (maps[i] == NULL) - return (ISC_R_NOTFOUND); - if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) - return (ISC_R_SUCCESS); - } -} - -static isc_result_t configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) { isc_result_t result; dns_db_t *db = NULL; @@ -190,6 +178,7 @@ configure_zone(const char *vclass, const char *view, const char *zname; const char *zfile = NULL; const cfg_obj_t *maps[4]; + const cfg_obj_t *mastersobj = NULL; const cfg_obj_t *zoptions = NULL; const cfg_obj_t *classobj = NULL; const cfg_obj_t *typeobj = NULL; @@ -223,6 +212,15 @@ configure_zone(const char *vclass, const char *view, if (typeobj == NULL) return (ISC_R_FAILURE); + /* + * Skip checks when using an alternate data source. + */ + cfg_map_get(zoptions, "database", &dbobj); + if (dbobj != NULL && + strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 && + strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0) + return (ISC_R_SUCCESS); + cfg_map_get(zoptions, "file", &fileobj); if (fileobj != NULL) zfile = cfg_obj_asstring(fileobj); @@ -238,13 +236,18 @@ configure_zone(const char *vclass, const char *view, (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0)) return (ISC_R_SUCCESS); + /* + * Is the redirect zone configured as a slave? + */ + if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) { + cfg_map_get(zoptions, "masters", &mastersobj); + if (mastersobj != NULL) + return (ISC_R_SUCCESS); + } + if (zfile == NULL) return (ISC_R_FAILURE); - cfg_map_get(zoptions, "database", &dbobj); - if (dbobj != NULL) - return (ISC_R_SUCCESS); - obj = NULL; if (get_maps(maps, "check-dup-records", &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { @@ -366,8 +369,7 @@ configure_zone(const char *vclass, const char *view, masterformat = dns_masterformat_text; fmtobj = NULL; - result = config_get(maps, "masterfile-format", &fmtobj); - if (result == ISC_R_SUCCESS) { + if (get_maps(maps, "masterfile-format", &fmtobj)) { const char *masterformatstr = cfg_obj_asstring(fmtobj); if (strcasecmp(masterformatstr, "text") == 0) masterformat = dns_masterformat_text; diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index 485dc42a93d19..a5e50334e2ae4 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.docbook,v 1.22 2009/12/28 23:21:16 each Exp $ --> <refentry id="man.named-checkconf"> <refentryinfo> - <date>June 14, 2000</date> + <date>January 10, 2014</date> </refentryinfo> <refmeta> diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index 1c5ebc125768a..8caabf260e1e4 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543403"></a><h2>DESCRIPTION</h2> +<a name="id2543411"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a <span><strong class="command">named</strong></span> configuration file. The file is parsed @@ -52,7 +52,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543452"></a><h2>OPTIONS</h2> +<a name="id2543460"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-h</span></dt> <dd><p> @@ -101,21 +101,21 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>RETURN VALUES</h2> +<a name="id2543604"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543608"></a><h2>SEE ALSO</h2> +<a name="id2543616"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543638"></a><h2>AUTHOR</h2> +<a name="id2543645"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 8538ca886c2a7..f9bba0e73de20 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: named\-checkzone .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 13, 2000 +.\" Date: April 29, 2013 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9" +.TH "NAMED\-CHECKZONE" "8" "April 29, 2013" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -251,7 +251,7 @@ so that include directives in the configuration file are processed as if run by .PP \-T \fImode\fR .RS 4 -Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are +Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present. Possible modes are \fB"warn"\fR (default), \fB"ignore"\fR. @@ -302,7 +302,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2007, 2009\-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007, 2009\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index ea37fa2b57f9a..f1590b55474aa 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ --> <refentry id="man.named-checkzone"> <refentryinfo> - <date>June 13, 2000</date> + <date>April 29, 2013</date> </refentryinfo> <refmeta> @@ -40,6 +39,7 @@ <year>2010</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -408,10 +408,10 @@ <term>-T <replaceable class="parameter">mode</replaceable></term> <listitem> <para> - Check if Sender Policy Framework records (TXT and SPF) - both exist or both don't exist. A warning is issued - if they don't match. Possible modes are - <command>"warn"</command> (default), <command>"ignore"</command>. + Check if Sender Policy Framework (SPF) records exist + and issues a warning if an SPF-formatted TXT record is + not also present. Possible modes are <command>"warn"</command> + (default), <command>"ignore"</command>. </para> </listitem> </varlistentry> diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index 6941326996cc5..7d44053c252d1 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2007, 2009-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007, 2009-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -33,7 +33,7 @@ <div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543736"></a><h2>DESCRIPTION</h2> +<a name="id2543747"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> does when loading a @@ -53,7 +53,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543771"></a><h2>OPTIONS</h2> +<a name="id2543782"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -232,10 +232,10 @@ </p></dd> <dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt> <dd><p> - Check if Sender Policy Framework records (TXT and SPF) - both exist or both don't exist. A warning is issued - if they don't match. Possible modes are - <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>. + Check if Sender Policy Framework (SPF) records exist + and issues a warning if an SPF-formatted TXT record is + not also present. Possible modes are <span><strong class="command">"warn"</strong></span> + (default), <span><strong class="command">"ignore"</strong></span>. </p></dd> <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> @@ -270,14 +270,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544612"></a><h2>RETURN VALUES</h2> +<a name="id2544622"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544624"></a><h2>SEE ALSO</h2> +<a name="id2544634"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, @@ -285,7 +285,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544657"></a><h2>AUTHOR</h2> +<a name="id2544667"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/ddns-confgen.8 b/bin/confgen/ddns-confgen.8 index fd2670e5ff4e7..5ceb80e96af41 100644 --- a/bin/confgen/ddns-confgen.8 +++ b/bin/confgen/ddns-confgen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: ddns\-confgen .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Jan 29, 2009 +.\" Date: September 18, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DDNS\-CONFGEN" "8" "Jan 29, 2009" "BIND9" "BIND9" +.TH "DDNS\-CONFGEN" "8" "September 18, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -139,5 +139,5 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c index e2a8628377ae7..99663428d8436 100644 --- a/bin/confgen/ddns-confgen.c +++ b/bin/confgen/ddns-confgen.c @@ -46,6 +46,7 @@ #include <dns/keyvalues.h> #include <dns/name.h> +#include <dns/result.h> #include <dst/dst.h> #include <confgen/os.h> @@ -99,6 +100,8 @@ main(int argc, char **argv) { int len = 0; int ch; + dns_result_register(); + result = isc_file_progname(*argv, program, sizeof(program)); if (result != ISC_R_SUCCESS) memmove(program, "ddns-confgen", 13); diff --git a/bin/confgen/ddns-confgen.docbook b/bin/confgen/ddns-confgen.docbook index cedfbf5726c8d..1627c9ea04f80 100644 --- a/bin/confgen/ddns-confgen.docbook +++ b/bin/confgen/ddns-confgen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: ddns-confgen.docbook,v 1.6 2009/09/18 22:08:55 fdupont Exp $ --> <refentry id="man.ddns-confgen"> <refentryinfo> - <date>Jan 29, 2009</date> + <date>September 18, 2009</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/confgen/ddns-confgen.html b/bin/confgen/ddns-confgen.html index 6b2f7dc5d5633..bdbd35ea01486 100644 --- a/bin/confgen/ddns-confgen.html +++ b/bin/confgen/ddns-confgen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543396"></a><h2>DESCRIPTION</h2> +<a name="id2543406"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">ddns-confgen</strong></span> generates a key for use by <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named</strong></span>. It simplifies configuration @@ -58,7 +58,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543456"></a><h2>OPTIONS</h2> +<a name="id2543466"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd><p> @@ -125,7 +125,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543643"></a><h2>SEE ALSO</h2> +<a name="id2543654"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -133,7 +133,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543682"></a><h2>AUTHOR</h2> +<a name="id2543692"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/rndc-confgen.8 b/bin/confgen/rndc-confgen.8 index faffdac4b5e32..1276344e372ec 100644 --- a/bin/confgen/rndc-confgen.8 +++ b/bin/confgen/rndc-confgen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: rndc\-confgen .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Aug 27, 2001 +.\" Date: June 15, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "RNDC\-CONFGEN" "8" "Aug 27, 2001" "BIND9" "BIND9" +.TH "RNDC\-CONFGEN" "8" "June 15, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -205,7 +205,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2001, 2003 Internet Software Consortium. .br diff --git a/bin/confgen/rndc-confgen.docbook b/bin/confgen/rndc-confgen.docbook index af2cc4321dda4..b3220754ad66d 100644 --- a/bin/confgen/rndc-confgen.docbook +++ b/bin/confgen/rndc-confgen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.docbook,v 1.4 2009/06/15 23:47:59 tbox Exp $ --> <refentry id="man.rndc-confgen"> <refentryinfo> - <date>Aug 27, 2001</date> + <date>June 15, 2009</date> </refentryinfo> <refmeta> @@ -41,6 +40,7 @@ <year>2005</year> <year>2007</year> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/confgen/rndc-confgen.html b/bin/confgen/rndc-confgen.html index 03ee5199a116e..84eae417d1f41 100644 --- a/bin/confgen/rndc-confgen.html +++ b/bin/confgen/rndc-confgen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543433"></a><h2>DESCRIPTION</h2> +<a name="id2543444"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">rndc-confgen</strong></span> generates configuration files for <span><strong class="command">rndc</strong></span>. It can be used as a @@ -48,7 +48,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543478"></a><h2>OPTIONS</h2> +<a name="id2543489"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> @@ -155,7 +155,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543792"></a><h2>EXAMPLES</h2> +<a name="id2543802"></a><h2>EXAMPLES</h2> <p> To allow <span><strong class="command">rndc</strong></span> to be used with no manual configuration, run @@ -172,7 +172,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543833"></a><h2>SEE ALSO</h2> +<a name="id2543844"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -180,7 +180,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543872"></a><h2>AUTHOR</h2> +<a name="id2543882"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index e6c28f3de0f9c..cd79ceaea9bc7 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: dig .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: February 12, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DIG" "1" "June 30, 2000" "BIND9" "BIND9" +.TH "DIG" "1" "February 12, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ dig \- DNS lookup utility .SH "SYNOPSIS" .HP 4 -\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] +\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...] .HP 4 \fBdig\fR [\fB\-h\fR] .HP 4 @@ -70,7 +70,7 @@ It is possible to set per\-user defaults for via \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. .PP -The IN and CH class names overlap with the IN and CH top level domains names. Either use the +The IN and CH class names overlap with the IN and CH top level domain names. Either use the \fB\-t\fR and \fB\-c\fR @@ -186,10 +186,16 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone The \fB\-q\fR option sets the query name to -\fIname\fR. This useful do distinguish the +\fIname\fR. This is useful to distinguish the \fIname\fR from other arguments. .PP +The +\fB\-v\fR +causes +\fBdig\fR +to print the version number and exit. +.PP Reverse lookups \(em mapping addresses to names \(em are simplified by the \fB\-x\fR option. @@ -241,66 +247,52 @@ no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: .PP -\fB+[no]tcp\fR -.RS 4 -Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.RE -.PP -\fB+[no]vc\fR +\fB+[no]aaflag\fR .RS 4 -Use [do not use] TCP when querying name servers. This alternate syntax to -\fI+[no]tcp\fR -is provided for backwards compatibility. The "vc" stands for "virtual circuit". +A synonym for +\fI+[no]aaonly\fR. .RE .PP -\fB+[no]ignore\fR +\fB+[no]aaonly\fR .RS 4 -Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. +Sets the "aa" flag in the query. .RE .PP -\fB+domain=somename\fR +\fB+[no]additional\fR .RS 4 -Set the search list to contain the single domain -\fIsomename\fR, as if specified in a -\fBdomain\fR -directive in -\fI/etc/resolv.conf\fR, and enable search list processing as if the -\fI+search\fR -option were given. +Display [do not display] the additional section of a reply. The default is to display it. .RE .PP -\fB+[no]search\fR +\fB+[no]adflag\fR .RS 4 -Use [do not use] the search list defined by the searchlist or domain directive in -\fIresolv.conf\fR -(if any). The search list is not used by default. +Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default. .RE .PP -\fB+[no]showsearch\fR +\fB+[no]all\fR .RS 4 -Perform [do not perform] a search showing intermediate results. +Set or clear all display flags. .RE .PP -\fB+[no]defname\fR +\fB+[no]answer\fR .RS 4 -Deprecated, treated as a synonym for -\fI+[no]search\fR +Display [do not display] the answer section of a reply. The default is to display it. .RE .PP -\fB+[no]aaonly\fR +\fB+[no]authority\fR .RS 4 -Sets the "aa" flag in the query. +Display [do not display] the authority section of a reply. The default is to display it. .RE .PP -\fB+[no]aaflag\fR +\fB+[no]besteffort\fR .RS 4 -A synonym for -\fI+[no]aaonly\fR. +Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. .RE .PP -\fB+[no]adflag\fR +\fB+bufsize=B\fR .RS 4 -Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default. +Set the UDP message buffer size advertised using EDNS0 to +\fIB\fR +bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. .RE .PP \fB+[no]cdflag\fR @@ -313,49 +305,50 @@ Set [do not set] the CD (checking disabled) bit in the query. This requests the Display [do not display] the CLASS when printing the record. .RE .PP -\fB+[no]ttlid\fR +\fB+[no]cmd\fR .RS 4 -Display [do not display] the TTL when printing the record. +Toggles the printing of the initial comment in the output identifying the version of +\fBdig\fR +and the query options that have been applied. This comment is printed by default. .RE .PP -\fB+[no]recurse\fR +\fB+[no]comments\fR .RS 4 -Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means -\fBdig\fR -normally sends recursive queries. Recursion is automatically disabled when the -\fI+nssearch\fR -or -\fI+trace\fR -query options are used. +Toggle the display of comment lines in the output. The default is to print comments. .RE .PP -\fB+[no]nssearch\fR +\fB+[no]defname\fR .RS 4 -When this option is set, -\fBdig\fR -attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. +Deprecated, treated as a synonym for +\fI+[no]search\fR .RE .PP -\fB+[no]trace\fR +\fB+[no]dnssec\fR .RS 4 -Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, -\fBdig\fR -makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.sp -\fB+dnssec\fR -is also set when +trace is set to better emulate the default queries from a nameserver. +Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. .RE .PP -\fB+[no]cmd\fR +\fB+domain=somename\fR .RS 4 -Toggles the printing of the initial comment in the output identifying the version of -\fBdig\fR -and the query options that have been applied. This comment is printed by default. +Set the search list to contain the single domain +\fIsomename\fR, as if specified in a +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR, and enable search list processing as if the +\fI+search\fR +option were given. .RE .PP -\fB+[no]short\fR +\fB+[no]edns[=#]\fR .RS 4 -Provide a terse answer. The default is to print the answer in a verbose form. +Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. +\fB+noedns\fR +clears the remembered EDNS version. EDNS is set to 0 by default. +.RE +.PP +\fB+[no]fail\fR +.RS 4 +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. .RE .PP \fB+[no]identify\fR @@ -365,149 +358,168 @@ Show [or do not show] the IP address and port number that supplied the answer wh option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. .RE .PP -\fB+[no]comments\fR +\fB+[no]ignore\fR .RS 4 -Toggle the display of comment lines in the output. The default is to print comments. +Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. .RE .PP -\fB+[no]rrcomments\fR +\fB+[no]keepopen\fR .RS 4 -Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active. +Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is +\fB+nokeepopen\fR. .RE .PP -\fB+split=W\fR +\fB+[no]multiline\fR .RS 4 -Split long hex\- or base64\-formatted fields in resource records into chunks of -\fIW\fR -characters (where -\fIW\fR -is rounded up to the nearest multiple of 4). -\fI+nosplit\fR -or -\fI+split=0\fR -causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active. +Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the +\fBdig\fR +output. .RE .PP -\fB+[no]stats\fR +\fB+ndots=D\fR .RS 4 -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. +Set the number of dots that have to appear in +\fIname\fR +to +\fID\fR +for it to be considered absolute. The default value is that defined using the ndots statement in +\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the +\fBsearch\fR +or +\fBdomain\fR +directive in +\fI/etc/resolv.conf\fR. .RE .PP -\fB+[no]qr\fR +\fB+[no]nsid\fR .RS 4 -Print [do not print] the query as it is sent. By default, the query is not printed. +Include an EDNS name server ID request when sending a query. .RE .PP -\fB+[no]question\fR +\fB+[no]nssearch\fR .RS 4 -Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. +When this option is set, +\fBdig\fR +attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. .RE .PP -\fB+[no]answer\fR +\fB+[no]onesoa\fR .RS 4 -Display [do not display] the answer section of a reply. The default is to display it. +Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records. .RE .PP -\fB+[no]authority\fR +\fB+[no]qr\fR .RS 4 -Display [do not display] the authority section of a reply. The default is to display it. +Print [do not print] the query as it is sent. By default, the query is not printed. .RE .PP -\fB+[no]additional\fR +\fB+[no]question\fR .RS 4 -Display [do not display] the additional section of a reply. The default is to display it. +Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. .RE .PP -\fB+[no]all\fR +\fB+[no]recurse\fR .RS 4 -Set or clear all display flags. +Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means +\fBdig\fR +normally sends recursive queries. Recursion is automatically disabled when the +\fI+nssearch\fR +or +\fI+trace\fR +query options are used. .RE .PP -\fB+time=T\fR +\fB+retry=T\fR .RS 4 -Sets the timeout for a query to -\fIT\fR -seconds. The default timeout is 5 seconds. An attempt to set +Sets the number of times to retry UDP queries to server to \fIT\fR -to less than 1 will result in a query timeout of 1 second being applied. +instead of the default, 2. Unlike +\fI+tries\fR, this does not include the initial query. .RE .PP -\fB+tries=T\fR +\fB+[no]rrcomments\fR .RS 4 -Sets the number of times to try UDP queries to server to -\fIT\fR -instead of the default, 3. If -\fIT\fR -is less than or equal to zero, the number of tries is silently rounded up to 1. +Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active. .RE .PP -\fB+retry=T\fR +\fB+[no]search\fR .RS 4 -Sets the number of times to retry UDP queries to server to -\fIT\fR -instead of the default, 2. Unlike -\fI+tries\fR, this does not include the initial query. +Use [do not use] the search list defined by the searchlist or domain directive in +\fIresolv.conf\fR +(if any). The search list is not used by default. .RE .PP -\fB+ndots=D\fR +\fB+[no]short\fR .RS 4 -Set the number of dots that have to appear in -\fIname\fR -to -\fID\fR -for it to be considered absolute. The default value is that defined using the ndots statement in -\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the -\fBsearch\fR -or -\fBdomain\fR -directive in -\fI/etc/resolv.conf\fR. +Provide a terse answer. The default is to print the answer in a verbose form. .RE .PP -\fB+bufsize=B\fR +\fB+[no]showsearch\fR .RS 4 -Set the UDP message buffer size advertised using EDNS0 to -\fIB\fR -bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent. +Perform [do not perform] a search showing intermediate results. .RE .PP -\fB+edns=#\fR +\fB+[no]sigchase\fR .RS 4 -Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent. -\fB+noedns\fR -clears the remembered EDNS version. EDNS is set to 0 by default. +Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. .RE .PP -\fB+[no]multiline\fR +\fB+split=W\fR .RS 4 -Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the -\fBdig\fR -output. +Split long hex\- or base64\-formatted fields in resource records into chunks of +\fIW\fR +characters (where +\fIW\fR +is rounded up to the nearest multiple of 4). +\fI+nosplit\fR +or +\fI+split=0\fR +causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active. .RE .PP -\fB+[no]onesoa\fR +\fB+[no]stats\fR .RS 4 -Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records. +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. .RE .PP -\fB+[no]fail\fR +\fB+[no]tcp\fR .RS 4 -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an +ixfr=N +query is requested, in which case the default is TCP. AXFR queries always use TCP. .RE .PP -\fB+[no]besteffort\fR +\fB+time=T\fR .RS 4 -Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. +Sets the timeout for a query to +\fIT\fR +seconds. The default timeout is 5 seconds. An attempt to set +\fIT\fR +to less than 1 will result in a query timeout of 1 second being applied. .RE .PP -\fB+[no]dnssec\fR +\fB+[no]topdown\fR .RS 4 -Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. +When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. .RE .PP -\fB+[no]sigchase\fR +\fB+[no]trace\fR .RS 4 -Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. +Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, +\fBdig\fR +makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. +.sp +\fB+dnssec\fR +is also set when +trace is set to better emulate the default queries from a nameserver. +.RE +.PP +\fB+tries=T\fR +.RS 4 +Sets the number of times to try UDP queries to server to +\fIT\fR +instead of the default, 3. If +\fIT\fR +is less than or equal to zero, the number of tries is silently rounded up to 1. .RE .PP \fB+trusted\-key=####\fR @@ -526,20 +538,16 @@ in the current directory. Requires dig be compiled with \-DDIG_SIGCHASE. .RE .PP -\fB+[no]topdown\fR -.RS 4 -When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. -.RE -.PP -\fB+[no]nsid\fR +\fB+[no]ttlid\fR .RS 4 -Include an EDNS name server ID request when sending a query. +Display [do not display] the TTL when printing the record. .RE .PP -\fB+[no]keepopen\fR +\fB+[no]vc\fR .RS 4 -Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is -\fB+nokeepopen\fR. +Use [do not use] TCP when querying name servers. This alternate syntax to +\fI+[no]tcp\fR +is provided for backwards compatibility. The "vc" stands for "virtual circuit". .RE .SH "MULTIPLE QUERIES" .PP @@ -603,7 +611,7 @@ RFC1035. .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004\-2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index c7a50b5af2fc3..07d8b0b7e14ad 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -243,7 +243,6 @@ help(void) { void received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { isc_uint64_t diff; - isc_time_t now; time_t tnow; struct tm tmnow; char time_str[100]; @@ -251,10 +250,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { isc_sockaddr_format(from, fromtext, sizeof(fromtext)); - TIME_NOW(&now); - if (query->lookup->stats && !short_form) { - diff = isc_time_microdiff(&now, &query->time_sent); + diff = isc_time_microdiff(&query->time_recv, &query->time_sent); printf(";; Query time: %ld msec\n", (long int)diff/1000); printf(";; SERVER: %s(%s)\n", fromtext, query->servname); time(&tnow); @@ -280,7 +277,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) { } puts(""); } else if (query->lookup->identify && !short_form) { - diff = isc_time_microdiff(&now, &query->time_sent); + diff = isc_time_microdiff(&query->time_recv, &query->time_sent); printf(";; Received %" ISC_PRINT_QUADFORMAT "u bytes " "from %s(%s) in %d ms\n\n", query->lookup->doing_xfr ? @@ -308,7 +305,6 @@ static isc_result_t say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) { isc_result_t result; isc_uint64_t diff; - isc_time_t now; char store[sizeof("12345678901234567890")]; if (query->lookup->trace || query->lookup->ns_search_only) { @@ -322,8 +318,7 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) { return (result); check_result(result, "dns_rdata_totext"); if (query->lookup->identify) { - TIME_NOW(&now); - diff = isc_time_microdiff(&now, &query->time_sent); + diff = isc_time_microdiff(&query->time_recv, &query->time_sent); ADD_STRING(buf, " from server "); ADD_STRING(buf, query->servname); snprintf(store, 19, " in %d ms.", (int)diff/1000); @@ -1092,7 +1087,7 @@ plus_option(char *option, isc_boolean_t is_batchfile, if (splitwidth) splitwidth += 3; if (result != ISC_R_SUCCESS) - fatal("Couldn't parse retries"); + fatal("Couldn't parse split"); break; case 't': /* stats */ FULLCHECK("stats"); @@ -1106,8 +1101,10 @@ plus_option(char *option, isc_boolean_t is_batchfile, switch (cmd[1]) { case 'c': /* tcp */ FULLCHECK("tcp"); - if (!is_batchfile) + if (!is_batchfile) { lookup->tcp_mode = state; + lookup->tcp_mode_set = ISC_TRUE; + } break; case 'i': /* timeout */ FULLCHECK("timeout"); @@ -1187,8 +1184,10 @@ plus_option(char *option, isc_boolean_t is_batchfile, break; case 'v': FULLCHECK("vc"); - if (!is_batchfile) + if (!is_batchfile) { lookup->tcp_mode = state; + lookup->tcp_mode_set = ISC_TRUE; + } break; default: invalid_option: @@ -1403,10 +1402,12 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, (*lookup)->ixfr_serial = serial; (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; - (*lookup)->tcp_mode = ISC_TRUE; + if (!(*lookup)->tcp_mode_set) + (*lookup)->tcp_mode = ISC_TRUE; } else { (*lookup)->rdtype = rdtype; - (*lookup)->rdtypeset = ISC_TRUE; + if (!config_only) + (*lookup)->rdtypeset = ISC_TRUE; if (rdtype == dns_rdatatype_axfr) { (*lookup)->section_question = plusquest; (*lookup)->comments = pluscomm; @@ -1448,6 +1449,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { strncpy((*lookup)->textname, textname, sizeof((*lookup)->textname)); + (*lookup)->textname[sizeof((*lookup)->textname)-1] = 0; debug("looking up %s", (*lookup)->textname); (*lookup)->trace_root = ISC_TF((*lookup)->trace || (*lookup)->ns_search_only); @@ -1511,7 +1513,8 @@ preparse_args(int argc, char **argv) { static void parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, - int argc, char **argv) { + int argc, char **argv) +{ isc_result_t result; isc_textregion_t tr; isc_boolean_t firstarg = ISC_TRUE; @@ -1604,8 +1607,25 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, debug("main parsing %s", rv[0]); if (strncmp(rv[0], "%", 1) == 0) break; - if (strncmp(rv[0], "@", 1) == 0) { - addresscount = getaddresses(lookup, &rv[0][1], NULL); + if (rv[0][0] == '@') { + + if (is_batchfile && !config_only) { + addresscount = getaddresses(lookup, &rv[0][1], + &result); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "couldn't get address " + "for '%s': %s: skipping " + "lookup\n", &rv[0][1], + isc_result_totext(result)); + if (ISC_LINK_LINKED(lookup, link)) + ISC_LIST_DEQUEUE(lookup_list, + lookup, link); + destroy_lookup(lookup); + return; + } + } else + addresscount = getaddresses(lookup, &rv[0][1], + NULL); } else if (rv[0][0] == '+') { plus_option(&rv[0][1], is_batchfile, lookup); @@ -1669,7 +1689,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, lookup->section_question = plusquest; lookup->comments = pluscomm; - lookup->tcp_mode = ISC_TRUE; + if (!lookup->tcp_mode_set) + lookup->tcp_mode = ISC_TRUE; } else { lookup->rdtype = rdtype; lookup->rdtypeset = ISC_TRUE; diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 7a01ec064d159..89d766b541cbc 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -1,8 +1,8 @@ <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,11 +18,10 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ --> <refentry id="man.dig"> <refentryinfo> - <date>June 30, 2000</date> + <date>February 12, 2014</date> </refentryinfo> <refmeta> @@ -47,6 +46,7 @@ <year>2010</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -70,6 +70,7 @@ <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg> <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> + <arg><option>-v</option></arg> <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg> <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg> <arg><option>-4</option></arg> @@ -138,7 +139,7 @@ <para> The IN and CH class names overlap with the IN and CH top level - domains names. Either use the <option>-t</option> and + domain names. Either use the <option>-t</option> and <option>-c</option> options to specify the type and class, use the <option>-q</option> the specify the domain name, or use "IN." and "CH." when looking up these top level domains. @@ -156,56 +157,56 @@ <variablelist> - <varlistentry> - <term><constant>server</constant></term> - <listitem> - <para> - is the name or IP address of the name server to query. This - can be an IPv4 address in dotted-decimal notation or an IPv6 - address in colon-delimited notation. When the supplied - <parameter>server</parameter> argument is a hostname, - <command>dig</command> resolves that name before querying - that name server. - </para> - <para> - If no <parameter>server</parameter> argument is - provided, <command>dig</command> consults - <filename>/etc/resolv.conf</filename>; if an - address is found there, it queries the name server at - that address. If either of the <option>-4</option> or - <option>-6</option> options are in use, then - only addresses for the corresponding transport - will be tried. If no usable addresses are found, - <command>dig</command> will send the query to the - local host. The reply from the name server that - responds is displayed. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><constant>name</constant></term> - <listitem> - <para> - is the name of the resource record that is to be looked up. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><constant>type</constant></term> - <listitem> - <para> - indicates what type of query is required — - ANY, A, MX, SIG, etc. - <parameter>type</parameter> can be any valid query - type. If no - <parameter>type</parameter> argument is supplied, - <command>dig</command> will perform a lookup for an - A record. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><constant>server</constant></term> + <listitem> + <para> + is the name or IP address of the name server to query. This + can be an IPv4 address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + <parameter>server</parameter> argument is a hostname, + <command>dig</command> resolves that name before querying + that name server. + </para> + <para> + If no <parameter>server</parameter> argument is + provided, <command>dig</command> consults + <filename>/etc/resolv.conf</filename>; if an + address is found there, it queries the name server at + that address. If either of the <option>-4</option> or + <option>-6</option> options are in use, then + only addresses for the corresponding transport + will be tried. If no usable addresses are found, + <command>dig</command> will send the query to the + local host. The reply from the name server that + responds is displayed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><constant>name</constant></term> + <listitem> + <para> + is the name of the resource record that is to be looked up. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><constant>type</constant></term> + <listitem> + <para> + indicates what type of query is required — + ANY, A, MX, SIG, etc. + <parameter>type</parameter> can be any valid query + type. If no + <parameter>type</parameter> argument is supplied, + <command>dig</command> will perform a lookup for an + A record. + </para> + </listitem> + </varlistentry> </variablelist> </para> @@ -245,7 +246,7 @@ <para> The <option>-m</option> option enables memory usage debugging. <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD - documented in include/isc/mem.h --> + documented in include/isc/mem.h --> </para> <para> @@ -281,11 +282,16 @@ <para> The <option>-q</option> option sets the query name to - <parameter>name</parameter>. This useful do distinguish the + <parameter>name</parameter>. This is useful to distinguish the <parameter>name</parameter> from other arguments. </para> <para> + The <option>-v</option> causes <command>dig</command> to + print the version number and exit. + </para> + + <para> Reverse lookups — mapping addresses to names — are simplified by the <option>-x</option> option. <parameter>addr</parameter> is an IPv4 @@ -315,13 +321,13 @@ base-64 encoded string, typically generated by <citerefentry> - <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> </citerefentry>. Caution should be taken when using the <option>-y</option> option on multi-user systems as the key can be visible in the output from <citerefentry> - <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> + <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum> </citerefentry> or in the shell's history file. When using TSIG authentication with <command>dig</command>, the name @@ -356,109 +362,36 @@ <variablelist> - <varlistentry> - <term><option>+[no]tcp</option></term> - <listitem> - <para> - Use [do not use] TCP when querying name servers. The default - behavior is to use UDP unless an AXFR or IXFR query is - requested, in - which case a TCP connection is used. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]vc</option></term> - <listitem> - <para> - Use [do not use] TCP when querying name servers. This alternate - syntax to <parameter>+[no]tcp</parameter> is - provided for backwards - compatibility. The "vc" stands for "virtual circuit". - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]ignore</option></term> - <listitem> - <para> - Ignore truncation in UDP responses instead of retrying with TCP. - By - default, TCP retries are performed. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+domain=somename</option></term> - <listitem> - <para> - Set the search list to contain the single domain - <parameter>somename</parameter>, as if specified in - a - <command>domain</command> directive in - <filename>/etc/resolv.conf</filename>, and enable - search list - processing as if the <parameter>+search</parameter> - option were given. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]search</option></term> - <listitem> - <para> - Use [do not use] the search list defined by the searchlist or - domain - directive in <filename>resolv.conf</filename> (if - any). - The search list is not used by default. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]showsearch</option></term> - <listitem> - <para> - Perform [do not perform] a search showing intermediate - results. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]defname</option></term> - <listitem> - <para> - Deprecated, treated as a synonym for <parameter>+[no]search</parameter> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]aaonly</option></term> - <listitem> - <para> - Sets the "aa" flag in the query. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]aaflag</option></term> - <listitem> - <para> - A synonym for <parameter>+[no]aaonly</parameter>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]adflag</option></term> + <varlistentry> + <term><option>+[no]aaflag</option></term> + <listitem> + <para> + A synonym for <parameter>+[no]aaonly</parameter>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]aaonly</option></term> + <listitem> + <para> + Sets the "aa" flag in the query. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]additional</option></term> + <listitem> + <para> + Display [do not display] the additional section of a + reply. The default is to display it. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]adflag</option></term> <listitem> <para> Set [do not set] the AD (authentic data) bit in the @@ -474,38 +407,285 @@ </listitem> </varlistentry> - <varlistentry> - <term><option>+[no]cdflag</option></term> - <listitem> - <para> - Set [do not set] the CD (checking disabled) bit in the query. - This - requests the server to not perform DNSSEC validation of - responses. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><option>+[no]all</option></term> + <listitem> + <para> + Set or clear all display flags. + </para> + </listitem> + </varlistentry> - <varlistentry> - <term><option>+[no]cl</option></term> - <listitem> - <para> - Display [do not display] the CLASS when printing the record. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><option>+[no]answer</option></term> + <listitem> + <para> + Display [do not display] the answer section of a + reply. The default is to display it. + </para> + </listitem> + </varlistentry> - <varlistentry> - <term><option>+[no]ttlid</option></term> - <listitem> - <para> - Display [do not display] the TTL when printing the record. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><option>+[no]authority</option></term> + <listitem> + <para> + Display [do not display] the authority section of a + reply. The default is to display it. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]besteffort</option></term> + <listitem> + <para> + Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. + </para> + </listitem> + </varlistentry> - <varlistentry> - <term><option>+[no]recurse</option></term> + <varlistentry> + <term><option>+bufsize=B</option></term> + <listitem> + <para> + Set the UDP message buffer size advertised using EDNS0 + to <parameter>B</parameter> bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]cdflag</option></term> + <listitem> + <para> + Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]cl</option></term> + <listitem> + <para> + Display [do not display] the CLASS when printing the + record. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]cmd</option></term> + <listitem> + <para> + Toggles the printing of the initial comment in the + output identifying the version of <command>dig</command> + and the query options that have been applied. This + comment is printed by default. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]comments</option></term> + <listitem> + <para> + Toggle the display of comment lines in the output. + The default is to print comments. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]defname</option></term> + <listitem> + <para> + Deprecated, treated as a synonym for + <parameter>+[no]search</parameter> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]dnssec</option></term> + <listitem> + <para> + Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+domain=somename</option></term> + <listitem> + <para> + Set the search list to contain the single domain + <parameter>somename</parameter>, as if specified in + a <command>domain</command> directive in + <filename>/etc/resolv.conf</filename>, and enable + search list processing as if the + <parameter>+search</parameter> option were given. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]edns[=#]</option></term> + <listitem> + <para> + Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. <option>+noedns</option> + clears the remembered EDNS version. EDNS is set to + 0 by default. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]fail</option></term> + <listitem> + <para> + Do not try the next server if you receive a SERVFAIL. + The default is to not try the next server which is + the reverse of normal stub resolver behavior. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]identify</option></term> + <listitem> + <para> + Show [or do not show] the IP address and port number + that supplied the answer when the + <parameter>+short</parameter> option is enabled. If + short form answers are requested, the default is not + to show the source address and port number of the + server that provided the answer. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]ignore</option></term> + <listitem> + <para> + Ignore truncation in UDP responses instead of retrying + with TCP. By default, TCP retries are performed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]keepopen</option></term> + <listitem> + <para> + Keep the TCP socket open between queries and reuse + it rather than creating a new TCP socket for each + lookup. The default is <option>+nokeepopen</option>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]multiline</option></term> + <listitem> + <para> + Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the <command>dig</command> + output. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+ndots=D</option></term> + <listitem> + <para> + Set the number of dots that have to appear in + <parameter>name</parameter> to <parameter>D</parameter> + for it to be considered absolute. The default value + is that defined using the ndots statement in + <filename>/etc/resolv.conf</filename>, or 1 if no + ndots statement is present. Names with fewer dots + are interpreted as relative names and will be searched + for in the domains listed in the <option>search</option> + or <option>domain</option> directive in + <filename>/etc/resolv.conf</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]nsid</option></term> + <listitem> + <para> + Include an EDNS name server ID request when sending + a query. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]nssearch</option></term> + <listitem> + <para> + When this option is set, <command>dig</command> + attempts to find the authoritative name servers for + the zone containing the name being looked up and + display the SOA record that each name server has for + the zone. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]onesoa</option></term> + <listitem> + <para> + Print only one (starting) SOA record when performing + an AXFR. The default is to print both the starting + and ending SOA records. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]qr</option></term> + <listitem> + <para> + Print [do not print] the query as it is sent. By + default, the query is not printed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]question</option></term> + <listitem> + <para> + Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]recurse</option></term> <listitem> <para> Toggle the setting of the RD (recursion desired) bit @@ -518,24 +698,141 @@ </listitem> </varlistentry> - <varlistentry> - <term><option>+[no]nssearch</option></term> - <listitem> - <para> - When this option is set, <command>dig</command> - attempts to find the - authoritative name servers for the zone containing the name - being - looked up and display the SOA record that each name server has - for the - zone. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><option>+retry=T</option></term> + <listitem> + <para> + Sets the number of times to retry UDP queries to + server to <parameter>T</parameter> instead of the + default, 2. Unlike <parameter>+tries</parameter>, + this does not include the initial query. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]rrcomments</option></term> + <listitem> + <para> + Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]search</option></term> + <listitem> + <para> + Use [do not use] the search list defined by the + searchlist or domain directive in + <filename>resolv.conf</filename> (if any). The search + list is not used by default. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]short</option></term> + <listitem> + <para> + Provide a terse answer. The default is to print the + answer in a verbose form. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]showsearch</option></term> + <listitem> + <para> + Perform [do not perform] a search showing intermediate + results. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]sigchase</option></term> + <listitem> + <para> + Chase DNSSEC signature chains. Requires dig be + compiled with -DDIG_SIGCHASE. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+split=W</option></term> + <listitem> + <para> + Split long hex- or base64-formatted fields in resource + records into chunks of <parameter>W</parameter> + characters (where <parameter>W</parameter> is rounded + up to the nearest multiple of 4). + <parameter>+nosplit</parameter> or + <parameter>+split=0</parameter> causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]stats</option></term> + <listitem> + <para> + This query option toggles the printing of statistics: + when the query was made, the size of the reply and + so on. The default behavior is to print the query + statistics. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]tcp</option></term> + <listitem> + <para> + Use [do not use] TCP when querying name servers. The + default behavior is to use UDP unless an + <literal>ixfr=N</literal> query is requested, in which + case the default is TCP. AXFR queries always use + TCP. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+time=T</option></term> + <listitem> + <para> + + Sets the timeout for a query to + <parameter>T</parameter> seconds. The default + timeout is 5 seconds. + An attempt to set <parameter>T</parameter> to less + than 1 will result + in a query timeout of 1 second being applied. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+[no]topdown</option></term> + <listitem> + <para> + When chasing DNSSEC signature chains perform a top-down + validation. Requires dig be compiled with -DDIG_SIGCHASE. + </para> + </listitem> + </varlistentry> - <varlistentry> - <term><option>+[no]trace</option></term> - <listitem> + <varlistentry> + <term><option>+[no]trace</option></term> + <listitem> <para> Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing @@ -544,369 +841,66 @@ resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. + </para> <para> + <command>+dnssec</command> is also set when +trace + is set to better emulate the default queries from a + nameserver. </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+tries=T</option></term> + <listitem> <para> - <command>+dnssec</command> is also set when +trace is - set to better emulate the default queries from a nameserver. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]cmd</option></term> - <listitem> - <para> - Toggles the printing of the initial comment in the output - identifying - the version of <command>dig</command> and the query - options that have - been applied. This comment is printed by default. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]short</option></term> - <listitem> - <para> - Provide a terse answer. The default is to print the answer in a - verbose form. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]identify</option></term> - <listitem> - <para> - Show [or do not show] the IP address and port number that - supplied the - answer when the <parameter>+short</parameter> option - is enabled. If - short form answers are requested, the default is not to show the - source address and port number of the server that provided the - answer. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]comments</option></term> - <listitem> - <para> - Toggle the display of comment lines in the output. The default - is to print comments. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]rrcomments</option></term> - <listitem> - <para> - Toggle the display of per-record comments in the output (for - example, human-readable key information about DNSKEY records). - The default is not to print record comments unless multiline - mode is active. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+split=W</option></term> - <listitem> - <para> - Split long hex- or base64-formatted fields in resource - records into chunks of <parameter>W</parameter> characters - (where <parameter>W</parameter> is rounded up to the nearest - multiple of 4). - <parameter>+nosplit</parameter> or - <parameter>+split=0</parameter> causes fields not to be - split at all. The default is 56 characters, or 44 characters - when multiline mode is active. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]stats</option></term> - <listitem> - <para> - This query option toggles the printing of statistics: when the - query - was made, the size of the reply and so on. The default - behavior is - to print the query statistics. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]qr</option></term> - <listitem> - <para> - Print [do not print] the query as it is sent. - By default, the query is not printed. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]question</option></term> - <listitem> - <para> - Print [do not print] the question section of a query when an - answer is - returned. The default is to print the question section as a - comment. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]answer</option></term> - <listitem> - <para> - Display [do not display] the answer section of a reply. The - default - is to display it. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]authority</option></term> - <listitem> - <para> - Display [do not display] the authority section of a reply. The - default is to display it. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]additional</option></term> - <listitem> - <para> - Display [do not display] the additional section of a reply. - The default is to display it. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]all</option></term> - <listitem> - <para> - Set or clear all display flags. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+time=T</option></term> - <listitem> - <para> - - Sets the timeout for a query to - <parameter>T</parameter> seconds. The default - timeout is 5 seconds. - An attempt to set <parameter>T</parameter> to less - than 1 will result - in a query timeout of 1 second being applied. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+tries=T</option></term> - <listitem> - <para> - Sets the number of times to try UDP queries to server to - <parameter>T</parameter> instead of the default, 3. - If - <parameter>T</parameter> is less than or equal to - zero, the number of - tries is silently rounded up to 1. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+retry=T</option></term> - <listitem> - <para> - Sets the number of times to retry UDP queries to server to - <parameter>T</parameter> instead of the default, 2. - Unlike - <parameter>+tries</parameter>, this does not include - the initial - query. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+ndots=D</option></term> - <listitem> - <para> - Set the number of dots that have to appear in - <parameter>name</parameter> to <parameter>D</parameter> for it to be - considered absolute. The default value is that defined using - the - ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no - ndots statement is present. Names with fewer dots are - interpreted as - relative names and will be searched for in the domains listed in - the - <option>search</option> or <option>domain</option> directive in - <filename>/etc/resolv.conf</filename>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+bufsize=B</option></term> - <listitem> - <para> - Set the UDP message buffer size advertised using EDNS0 to - <parameter>B</parameter> bytes. The maximum and minimum sizes - of this buffer are 65535 and 0 respectively. Values outside - this range are rounded up or down appropriately. - Values other than zero will cause a EDNS query to be sent. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+edns=#</option></term> + Sets the number of times to try UDP queries to server + to <parameter>T</parameter> instead of the default, + 3. If <parameter>T</parameter> is less than or equal + to zero, the number of tries is silently rounded up + to 1. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>+trusted-key=####</option></term> <listitem> <para> - Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause - a EDNS query to be sent. <option>+noedns</option> - clears the remembered EDNS version. EDNS is set to - 0 by default. + Specifies a file containing trusted keys to be used + with <option>+sigchase</option>. Each DNSKEY record + must be on its own line. + </para> <para> + If not specified, <command>dig</command> will look + for <filename>/etc/trusted-key.key</filename> then + <filename>trusted-key.key</filename> in the current + directory. + </para> <para> + Requires dig be compiled with -DDIG_SIGCHASE. </para> </listitem> </varlistentry> - <varlistentry> - <term><option>+[no]multiline</option></term> - <listitem> - <para> - Print records like the SOA records in a verbose multi-line - format with human-readable comments. The default is to print - each record on a single line, to facilitate machine parsing - of the <command>dig</command> output. - </para> - </listitem> - </varlistentry> + <varlistentry> + <term><option>+[no]ttlid</option></term> + <listitem> + <para> + Display [do not display] the TTL when printing the + record. + </para> + </listitem> + </varlistentry> <varlistentry> - <term><option>+[no]onesoa</option></term> + <term><option>+[no]vc</option></term> <listitem> <para> - Print only one (starting) SOA record when performing - an AXFR. The default is to print both the starting and - ending SOA records. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]fail</option></term> - <listitem> - <para> - Do not try the next server if you receive a SERVFAIL. The - default is - to not try the next server which is the reverse of normal stub - resolver - behavior. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]besteffort</option></term> - <listitem> - <para> - Attempt to display the contents of messages which are malformed. - The default is to not display malformed answers. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]dnssec</option></term> - <listitem> - <para> - Requests DNSSEC records be sent by setting the DNSSEC OK bit - (DO) - in the OPT record in the additional section of the query. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]sigchase</option></term> - <listitem> - <para> - Chase DNSSEC signature chains. Requires dig be compiled with - -DDIG_SIGCHASE. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+trusted-key=####</option></term> - <listitem> - <para> - Specifies a file containing trusted keys to be used with - <option>+sigchase</option>. Each DNSKEY record must be - on its own line. - </para> - <para> - If not specified, <command>dig</command> will look for - <filename>/etc/trusted-key.key</filename> then - <filename>trusted-key.key</filename> in the current directory. - </para> - <para> - Requires dig be compiled with -DDIG_SIGCHASE. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]topdown</option></term> - <listitem> - <para> - When chasing DNSSEC signature chains perform a top-down - validation. - Requires dig be compiled with -DDIG_SIGCHASE. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]nsid</option></term> - <listitem> - <para> - Include an EDNS name server ID request when sending a query. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>+[no]keepopen</option></term> - <listitem> - <para> - Keep the TCP socket open between queries and reuse it rather - than creating a new TCP socket for each lookup. The default - is <option>+nokeepopen</option>. - </para> - </listitem> - </varlistentry> + Use [do not use] TCP when querying name servers. This + alternate syntax to <parameter>+[no]tcp</parameter> + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". + </para> + </listitem> + </varlistentry> </variablelist> @@ -988,13 +982,13 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr <refsect1> <title>SEE ALSO</title> <para><citerefentry> - <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> + <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> - <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> + <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citetitle>RFC1035</citetitle>. </para> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index f6d7f6f2420b8..829aa2c9ae893 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,12 +29,12 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> +<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div> <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543530"></a><h2>DESCRIPTION</h2> +<a name="id2543544"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -74,14 +74,14 @@ </p> <p> The IN and CH class names overlap with the IN and CH top level - domains names. Either use the <code class="option">-t</code> and + domain names. Either use the <code class="option">-t</code> and <code class="option">-c</code> options to specify the type and class, use the <code class="option">-q</code> the specify the domain name, or use "IN." and "CH." when looking up these top level domains. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543609"></a><h2>SIMPLE USAGE</h2> +<a name="id2543623"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -94,47 +94,47 @@ <dt><span class="term"><code class="constant">server</code></span></dt> <dd> <p> - is the name or IP address of the name server to query. This - can be an IPv4 address in dotted-decimal notation or an IPv6 - address in colon-delimited notation. When the supplied - <em class="parameter"><code>server</code></em> argument is a hostname, - <span><strong class="command">dig</strong></span> resolves that name before querying - that name server. - </p> -<p> - If no <em class="parameter"><code>server</code></em> argument is - provided, <span><strong class="command">dig</strong></span> consults - <code class="filename">/etc/resolv.conf</code>; if an - address is found there, it queries the name server at - that address. If either of the <code class="option">-4</code> or - <code class="option">-6</code> options are in use, then - only addresses for the corresponding transport - will be tried. If no usable addresses are found, - <span><strong class="command">dig</strong></span> will send the query to the - local host. The reply from the name server that - responds is displayed. - </p> + is the name or IP address of the name server to query. This + can be an IPv4 address in dotted-decimal notation or an IPv6 + address in colon-delimited notation. When the supplied + <em class="parameter"><code>server</code></em> argument is a hostname, + <span><strong class="command">dig</strong></span> resolves that name before querying + that name server. + </p> +<p> + If no <em class="parameter"><code>server</code></em> argument is + provided, <span><strong class="command">dig</strong></span> consults + <code class="filename">/etc/resolv.conf</code>; if an + address is found there, it queries the name server at + that address. If either of the <code class="option">-4</code> or + <code class="option">-6</code> options are in use, then + only addresses for the corresponding transport + will be tried. If no usable addresses are found, + <span><strong class="command">dig</strong></span> will send the query to the + local host. The reply from the name server that + responds is displayed. + </p> </dd> <dt><span class="term"><code class="constant">name</code></span></dt> <dd><p> - is the name of the resource record that is to be looked up. - </p></dd> + is the name of the resource record that is to be looked up. + </p></dd> <dt><span class="term"><code class="constant">type</code></span></dt> <dd><p> - indicates what type of query is required — - ANY, A, MX, SIG, etc. - <em class="parameter"><code>type</code></em> can be any valid query - type. If no - <em class="parameter"><code>type</code></em> argument is supplied, - <span><strong class="command">dig</strong></span> will perform a lookup for an - A record. - </p></dd> + indicates what type of query is required — + ANY, A, MX, SIG, etc. + <em class="parameter"><code>type</code></em> can be any valid query + type. If no + <em class="parameter"><code>type</code></em> argument is supplied, + <span><strong class="command">dig</strong></span> will perform a lookup for an + A record. + </p></dd> </dl></div> <p> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543713"></a><h2>OPTIONS</h2> +<a name="id2543726"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid @@ -193,10 +193,14 @@ </p> <p> The <code class="option">-q</code> option sets the query name to - <em class="parameter"><code>name</code></em>. This useful do distinguish the + <em class="parameter"><code>name</code></em>. This is useful to distinguish the <em class="parameter"><code>name</code></em> from other arguments. </p> <p> + The <code class="option">-v</code> causes <span><strong class="command">dig</strong></span> to + print the version number and exit. + </p> +<p> Reverse lookups — mapping addresses to names — are simplified by the <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4 @@ -238,7 +242,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544061"></a><h2>QUERY OPTIONS</h2> +<a name="id2544018"></a><h2>QUERY OPTIONS</h2> <p><span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -258,62 +262,19 @@ </p> <div class="variablelist"><dl> -<dt><span class="term"><code class="option">+[no]tcp</code></span></dt> -<dd><p> - Use [do not use] TCP when querying name servers. The default - behavior is to use UDP unless an AXFR or IXFR query is - requested, in - which case a TCP connection is used. - </p></dd> -<dt><span class="term"><code class="option">+[no]vc</code></span></dt> -<dd><p> - Use [do not use] TCP when querying name servers. This alternate - syntax to <em class="parameter"><code>+[no]tcp</code></em> is - provided for backwards - compatibility. The "vc" stands for "virtual circuit". - </p></dd> -<dt><span class="term"><code class="option">+[no]ignore</code></span></dt> -<dd><p> - Ignore truncation in UDP responses instead of retrying with TCP. - By - default, TCP retries are performed. - </p></dd> -<dt><span class="term"><code class="option">+domain=somename</code></span></dt> -<dd><p> - Set the search list to contain the single domain - <em class="parameter"><code>somename</code></em>, as if specified in - a - <span><strong class="command">domain</strong></span> directive in - <code class="filename">/etc/resolv.conf</code>, and enable - search list - processing as if the <em class="parameter"><code>+search</code></em> - option were given. - </p></dd> -<dt><span class="term"><code class="option">+[no]search</code></span></dt> -<dd><p> - Use [do not use] the search list defined by the searchlist or - domain - directive in <code class="filename">resolv.conf</code> (if - any). - The search list is not used by default. - </p></dd> -<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt> -<dd><p> - Perform [do not perform] a search showing intermediate - results. - </p></dd> -<dt><span class="term"><code class="option">+[no]defname</code></span></dt> +<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt> <dd><p> - Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em> - </p></dd> + A synonym for <em class="parameter"><code>+[no]aaonly</code></em>. + </p></dd> <dt><span class="term"><code class="option">+[no]aaonly</code></span></dt> <dd><p> - Sets the "aa" flag in the query. - </p></dd> -<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt> + Sets the "aa" flag in the query. + </p></dd> +<dt><span class="term"><code class="option">+[no]additional</code></span></dt> <dd><p> - A synonym for <em class="parameter"><code>+[no]aaonly</code></em>. - </p></dd> + Display [do not display] the additional section of a + reply. The default is to display it. + </p></dd> <dt><span class="term"><code class="option">+[no]adflag</code></span></dt> <dd><p> Set [do not set] the AD (authentic data) bit in the @@ -326,276 +287,310 @@ of the answer was insecure or not validated. This bit is set by default. </p></dd> +<dt><span class="term"><code class="option">+[no]all</code></span></dt> +<dd><p> + Set or clear all display flags. + </p></dd> +<dt><span class="term"><code class="option">+[no]answer</code></span></dt> +<dd><p> + Display [do not display] the answer section of a + reply. The default is to display it. + </p></dd> +<dt><span class="term"><code class="option">+[no]authority</code></span></dt> +<dd><p> + Display [do not display] the authority section of a + reply. The default is to display it. + </p></dd> +<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt> +<dd><p> + Attempt to display the contents of messages which are + malformed. The default is to not display malformed + answers. + </p></dd> +<dt><span class="term"><code class="option">+bufsize=B</code></span></dt> +<dd><p> + Set the UDP message buffer size advertised using EDNS0 + to <em class="parameter"><code>B</code></em> bytes. The maximum and + minimum sizes of this buffer are 65535 and 0 respectively. + Values outside this range are rounded up or down + appropriately. Values other than zero will cause a + EDNS query to be sent. + </p></dd> <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt> <dd><p> - Set [do not set] the CD (checking disabled) bit in the query. - This - requests the server to not perform DNSSEC validation of - responses. - </p></dd> + Set [do not set] the CD (checking disabled) bit in + the query. This requests the server to not perform + DNSSEC validation of responses. + </p></dd> <dt><span class="term"><code class="option">+[no]cl</code></span></dt> <dd><p> - Display [do not display] the CLASS when printing the record. - </p></dd> -<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt> + Display [do not display] the CLASS when printing the + record. + </p></dd> +<dt><span class="term"><code class="option">+[no]cmd</code></span></dt> <dd><p> - Display [do not display] the TTL when printing the record. - </p></dd> -<dt><span class="term"><code class="option">+[no]recurse</code></span></dt> + Toggles the printing of the initial comment in the + output identifying the version of <span><strong class="command">dig</strong></span> + and the query options that have been applied. This + comment is printed by default. + </p></dd> +<dt><span class="term"><code class="option">+[no]comments</code></span></dt> <dd><p> - Toggle the setting of the RD (recursion desired) bit - in the query. This bit is set by default, which means - <span><strong class="command">dig</strong></span> normally sends recursive - queries. Recursion is automatically disabled when - the <em class="parameter"><code>+nssearch</code></em> or - <em class="parameter"><code>+trace</code></em> query options are used. + Toggle the display of comment lines in the output. + The default is to print comments. </p></dd> -<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt> +<dt><span class="term"><code class="option">+[no]defname</code></span></dt> <dd><p> - When this option is set, <span><strong class="command">dig</strong></span> - attempts to find the - authoritative name servers for the zone containing the name - being - looked up and display the SOA record that each name server has - for the - zone. - </p></dd> -<dt><span class="term"><code class="option">+[no]trace</code></span></dt> -<dd> -<p> - Toggle tracing of the delegation path from the root - name servers for the name being looked up. Tracing - is disabled by default. When tracing is enabled, - <span><strong class="command">dig</strong></span> makes iterative queries to - resolve the name being looked up. It will follow - referrals from the root servers, showing the answer - from each server that was used to resolve the lookup. - </p> -<p> - <span><strong class="command">+dnssec</strong></span> is also set when +trace is - set to better emulate the default queries from a nameserver. - </p> -</dd> -<dt><span class="term"><code class="option">+[no]cmd</code></span></dt> + Deprecated, treated as a synonym for + <em class="parameter"><code>+[no]search</code></em> + </p></dd> +<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt> <dd><p> - Toggles the printing of the initial comment in the output - identifying - the version of <span><strong class="command">dig</strong></span> and the query - options that have - been applied. This comment is printed by default. - </p></dd> -<dt><span class="term"><code class="option">+[no]short</code></span></dt> + Requests DNSSEC records be sent by setting the DNSSEC + OK bit (DO) in the OPT record in the additional section + of the query. + </p></dd> +<dt><span class="term"><code class="option">+domain=somename</code></span></dt> <dd><p> - Provide a terse answer. The default is to print the answer in a - verbose form. - </p></dd> -<dt><span class="term"><code class="option">+[no]identify</code></span></dt> + Set the search list to contain the single domain + <em class="parameter"><code>somename</code></em>, as if specified in + a <span><strong class="command">domain</strong></span> directive in + <code class="filename">/etc/resolv.conf</code>, and enable + search list processing as if the + <em class="parameter"><code>+search</code></em> option were given. + </p></dd> +<dt><span class="term"><code class="option">+[no]edns[=#]</code></span></dt> <dd><p> - Show [or do not show] the IP address and port number that - supplied the - answer when the <em class="parameter"><code>+short</code></em> option - is enabled. If - short form answers are requested, the default is not to show the - source address and port number of the server that provided the - answer. - </p></dd> -<dt><span class="term"><code class="option">+[no]comments</code></span></dt> + Specify the EDNS version to query with. Valid values + are 0 to 255. Setting the EDNS version will cause + a EDNS query to be sent. <code class="option">+noedns</code> + clears the remembered EDNS version. EDNS is set to + 0 by default. + </p></dd> +<dt><span class="term"><code class="option">+[no]fail</code></span></dt> <dd><p> - Toggle the display of comment lines in the output. The default - is to print comments. - </p></dd> -<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt> + Do not try the next server if you receive a SERVFAIL. + The default is to not try the next server which is + the reverse of normal stub resolver behavior. + </p></dd> +<dt><span class="term"><code class="option">+[no]identify</code></span></dt> <dd><p> - Toggle the display of per-record comments in the output (for - example, human-readable key information about DNSKEY records). - The default is not to print record comments unless multiline - mode is active. - </p></dd> -<dt><span class="term"><code class="option">+split=W</code></span></dt> + Show [or do not show] the IP address and port number + that supplied the answer when the + <em class="parameter"><code>+short</code></em> option is enabled. If + short form answers are requested, the default is not + to show the source address and port number of the + server that provided the answer. + </p></dd> +<dt><span class="term"><code class="option">+[no]ignore</code></span></dt> <dd><p> - Split long hex- or base64-formatted fields in resource - records into chunks of <em class="parameter"><code>W</code></em> characters - (where <em class="parameter"><code>W</code></em> is rounded up to the nearest - multiple of 4). - <em class="parameter"><code>+nosplit</code></em> or - <em class="parameter"><code>+split=0</code></em> causes fields not to be - split at all. The default is 56 characters, or 44 characters - when multiline mode is active. - </p></dd> -<dt><span class="term"><code class="option">+[no]stats</code></span></dt> + Ignore truncation in UDP responses instead of retrying + with TCP. By default, TCP retries are performed. + </p></dd> +<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt> <dd><p> - This query option toggles the printing of statistics: when the - query - was made, the size of the reply and so on. The default - behavior is - to print the query statistics. - </p></dd> -<dt><span class="term"><code class="option">+[no]qr</code></span></dt> + Keep the TCP socket open between queries and reuse + it rather than creating a new TCP socket for each + lookup. The default is <code class="option">+nokeepopen</code>. + </p></dd> +<dt><span class="term"><code class="option">+[no]multiline</code></span></dt> <dd><p> - Print [do not print] the query as it is sent. - By default, the query is not printed. - </p></dd> -<dt><span class="term"><code class="option">+[no]question</code></span></dt> + Print records like the SOA records in a verbose + multi-line format with human-readable comments. The + default is to print each record on a single line, to + facilitate machine parsing of the <span><strong class="command">dig</strong></span> + output. + </p></dd> +<dt><span class="term"><code class="option">+ndots=D</code></span></dt> <dd><p> - Print [do not print] the question section of a query when an - answer is - returned. The default is to print the question section as a - comment. - </p></dd> -<dt><span class="term"><code class="option">+[no]answer</code></span></dt> + Set the number of dots that have to appear in + <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> + for it to be considered absolute. The default value + is that defined using the ndots statement in + <code class="filename">/etc/resolv.conf</code>, or 1 if no + ndots statement is present. Names with fewer dots + are interpreted as relative names and will be searched + for in the domains listed in the <code class="option">search</code> + or <code class="option">domain</code> directive in + <code class="filename">/etc/resolv.conf</code>. + </p></dd> +<dt><span class="term"><code class="option">+[no]nsid</code></span></dt> <dd><p> - Display [do not display] the answer section of a reply. The - default - is to display it. - </p></dd> -<dt><span class="term"><code class="option">+[no]authority</code></span></dt> + Include an EDNS name server ID request when sending + a query. + </p></dd> +<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt> <dd><p> - Display [do not display] the authority section of a reply. The - default is to display it. - </p></dd> -<dt><span class="term"><code class="option">+[no]additional</code></span></dt> + When this option is set, <span><strong class="command">dig</strong></span> + attempts to find the authoritative name servers for + the zone containing the name being looked up and + display the SOA record that each name server has for + the zone. + </p></dd> +<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt> <dd><p> - Display [do not display] the additional section of a reply. - The default is to display it. - </p></dd> -<dt><span class="term"><code class="option">+[no]all</code></span></dt> + Print only one (starting) SOA record when performing + an AXFR. The default is to print both the starting + and ending SOA records. + </p></dd> +<dt><span class="term"><code class="option">+[no]qr</code></span></dt> <dd><p> - Set or clear all display flags. - </p></dd> -<dt><span class="term"><code class="option">+time=T</code></span></dt> + Print [do not print] the query as it is sent. By + default, the query is not printed. + </p></dd> +<dt><span class="term"><code class="option">+[no]question</code></span></dt> <dd><p> - - Sets the timeout for a query to - <em class="parameter"><code>T</code></em> seconds. The default - timeout is 5 seconds. - An attempt to set <em class="parameter"><code>T</code></em> to less - than 1 will result - in a query timeout of 1 second being applied. - </p></dd> -<dt><span class="term"><code class="option">+tries=T</code></span></dt> + Print [do not print] the question section of a query + when an answer is returned. The default is to print + the question section as a comment. + </p></dd> +<dt><span class="term"><code class="option">+[no]recurse</code></span></dt> <dd><p> - Sets the number of times to try UDP queries to server to - <em class="parameter"><code>T</code></em> instead of the default, 3. - If - <em class="parameter"><code>T</code></em> is less than or equal to - zero, the number of - tries is silently rounded up to 1. - </p></dd> + Toggle the setting of the RD (recursion desired) bit + in the query. This bit is set by default, which means + <span><strong class="command">dig</strong></span> normally sends recursive + queries. Recursion is automatically disabled when + the <em class="parameter"><code>+nssearch</code></em> or + <em class="parameter"><code>+trace</code></em> query options are used. + </p></dd> <dt><span class="term"><code class="option">+retry=T</code></span></dt> <dd><p> - Sets the number of times to retry UDP queries to server to - <em class="parameter"><code>T</code></em> instead of the default, 2. - Unlike - <em class="parameter"><code>+tries</code></em>, this does not include - the initial - query. - </p></dd> -<dt><span class="term"><code class="option">+ndots=D</code></span></dt> + Sets the number of times to retry UDP queries to + server to <em class="parameter"><code>T</code></em> instead of the + default, 2. Unlike <em class="parameter"><code>+tries</code></em>, + this does not include the initial query. + </p></dd> +<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt> <dd><p> - Set the number of dots that have to appear in - <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be - considered absolute. The default value is that defined using - the - ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no - ndots statement is present. Names with fewer dots are - interpreted as - relative names and will be searched for in the domains listed in - the - <code class="option">search</code> or <code class="option">domain</code> directive in - <code class="filename">/etc/resolv.conf</code>. - </p></dd> -<dt><span class="term"><code class="option">+bufsize=B</code></span></dt> + Toggle the display of per-record comments in the + output (for example, human-readable key information + about DNSKEY records). The default is not to print + record comments unless multiline mode is active. + </p></dd> +<dt><span class="term"><code class="option">+[no]search</code></span></dt> <dd><p> - Set the UDP message buffer size advertised using EDNS0 to - <em class="parameter"><code>B</code></em> bytes. The maximum and minimum sizes - of this buffer are 65535 and 0 respectively. Values outside - this range are rounded up or down appropriately. - Values other than zero will cause a EDNS query to be sent. - </p></dd> -<dt><span class="term"><code class="option">+edns=#</code></span></dt> + Use [do not use] the search list defined by the + searchlist or domain directive in + <code class="filename">resolv.conf</code> (if any). The search + list is not used by default. + </p></dd> +<dt><span class="term"><code class="option">+[no]short</code></span></dt> <dd><p> - Specify the EDNS version to query with. Valid values - are 0 to 255. Setting the EDNS version will cause - a EDNS query to be sent. <code class="option">+noedns</code> - clears the remembered EDNS version. EDNS is set to - 0 by default. + Provide a terse answer. The default is to print the + answer in a verbose form. </p></dd> -<dt><span class="term"><code class="option">+[no]multiline</code></span></dt> +<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt> <dd><p> - Print records like the SOA records in a verbose multi-line - format with human-readable comments. The default is to print - each record on a single line, to facilitate machine parsing - of the <span><strong class="command">dig</strong></span> output. - </p></dd> -<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt> + Perform [do not perform] a search showing intermediate + results. + </p></dd> +<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt> <dd><p> - Print only one (starting) SOA record when performing - an AXFR. The default is to print both the starting and - ending SOA records. + Chase DNSSEC signature chains. Requires dig be + compiled with -DDIG_SIGCHASE. </p></dd> -<dt><span class="term"><code class="option">+[no]fail</code></span></dt> +<dt><span class="term"><code class="option">+split=W</code></span></dt> <dd><p> - Do not try the next server if you receive a SERVFAIL. The - default is - to not try the next server which is the reverse of normal stub - resolver - behavior. - </p></dd> -<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt> + Split long hex- or base64-formatted fields in resource + records into chunks of <em class="parameter"><code>W</code></em> + characters (where <em class="parameter"><code>W</code></em> is rounded + up to the nearest multiple of 4). + <em class="parameter"><code>+nosplit</code></em> or + <em class="parameter"><code>+split=0</code></em> causes fields not to + be split at all. The default is 56 characters, or + 44 characters when multiline mode is active. + </p></dd> +<dt><span class="term"><code class="option">+[no]stats</code></span></dt> <dd><p> - Attempt to display the contents of messages which are malformed. - The default is to not display malformed answers. - </p></dd> -<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt> + This query option toggles the printing of statistics: + when the query was made, the size of the reply and + so on. The default behavior is to print the query + statistics. + </p></dd> +<dt><span class="term"><code class="option">+[no]tcp</code></span></dt> <dd><p> - Requests DNSSEC records be sent by setting the DNSSEC OK bit - (DO) - in the OPT record in the additional section of the query. - </p></dd> -<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt> + Use [do not use] TCP when querying name servers. The + default behavior is to use UDP unless an + <code class="literal">ixfr=N</code> query is requested, in which + case the default is TCP. AXFR queries always use + TCP. + </p></dd> +<dt><span class="term"><code class="option">+time=T</code></span></dt> +<dd><p> + + Sets the timeout for a query to + <em class="parameter"><code>T</code></em> seconds. The default + timeout is 5 seconds. + An attempt to set <em class="parameter"><code>T</code></em> to less + than 1 will result + in a query timeout of 1 second being applied. + </p></dd> +<dt><span class="term"><code class="option">+[no]topdown</code></span></dt> +<dd><p> + When chasing DNSSEC signature chains perform a top-down + validation. Requires dig be compiled with -DDIG_SIGCHASE. + </p></dd> +<dt><span class="term"><code class="option">+[no]trace</code></span></dt> +<dd> +<p> + Toggle tracing of the delegation path from the root + name servers for the name being looked up. Tracing + is disabled by default. When tracing is enabled, + <span><strong class="command">dig</strong></span> makes iterative queries to + resolve the name being looked up. It will follow + referrals from the root servers, showing the answer + from each server that was used to resolve the lookup. + </p> +<p> + <span><strong class="command">+dnssec</strong></span> is also set when +trace + is set to better emulate the default queries from a + nameserver. + </p> +</dd> +<dt><span class="term"><code class="option">+tries=T</code></span></dt> <dd><p> - Chase DNSSEC signature chains. Requires dig be compiled with - -DDIG_SIGCHASE. - </p></dd> + Sets the number of times to try UDP queries to server + to <em class="parameter"><code>T</code></em> instead of the default, + 3. If <em class="parameter"><code>T</code></em> is less than or equal + to zero, the number of tries is silently rounded up + to 1. + </p></dd> <dt><span class="term"><code class="option">+trusted-key=####</code></span></dt> <dd> <p> - Specifies a file containing trusted keys to be used with - <code class="option">+sigchase</code>. Each DNSKEY record must be - on its own line. - </p> + Specifies a file containing trusted keys to be used + with <code class="option">+sigchase</code>. Each DNSKEY record + must be on its own line. + </p> <p> - If not specified, <span><strong class="command">dig</strong></span> will look for - <code class="filename">/etc/trusted-key.key</code> then - <code class="filename">trusted-key.key</code> in the current directory. + If not specified, <span><strong class="command">dig</strong></span> will look + for <code class="filename">/etc/trusted-key.key</code> then + <code class="filename">trusted-key.key</code> in the current + directory. </p> <p> - Requires dig be compiled with -DDIG_SIGCHASE. + Requires dig be compiled with -DDIG_SIGCHASE. </p> </dd> -<dt><span class="term"><code class="option">+[no]topdown</code></span></dt> -<dd><p> - When chasing DNSSEC signature chains perform a top-down - validation. - Requires dig be compiled with -DDIG_SIGCHASE. - </p></dd> -<dt><span class="term"><code class="option">+[no]nsid</code></span></dt> +<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt> <dd><p> - Include an EDNS name server ID request when sending a query. - </p></dd> -<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt> + Display [do not display] the TTL when printing the + record. + </p></dd> +<dt><span class="term"><code class="option">+[no]vc</code></span></dt> <dd><p> - Keep the TCP socket open between queries and reuse it rather - than creating a new TCP socket for each lookup. The default - is <code class="option">+nokeepopen</code>. - </p></dd> + Use [do not use] TCP when querying name servers. This + alternate syntax to <em class="parameter"><code>+[no]tcp</code></em> + is provided for backwards compatibility. The "vc" + stands for "virtual circuit". + </p></dd> </dl></div> <p> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545341"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545168"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -641,7 +636,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545403"></a><h2>IDN SUPPORT</h2> +<a name="id2545229"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -655,14 +650,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545426"></a><h2>FILES</h2> +<a name="id2545252"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545443"></a><h2>SEE ALSO</h2> +<a name="id2545269"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -670,7 +665,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545548"></a><h2>BUGS</h2> +<a name="id2545306"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 56d763c295d73..a2aabdf341308 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -368,6 +368,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event); static void launch_next_query(dig_query_t *query, isc_boolean_t include_question); +static void +check_next_lookup(dig_lookup_t *lookup); + +static isc_boolean_t +next_origin(dig_lookup_t *oldlookup); static void * mem_alloc(void *arg, size_t size) { @@ -611,7 +616,8 @@ addr2af(int lwresaddrtype) static void copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) { dig_server_t *newsrv; - char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")]; + char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") + + sizeof("%4000000000")]; int af; int i; @@ -626,6 +632,12 @@ copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) { lwres_net_ntop(af, confdata->nameservers[i].address, tmp, sizeof(tmp)); + if (af == AF_INET6 && confdata->nameservers[i].zone != 0) { + char buf[sizeof("%4000000000")]; + snprintf(buf, sizeof(buf), "%%%u", + confdata->nameservers[i].zone); + strlcat(tmp, buf, sizeof(tmp)); + } newsrv = make_server(tmp, tmp); ISC_LINK_INIT(newsrv, link); ISC_LIST_ENQUEUE(*dest, newsrv, link); @@ -791,6 +803,7 @@ make_empty_lookup(void) { looknew->retries = tries; looknew->nsfound = 0; looknew->tcp_mode = ISC_FALSE; + looknew->tcp_mode_set = ISC_FALSE; looknew->ip6_int = ISC_FALSE; looknew->comments = ISC_TRUE; looknew->stats = ISC_TRUE; @@ -801,6 +814,7 @@ make_empty_lookup(void) { looknew->new_search = ISC_FALSE; looknew->done_as_is = ISC_FALSE; looknew->need_search = ISC_FALSE; + dns_fixedname_init(&looknew->fdomain); ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->connecting); @@ -867,6 +881,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->cdflag = lookold->cdflag; looknew->ns_search_only = lookold->ns_search_only; looknew->tcp_mode = lookold->tcp_mode; + looknew->tcp_mode_set = lookold->tcp_mode_set; looknew->comments = lookold->comments; looknew->stats = lookold->stats; looknew->section_question = lookold->section_question; @@ -878,6 +893,9 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->need_search = lookold->need_search; looknew->done_as_is = lookold->done_as_is; + dns_name_copy(dns_fixedname_name(&lookold->fdomain), + dns_fixedname_name(&looknew->fdomain), NULL); + if (servers) clone_server_list(lookold->my_server_list, &looknew->my_server_list); @@ -1688,8 +1706,10 @@ start_lookup(void) { } novalidation: #endif - setup_lookup(current_lookup); - do_lookup(current_lookup); + if (setup_lookup(current_lookup)) + do_lookup(current_lookup); + else if (next_origin(current_lookup)) + check_next_lookup(current_lookup); } else { check_if_done(); } @@ -1823,7 +1843,6 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) lookup->trace_root = ISC_FALSE; if (lookup->ns_search_only) lookup->recurse = ISC_FALSE; - dns_fixedname_init(&lookup->fdomain); domain = dns_fixedname_name(&lookup->fdomain); dns_name_copy(name, domain, NULL); } @@ -1891,8 +1910,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) * Return ISC_TRUE iff there was another searchlist entry. */ static isc_boolean_t -next_origin(dig_query_t *query) { - dig_lookup_t *lookup; +next_origin(dig_lookup_t *oldlookup) { + dig_lookup_t *newlookup; dig_searchlist_t *search; dns_fixedname_t fixed; dns_name_t *name; @@ -1901,7 +1920,7 @@ next_origin(dig_query_t *query) { INSIST(!free_now); debug("next_origin()"); - debug("following up %s", query->lookup->textname); + debug("following up %s", oldlookup->textname); if (!usesearch) /* @@ -1915,30 +1934,30 @@ next_origin(dig_query_t *query) { */ dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); - result = dns_name_fromstring2(name, query->lookup->textname, NULL, + result = dns_name_fromstring2(name, oldlookup->textname, NULL, 0, NULL); if (result == ISC_R_SUCCESS && (dns_name_isabsolute(name) || (int)dns_name_countlabels(name) > ndots)) return (ISC_FALSE); - if (query->lookup->origin == NULL && !query->lookup->need_search) + if (oldlookup->origin == NULL && !oldlookup->need_search) /* * Then we just did rootorg; there's nothing left. */ return (ISC_FALSE); - if (query->lookup->origin == NULL && query->lookup->need_search) { - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = ISC_LIST_HEAD(search_list); - lookup->need_search = ISC_FALSE; + if (oldlookup->origin == NULL && oldlookup->need_search) { + newlookup = requeue_lookup(oldlookup, ISC_TRUE); + newlookup->origin = ISC_LIST_HEAD(search_list); + newlookup->need_search = ISC_FALSE; } else { - search = ISC_LIST_NEXT(query->lookup->origin, link); - if (search == NULL && query->lookup->done_as_is) + search = ISC_LIST_NEXT(oldlookup->origin, link); + if (search == NULL && oldlookup->done_as_is) return (ISC_FALSE); - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = search; + newlookup = requeue_lookup(oldlookup, ISC_TRUE); + newlookup->origin = search; } - cancel_lookup(query->lookup); + cancel_lookup(oldlookup); return (ISC_TRUE); } @@ -2014,7 +2033,7 @@ insert_soa(dig_lookup_t *lookup) { * well as the query structures and buffer space for the replies. If the * server list is empty, clone it from the system default list. */ -void +isc_boolean_t setup_lookup(dig_lookup_t *lookup) { isc_result_t result; isc_uint32_t id; @@ -2140,20 +2159,35 @@ setup_lookup(dig_lookup_t *lookup) { if (lookup->trace && lookup->trace_root) { dns_name_clone(dns_rootname, lookup->name); } else { + dns_fixedname_t fixed; + dns_name_t *name; + + dns_fixedname_init(&fixed); + name = dns_fixedname_name(&fixed); len = strlen(lookup->textname); isc_buffer_init(&b, lookup->textname, len); isc_buffer_add(&b, len); - result = dns_name_fromtext(lookup->name, &b, - lookup->oname, 0, - &lookup->namebuf); - } - if (result != ISC_R_SUCCESS) { - dns_message_puttempname(lookup->sendmsg, - &lookup->name); - dns_message_puttempname(lookup->sendmsg, - &lookup->oname); - fatal("'%s' is not in legal name syntax (%s)", - lookup->textname, isc_result_totext(result)); + result = dns_name_fromtext(name, &b, NULL, 0, NULL); + if (result == ISC_R_SUCCESS && + !dns_name_isabsolute(name)) + result = dns_name_concatenate(name, + lookup->oname, + lookup->name, + &lookup->namebuf); + else if (result == ISC_R_SUCCESS) + result = dns_name_copy(name, lookup->name, + &lookup->namebuf); + if (result != ISC_R_SUCCESS) { + dns_message_puttempname(lookup->sendmsg, + &lookup->name); + dns_message_puttempname(lookup->sendmsg, + &lookup->oname); + if (result == DNS_R_NAMETOOLONG) + return (ISC_FALSE); + fatal("'%s' is not in legal name syntax (%s)", + lookup->textname, + isc_result_totext(result)); + } } dns_message_puttempname(lookup->sendmsg, &lookup->oname); } else @@ -2353,6 +2387,7 @@ setup_lookup(dig_lookup_t *lookup) { printmessage(ISC_LIST_HEAD(lookup->q), lookup->sendmsg, ISC_TRUE); } + return (ISC_TRUE); } /*% @@ -3149,6 +3184,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { INSIST(recvcount >= 0); query = event->ev_arg; + TIME_NOW(&query->time_recv); debug("lookup=%p, query=%p", query->lookup, query); l = query->lookup; @@ -3472,7 +3508,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (!l->doing_xfr || l->xfr_q == query) { if (msg->rcode == dns_rcode_nxdomain && (l->origin != NULL || l->need_search)) { - if (!next_origin(query) || showsearch) { + if (!next_origin(query->lookup) || showsearch) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); } diff --git a/bin/dig/host.1 b/bin/dig/host.1 index b6eb81ba40f6a..4ff5a7cc61770 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2002 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: host .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Jun 30, 2000 +.\" Date: January 20, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9" +.TH "HOST" "1" "January 20, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ host \- DNS lookup utility .SH "SYNOPSIS" .HP 5 -\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server] +\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [\fB\-v\fR] [\fB\-V\fR] {name} [server] .SH "DESCRIPTION" .PP \fBhost\fR @@ -194,6 +194,12 @@ can be used to set the memory usage debugging flags \fIusage\fR and \fItrace\fR. +.PP +The +\fB\-V\fR +option causes +\fBhost\fR +to print the version number and exit. .SH "IDN SUPPORT" .PP If @@ -213,7 +219,7 @@ runs. \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2002 Internet Software Consortium. .br diff --git a/bin/dig/host.c b/bin/dig/host.c index d1392fc8460bf..08f89bf74c9e2 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.127 2011/03/11 06:11:20 marka Exp $ */ - /*! \file */ #include <config.h> @@ -166,7 +164,8 @@ show_usage(void) { " -W specifies how long to wait for a reply\n" " -4 use IPv4 query transport only\n" " -6 use IPv6 query transport only\n" -" -m set memory debugging flag (trace|record|usage)\n", stderr); +" -m set memory debugging flag (trace|record|usage)\n" +" -v print version number and exit\n", stderr); exit(1); } @@ -603,7 +602,13 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { return (result); } -static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:"; +static const char * optstring = "46ac:dilnm:rst:vVwCDN:R:TW:"; + +/*% version */ +static void +version(void) { + fputs("host " VERSION "\n", stderr); +} static void pre_parse_args(int argc, char **argv) { @@ -635,6 +640,10 @@ pre_parse_args(int argc, char **argv) { case 's': break; case 't': break; case 'v': break; + case 'V': + version(); + exit(0); + break; case 'w': break; case 'C': break; case 'D': @@ -756,6 +765,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) { if (!lookup->rdtypeset || lookup->rdtype != dns_rdatatype_axfr) lookup->rdtype = dns_rdatatype_any; +#ifdef WITH_IDN + idnoptions = 0; +#endif list_type = dns_rdatatype_any; list_addresses = ISC_FALSE; lookup->rdtypeset = ISC_TRUE; diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index bc435f92f11c6..30fc441044efb 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,11 +18,10 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ --> <refentry id="man.host"> <refentryinfo> - <date>Jun 30, 2000</date> + <date>January 20, 2009</date> </refentryinfo> <refmeta> @@ -43,6 +42,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -65,6 +65,8 @@ <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg> <arg><option>-4</option></arg> <arg><option>-6</option></arg> + <arg><option>-v</option></arg> + <arg><option>-V</option></arg> <arg choice="req">name</arg> <arg choice="opt">server</arg> </cmdsynopsis> @@ -238,6 +240,11 @@ <parameter>record</parameter>, <parameter>usage</parameter> and <parameter>trace</parameter>. </para> + + <para> + The <option>-V</option> option causes <command>host</command> + to print the version number and exit. + </para> </refsect1> <refsect1> diff --git a/bin/dig/host.html b/bin/dig/host.html index d5fb6e735fb19..a04536afec564 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2002 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> +<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543436"></a><h2>DESCRIPTION</h2> +<a name="id2543454"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -182,9 +182,13 @@ <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and <em class="parameter"><code>trace</code></em>. </p> +<p> + The <code class="option">-V</code> option causes <span><strong class="command">host</strong></span> + to print the version number and exit. + </p> </div> <div class="refsect1" lang="en"> -<a name="id2543802"></a><h2>IDN SUPPORT</h2> +<a name="id2543831"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">host</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -198,12 +202,12 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543825"></a><h2>FILES</h2> +<a name="id2543853"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543836"></a><h2>SEE ALSO</h2> +<a name="id2543865"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index 0150d11dfb3c2..99bf236d717d5 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -117,6 +117,7 @@ struct dig_lookup { trace, /*% dig +trace */ trace_root, /*% initial query for either +trace or +nssearch */ tcp_mode, + tcp_mode_set, ip6_int, comments, stats, @@ -219,6 +220,7 @@ struct dig_query { ISC_LINK(dig_query_t) clink; isc_sockaddr_t sockaddr; isc_time_t time_sent; + isc_time_t time_recv; isc_uint64_t byte_count; isc_buffer_t sendbuf; }; @@ -309,7 +311,7 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); void check_result(isc_result_t result, const char *msg); -void +isc_boolean_t setup_lookup(dig_lookup_t *lookup); void diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index 3d69759107011..e5ea2396a12d1 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -19,11 +19,11 @@ .\" Title: nslookup .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Jun 30, 2000 +.\" Date: January 24, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9" +.TH "NSLOOKUP" "1" "January 24, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -61,6 +61,12 @@ nslookup \-query=hinfo \-timeout=10 .fi .RE .sp +.PP +The +\fB\-version\fR +option causes +\fBnslookup\fR +to print the version number and immediately exits. .SH "INTERACTIVE COMMANDS" .PP \fBhost\fR [server] diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index 6c2f0a949983e..051ed34b9415a 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.130 2011/12/16 23:01:16 each Exp $ */ - #include <config.h> #include <stdlib.h> @@ -582,6 +580,11 @@ set_ndots(const char *value) { } static void +version(void) { + fputs("nslookup " VERSION "\n", stderr); +} + +static void setoption(char *opt) { if (strncasecmp(opt, "all", 4) == 0) { show_settings(ISC_TRUE, ISC_FALSE); @@ -805,9 +808,12 @@ parse_args(int argc, char **argv) { for (argc--, argv++; argc > 0; argc--, argv++) { debug("main parsing %s", argv[0]); if (argv[0][0] == '-') { - if (argv[0][1] != 0) + if (strncasecmp(argv[0], "-ver", 4) == 0) { + version(); + exit(0); + } else if (argv[0][1] != 0) { setoption(&argv[0][1]); - else + } else have_lookup = ISC_TRUE; } else { if (!have_lookup) { diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index 4da87b1eb5dd8..022de672b80f8 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -17,7 +17,6 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.docbook,v 1.18 2010/02/22 23:49:11 tbox Exp $ --> <!-- - Copyright (c) 1985, 1989 - The Regents of the University of California. All rights reserved. @@ -49,7 +48,7 @@ <refentry> <refentryinfo> - <date>Jun 30, 2000</date> + <date>January 24, 2014</date> </refentryinfo> <refmeta> @@ -134,6 +133,11 @@ nslookup -query=hinfo -timeout=10 </programlisting> <!-- </informalexample> --> </para> + <para> + The <option>-version</option> option causes + <command>nslookup</command> to print the version + number and immediately exits. + </para> </refsect1> diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index b7e88e947319c..96777b3106e5e 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -21,7 +21,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476277"></a><div class="titlepage"></div> +<a name="id2476283"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nslookup — query Internet name servers interactively</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543435"></a><h2>DESCRIPTION</h2> +<a name="id2543442"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> has two modes: interactive and non-interactive. Interactive mode allows @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543451"></a><h2>ARGUMENTS</h2> +<a name="id2543458"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -76,9 +76,14 @@ nslookup -query=hinfo -timeout=10 <p> </p> +<p> + The <code class="option">-version</code> option causes + <span><strong class="command">nslookup</strong></span> to print the version + number and immediately exits. + </p> </div> <div class="refsect1" lang="en"> -<a name="id2543495"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2543512"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt> <dd> @@ -294,19 +299,19 @@ nslookup -query=hinfo -timeout=10 </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2546309"></a><h2>FILES</h2> +<a name="id2546326"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2546321"></a><h2>SEE ALSO</h2> +<a name="id2546338"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2546355"></a><h2>Author</h2> +<a name="id2546372"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in index 5966d16389f62..81f65938a0c31 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005, 2007-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2005, 2007-2009, 2012-2014 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2000-2002 Internet Software Consortium. # # Permission to use, copy, modify, and/or distribute this software for any @@ -55,12 +55,12 @@ SRCS = dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \ MANPAGES = dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \ dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8 \ - dnssec-verify.8 + dnssec-verify.8 dnssec-importkey.8 HTMLPAGES = dnssec-dsfromkey.html dnssec-keyfromlabel.html \ dnssec-keygen.html dnssec-revoke.html \ dnssec-settime.html dnssec-signzone.html \ - dnssec-verify.html + dnssec-verify.html dnssec-importkey.html MANOBJS = ${MANPAGES} ${HTMLPAGES} diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8 index 89d4228e02140..1c7e867eae7b3 100644 --- a/bin/dnssec/dnssec-dsfromkey.8 +++ b/bin/dnssec/dnssec-dsfromkey.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: dnssec\-dsfromkey .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: August 26, 2009 +.\" Date: May 17, 2012 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-DSFROMKEY" "8" "August 26, 2009" "BIND9" "BIND9" +.TH "DNSSEC\-DSFROMKEY" "8" "May 17, 2012" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -35,6 +35,8 @@ dnssec\-dsfromkey \- DNSSEC DS RR generation tool \fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile} .HP 17 \fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname} +.HP 17 +\fBdnssec\-dsfromkey\fR [\fB\-h\fR] [\fB\-V\fR] .SH "DESCRIPTION" .PP \fBdnssec\-dsfromkey\fR @@ -113,6 +115,16 @@ Specifies the DNS class (default is IN). Useful only in keyset or zone file mode .RS 4 Sets the debugging level. .RE +.PP +\-h +.RS 4 +Prints usage information. +.RE +.PP +\-V +.RS 4 +Prints version information. +.RE .SH "EXAMPLE" .PP To build the SHA\-256 DS RR from the @@ -153,5 +165,5 @@ RFC 4509. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2008\-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index bfedae830b5cc..fca7b17d3cfad 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */ - /*! \file */ #include <config.h> @@ -326,6 +324,7 @@ usage(void) { fprintf(stderr, "Version: %s\n", VERSION); fprintf(stderr, "Options:\n"); fprintf(stderr, " -v <verbose level>\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, " -K <directory>: directory in which to find " "key file or keyset file\n"); fprintf(stderr, " -a algorithm: digest algorithm " @@ -375,7 +374,7 @@ main(int argc, char **argv) { isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, - "12Aa:c:d:Ff:K:l:sT:v:h")) != -1) { + "12Aa:c:d:Ff:K:l:sT:v:hV")) != -1) { switch (ch) { case '1': dtype = DNS_DSDIGEST_SHA1; @@ -432,8 +431,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* FALLTHROUGH */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook index 77c0994dd3bae..7245a83f4de6c 100644 --- a/bin/dnssec/dnssec-dsfromkey.docbook +++ b/bin/dnssec/dnssec-dsfromkey.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ --> <refentry id="man.dnssec-dsfromkey"> <refentryinfo> - <date>August 26, 2009</date> + <date>May 17, 2012</date> </refentryinfo> <refmeta> @@ -41,6 +40,7 @@ <year>2010</year> <year>2011</year> <year>2012</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -72,6 +72,11 @@ <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> <arg choice="req">dnsname</arg> </cmdsynopsis> + <cmdsynopsis> + <command>dnssec-dsfromkey</command> + <arg><option>-h</option></arg> + <arg><option>-V</option></arg> + </cmdsynopsis> </refsynopsisdiv> <refsect1> @@ -210,6 +215,24 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem> + <para> + Prints usage information. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html index 50d4d7802bd44..3f27b49e5bc2c 100644 --- a/bin/dnssec/dnssec-dsfromkey.html +++ b/bin/dnssec/dnssec-dsfromkey.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -30,16 +30,17 @@ <h2>Synopsis</h2> <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div> <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543489"></a><h2>DESCRIPTION</h2> +<a name="id2543514"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-dsfromkey</strong></span> outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). </p> </div> <div class="refsect1" lang="en"> -<a name="id2543500"></a><h2>OPTIONS</h2> +<a name="id2543526"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-1</span></dt> <dd><p> @@ -113,10 +114,18 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-h</span></dt> +<dd><p> + Prints usage information. + </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543726"></a><h2>EXAMPLE</h2> +<a name="id2543780"></a><h2>EXAMPLE</h2> <p> To build the SHA-256 DS RR from the <strong class="userinput"><code>Kexample.com.+003+26160</code></strong> @@ -131,7 +140,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543756"></a><h2>FILES</h2> +<a name="id2543810"></a><h2>FILES</h2> <p> The keyfile can be designed by the key identification <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name @@ -145,13 +154,13 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543792"></a><h2>CAVEAT</h2> +<a name="id2543845"></a><h2>CAVEAT</h2> <p> A keyfile error can give a "file not found" even if the file exists. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543801"></a><h2>SEE ALSO</h2> +<a name="id2543854"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -161,7 +170,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543841"></a><h2>AUTHOR</h2> +<a name="id2543894"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-importkey.8 b/bin/dnssec/dnssec-importkey.8 index a7b31261070d0..225077da0878a 100644 --- a/bin/dnssec/dnssec-importkey.8 +++ b/bin/dnssec/dnssec-importkey.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -16,97 +16,105 @@ .\" .hy 0 .ad l -'\" t -.\" Title: dnssec-importkey -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> -.\" Date: August 30, 2013 +.\" Title: dnssec\-importkey +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> +.\" Date: February 07, 2014 .\" Manual: BIND9 .\" Source: BIND9 -.\" Language: English .\" -.TH "DNSSEC\-IMPORTKEY" "8" "August 30, 2013" "BIND9" "BIND9" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- +.TH "DNSSEC\-IMPORTKEY" "8" "February 07, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- .SH "NAME" -dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&. +dnssec\-importkey \- Import DNSKEY records from external systems so they can be managed. .SH "SYNOPSIS" .HP 17 -\fBdnssec\-importkey\fR [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fBkeyname\fR] +\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR} +.HP 17 +\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR] .SH "DESCRIPTION" .PP \fBdnssec\-importkey\fR -read a DNSKEY record and generated a \&.key/\&.private key pair\&. Publication (\fB\-P\fR) and deletions (\fB\-D\fR) times can be set for the key\&. +reads a public DNSKEY record and generates a pair of .key/.private files. The DNSKEY record may be read from an existing .key file, in which case a corresponding .private file will be generated, or it may be read from any other file or from the standard input, in which case both .key and .private files will be generated. +.PP +The newly\-created .private file does +\fInot\fR +contain private key data, and cannot be used for signing. However, having a .private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline. .SH "OPTIONS" .PP \-f \fIfilename\fR .RS 4 -Filename to read the key from\&. +Zone file mode: instead of a public keyfile name, the argument is the DNS domain name of a zone master file, which can be read from +\fBfile\fR. If the domain name is the same as +\fBfile\fR, then it may be omitted. +.sp +If +\fBfile\fR +is set to +"\-", then the zone data is read from the standard input. .RE .PP \-K \fIdirectory\fR .RS 4 -Sets the directory in which the key files are to reside\&. +Sets the directory in which the key files are to reside. .RE .PP \-L \fIttl\fR .RS 4 -Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. importkey the default TTL to +Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to 0 or none -removes it\&. +removes it. .RE .PP \-h .RS 4 -Emit usage message and exit\&. +Emit usage message and exit. .RE .PP \-v \fIlevel\fR .RS 4 -Sets the debugging level\&. +Sets the debugging level. +.RE +.PP +\-V +.RS 4 +Prints version information. .RE .SH "TIMING OPTIONS" .PP -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To unset a date, use \*(Aqnone\*(Aq\&. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'. .PP \-P \fIdate/offset\fR .RS 4 -Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. +Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. .RE .PP \-D \fIdate/offset\fR .RS 4 -Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.) +Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.) .RE +.SH "FILES" +.PP +A keyfile can be designed by the key identification +\fIKnnnn.+aaa+iiiii\fR +or the full file name +\fIKnnnn.+aaa+iiiii.key\fR +as generated by +dnssec\-keygen(8). .SH "SEE ALSO" .PP -\fBdnssec-keygen\fR(8), -\fBdnssec-signzone\fR(8), +\fBdnssec\-keygen\fR(8), +\fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, -RFC 5011\&. +RFC 5011. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -.br -Copyright \(co 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-importkey.c b/bin/dnssec/dnssec-importkey.c index 67502a6939d54..f07f02ecf5b73 100644 --- a/bin/dnssec/dnssec-importkey.c +++ b/bin/dnssec/dnssec-importkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -269,6 +269,7 @@ usage(void) { "the key files\n"); fprintf(stderr, " -L ttl: set default key TTL\n"); fprintf(stderr, " -v <verbose level>\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, " -h: print usage and exit\n"); fprintf(stderr, "Timing options:\n"); fprintf(stderr, " -P date/[+-]offset/none: set/unset key " @@ -306,15 +307,15 @@ main(int argc, char **argv) { isc_commandline_errprint = ISC_FALSE; -#define CMDLINE_FLAGS "D:f:hK:L:P:v:" +#define CMDLINE_FLAGS "D:f:hK:L:P:v:V" while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'D': if (setdel) fatal("-D specified more than once"); - setdel = ISC_TRUE; - del = strtotime(isc_commandline_argument, now, now); + del = strtotime(isc_commandline_argument, + now, now, &setdel); break; case 'K': dir = isc_commandline_argument; @@ -322,17 +323,15 @@ main(int argc, char **argv) { fatal("directory must be non-empty string"); break; case 'L': - if (strcmp(isc_commandline_argument, "none") == 0) - ttl = 0; - else - ttl = strtottl(isc_commandline_argument); + ttl = strtottl(isc_commandline_argument); setttl = ISC_TRUE; break; case 'P': if (setpub) fatal("-P specified more than once"); - setpub = ISC_TRUE; - pub = strtotime(isc_commandline_argument, now, now); + + pub = strtotime(isc_commandline_argument, + now, now, &setpub); break; case 'f': filename = isc_commandline_argument; @@ -348,8 +347,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* FALLTHROUGH */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); diff --git a/bin/dnssec/dnssec-importkey.docbook b/bin/dnssec/dnssec-importkey.docbook index f9b322c884be9..5893abd270a3b 100644 --- a/bin/dnssec/dnssec-importkey.docbook +++ b/bin/dnssec/dnssec-importkey.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-importkey.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ --> <refentry id="man.dnssec-importkey"> <refentryinfo> - <date>August 30, 2013</date> + <date>February 07, 2014</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -50,6 +50,7 @@ <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-h</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg choice="req"><option>keyfile</option></arg> </cmdsynopsis> <cmdsynopsis> @@ -61,6 +62,7 @@ <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-h</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>dnsname</option></arg> </cmdsynopsis> </refsynopsisdiv> @@ -76,7 +78,7 @@ files will be generated. </para> <para> - The newly-created .private file does <emphasis>not</command> + The newly-created .private file does <emphasis>not</emphasis> contain private key data, and cannot be used for signing. However, having a .private file makes it possible to set publication (<option>-P</option>) and deletion @@ -147,6 +149,15 @@ </listitem> </varlistentry> + <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + </variablelist> </refsect1> @@ -160,7 +171,8 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. To unset a date, use 'none'. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </para> <variablelist> diff --git a/bin/dnssec/dnssec-importkey.html b/bin/dnssec/dnssec-importkey.html index 55729ba56b053..90f13f295b658 100644 --- a/bin/dnssec/dnssec-importkey.html +++ b/bin/dnssec/dnssec-importkey.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -19,9 +19,9 @@ <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-importkey</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.78.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> -<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry"> +<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> <a name="man.dnssec-importkey"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> @@ -29,23 +29,45 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">keyname</code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div> </div> -<div class="refsect1"> -<a name="idp5321760"></a><h2>DESCRIPTION</h2> -<p><span class="command"><strong>dnssec-importkey</strong></span> - read a DNSKEY record and generated a .key/.private key pair. - Publication (<code class="option">-P</code>) and deletions (<code class="option">-D</code>) - times can be set for the key. +<div class="refsect1" lang="en"> +<a name="id2543475"></a><h2>DESCRIPTION</h2> +<p><span><strong class="command">dnssec-importkey</strong></span> + reads a public DNSKEY record and generates a pair of + .key/.private files. The DNSKEY record may be read from an + existing .key file, in which case a corresponding .private file + will be generated, or it may be read from any other file or + from the standard input, in which case both .key and .private + files will be generated. + </p> +<p> + The newly-created .private file does <span class="emphasis"><em>not</em></span> + contain private key data, and cannot be used for signing. + However, having a .private file makes it possible to set + publication (<code class="option">-P</code>) and deletion + (<code class="option">-D</code>) times for the key, which means the + public key can be added to and removed from the DNSKEY RRset + on schedule even if the true private key is stored offline. </p> </div> -<div class="refsect1"> -<a name="idp5324080"></a><h2>OPTIONS</h2> -<div class="variablelist"><dl class="variablelist"> +<div class="refsect1" lang="en"> +<a name="id2543500"></a><h2>OPTIONS</h2> +<div class="variablelist"><dl> <dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt> -<dd><p> - Filename to read the key from. - </p></dd> +<dd> +<p> + Zone file mode: instead of a public keyfile name, the argument + is the DNS domain name of a zone master file, which can be read + from <code class="option">file</code>. If the domain name is the same as + <code class="option">file</code>, then it may be omitted. + </p> +<p> + If <code class="option">file</code> is set to <code class="literal">"-"</code>, then + the zone data is read from the standard input. + </p> +</dd> <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> Sets the directory in which the key files are to reside. @@ -56,7 +78,7 @@ into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL - would take precedence. importkey the default TTL to + would take precedence. Setting the default TTL to <code class="literal">0</code> or <code class="literal">none</code> removes it. </p></dd> <dt><span class="term">-h</span></dt> @@ -67,10 +89,14 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> </dl></div> </div> -<div class="refsect1"> -<a name="idp5336224"></a><h2>TIMING OPTIONS</h2> +<div class="refsect1" lang="en"> +<a name="id2543632"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -79,9 +105,10 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. To unset a date, use 'none'. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </p> -<div class="variablelist"><dl class="variablelist"> +<div class="variablelist"><dl> <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt> <dd><p> Sets the date on which a key is to be published to the zone. @@ -96,16 +123,25 @@ </p></dd> </dl></div> </div> -<div class="refsect1"> -<a name="idp5342816"></a><h2>SEE ALSO</h2> +<div class="refsect1" lang="en"> +<a name="id2543678"></a><h2>FILES</h2> +<p> + A keyfile can be designed by the key identification + <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name + <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by + <span class="refentrytitle">dnssec-keygen</span>(8). + </p> +</div> +<div class="refsect1" lang="en"> +<a name="id2543700"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 5011</em>. </p> </div> -<div class="refsect1"> -<a name="idp5346704"></a><h2>AUTHOR</h2> +<div class="refsect1" lang="en"> +<a name="id2543733"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8 index 0e1ea16248817..24da7c4d9df71 100644 --- a/bin/dnssec/dnssec-keyfromlabel.8 +++ b/bin/dnssec/dnssec-keyfromlabel.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: dnssec\-keyfromlabel .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: February 8, 2008 +.\" Date: February 27, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9" +.TH "DNSSEC\-KEYFROMLABEL" "8" "February 27, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -32,11 +32,12 @@ dnssec\-keyfromlabel \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 20 -\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name} +\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keyfromlabel\fR -gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. +generates a key pair of files that referencing a key object stored in a cryptographic hardware service module (HSM). The private key file can be used for DNSSEC signing of zone data as if it were a conventional signing key created by +\fBdnssec\-keygen\fR, but the key material is stored within the HSM, and the actual signing takes place there. .PP The \fBname\fR @@ -136,6 +137,11 @@ removes it. Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. .RE .PP +\-S \fIkey\fR +.RS 4 +Generate a key as an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the predecessor. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days. +.RE +.PP \-t \fItype\fR .RS 4 Indicates the use of the key. @@ -148,13 +154,18 @@ must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. Sets the debugging level. .RE .PP +\-V +.RS 4 +Prints version information. +.RE +.PP \-y .RS 4 Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked. (This is only safe to use if you are sure you won't be using RFC 5011 trust anchor maintenance with either of the keys involved.) .RE .SH "TIMING OPTIONS" .PP -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'. .PP \-P \fIdate/offset\fR .RS 4 @@ -180,6 +191,15 @@ Sets the date on which the key is to be retired. After that date, the key will s .RS 4 Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.) .RE +.PP +\-i \fIinterval\fR +.RS 4 +Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication. +.sp +If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero. +.sp +As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds. +.RE .SH "GENERATED KEY FILES" .PP When @@ -224,5 +244,5 @@ RFC 4034. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2008\-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2008\-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index 3ad00d7a04f38..9dc9df75194d1 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */ - /*! \file */ #include <config.h> @@ -94,6 +92,7 @@ usage(void) { "(default: AUTHCONF)\n"); fprintf(stderr, " -y: permit keys that might collide\n"); fprintf(stderr, " -v verbose level\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, "Date options:\n"); fprintf(stderr, " -P date/[+-]offset: set key publication date\n"); fprintf(stderr, " -A date/[+-]offset: set key activation date\n"); @@ -103,6 +102,11 @@ usage(void) { fprintf(stderr, " -G: generate key only; do not set -P or -A\n"); fprintf(stderr, " -C: generate a backward-compatible key, omitting" " all dates\n"); + fprintf(stderr, " -S <key>: generate a successor to an existing " + "key\n"); + fprintf(stderr, " -i <interval>: prepublication interval for " + "successor key " + "(default: 30 days)\n"); fprintf(stderr, "Output:\n"); fprintf(stderr, " K<name>+<alg>+<id>.key, " "K<name>+<alg>+<id>.private\n"); @@ -115,6 +119,8 @@ main(int argc, char **argv) { char *algname = NULL, *freeit = NULL; char *nametype = NULL, *type = NULL; const char *directory = NULL; + const char *predecessor = NULL; + dst_key_t *prevkey = NULL; #ifdef USE_PKCS11 const char *engine = "pkcs11"; #else @@ -144,6 +150,7 @@ main(int argc, char **argv) { isc_stdtime_t publish = 0, activate = 0, revoke = 0; isc_stdtime_t inactive = 0, delete = 0; isc_stdtime_t now; + int prepub = -1; isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE; isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE; isc_boolean_t setdel = ISC_FALSE, setttl = ISC_FALSE; @@ -167,9 +174,8 @@ main(int argc, char **argv) { isc_stdtime_get(&now); - while ((ch = isc_commandline_parse(argc, argv, - "3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1) - { +#define CMDLINE_FLAGS "3A:a:Cc:D:E:Ff:GhI:i:kK:L:l:n:P:p:R:S:t:v:Vy" + while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case '3': use_nsec3 = ISC_TRUE; @@ -207,10 +213,7 @@ main(int argc, char **argv) { options |= DST_TYPE_KEY; break; case 'L': - if (strcmp(isc_commandline_argument, "none") == 0) - ttl = 0; - else - ttl = strtottl(isc_commandline_argument); + ttl = strtottl(isc_commandline_argument); setttl = ISC_TRUE; break; case 'l': @@ -243,61 +246,47 @@ main(int argc, char **argv) { if (setpub || unsetpub) fatal("-P specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setpub = ISC_TRUE; - publish = strtotime(isc_commandline_argument, - now, now); - } else { - unsetpub = ISC_TRUE; - } + publish = strtotime(isc_commandline_argument, + now, now, &setpub); + unsetpub = !setpub; break; case 'A': if (setact || unsetact) fatal("-A specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setact = ISC_TRUE; - activate = strtotime(isc_commandline_argument, - now, now); - } else { - unsetact = ISC_TRUE; - } + activate = strtotime(isc_commandline_argument, + now, now, &setact); + unsetact = !setact; break; case 'R': if (setrev || unsetrev) fatal("-R specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setrev = ISC_TRUE; - revoke = strtotime(isc_commandline_argument, - now, now); - } else { - unsetrev = ISC_TRUE; - } + revoke = strtotime(isc_commandline_argument, + now, now, &setrev); + unsetrev = !setrev; break; case 'I': if (setinact || unsetinact) fatal("-I specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setinact = ISC_TRUE; - inactive = strtotime(isc_commandline_argument, - now, now); - } else { - unsetinact = ISC_TRUE; - } + inactive = strtotime(isc_commandline_argument, + now, now, &setinact); + unsetinact = !setinact; break; case 'D': if (setdel || unsetdel) fatal("-D specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setdel = ISC_TRUE; - delete = strtotime(isc_commandline_argument, - now, now); - } else { - unsetdel = ISC_TRUE; - } + delete = strtotime(isc_commandline_argument, + now, now, &setdel); + unsetdel = !setdel; + break; + case 'S': + predecessor = isc_commandline_argument; + break; + case 'i': + prepub = strtottl(isc_commandline_argument); break; case 'F': /* Reserved for FIPS mode */ @@ -308,8 +297,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* FALLTHROUGH */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); @@ -327,78 +321,190 @@ main(int argc, char **argv) { setup_logging(verbose, mctx, &log); - if (label == NULL) - fatal("the key label was not specified"); - if (argc < isc_commandline_index + 1) - fatal("the key name was not specified"); - if (argc > isc_commandline_index + 1) - fatal("extraneous arguments"); - - if (strchr(label, ':') == NULL && - engine != NULL && strlen(engine) != 0U) { - char *l; - int len; - - len = strlen(label) + strlen(engine) + 2; - l = isc_mem_allocate(mctx, len); - if (l == NULL) - fatal("cannot allocate memory"); - snprintf(l, len, "%s:%s", engine, label); - isc_mem_free(mctx, label); - label = l; - } + if (predecessor == NULL) { + if (label == NULL) + fatal("the key label was not specified"); + if (argc < isc_commandline_index + 1) + fatal("the key name was not specified"); + if (argc > isc_commandline_index + 1) + fatal("extraneous arguments"); + + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); + isc_buffer_init(&buf, argv[isc_commandline_index], + strlen(argv[isc_commandline_index])); + isc_buffer_add(&buf, strlen(argv[isc_commandline_index])); + ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL); + if (ret != ISC_R_SUCCESS) + fatal("invalid key name %s: %s", + argv[isc_commandline_index], + isc_result_totext(ret)); - if (algname == NULL) { - if (use_nsec3) - algname = strdup(DEFAULT_NSEC3_ALGORITHM); - else - algname = strdup(DEFAULT_ALGORITHM); - if (algname == NULL) - fatal("strdup failed"); - freeit = algname; - if (verbose > 0) - fprintf(stderr, "no algorithm specified; " - "defaulting to %s\n", algname); - } + if (strchr(label, ':') == NULL) { + char *l; + int len; + + len = strlen(label) + 8; + l = isc_mem_allocate(mctx, len); + if (l == NULL) + fatal("cannot allocate memory"); + snprintf(l, len, "pkcs11:%s", label); + isc_mem_free(mctx, label); + label = l; + } + + if (algname == NULL) { + if (use_nsec3) + algname = strdup(DEFAULT_NSEC3_ALGORITHM); + else + algname = strdup(DEFAULT_ALGORITHM); + if (algname == NULL) + fatal("strdup failed"); + freeit = algname; + if (verbose > 0) + fprintf(stderr, "no algorithm specified; " + "defaulting to %s\n", algname); + } + + if (strcasecmp(algname, "RSA") == 0) { + fprintf(stderr, "The use of RSA (RSAMD5) is not " + "recommended.\nIf you still wish to " + "use RSA (RSAMD5) please specify " + "\"-a RSAMD5\"\n"); + if (freeit != NULL) + free(freeit); + return (1); + } else { + r.base = algname; + r.length = strlen(algname); + ret = dns_secalg_fromtext(&alg, &r); + if (ret != ISC_R_SUCCESS) + fatal("unknown algorithm %s", algname); + if (alg == DST_ALG_DH) + options |= DST_TYPE_KEY; + } + + if (use_nsec3 && + alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 && + alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 && + alg != DST_ALG_ECCGOST && + alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) { + fatal("%s is incompatible with NSEC3; " + "do not use the -3 option", algname); + } + + if (type != NULL && (options & DST_TYPE_KEY) != 0) { + if (strcasecmp(type, "NOAUTH") == 0) + flags |= DNS_KEYTYPE_NOAUTH; + else if (strcasecmp(type, "NOCONF") == 0) + flags |= DNS_KEYTYPE_NOCONF; + else if (strcasecmp(type, "NOAUTHCONF") == 0) + flags |= (DNS_KEYTYPE_NOAUTH | + DNS_KEYTYPE_NOCONF); + else if (strcasecmp(type, "AUTHCONF") == 0) + /* nothing */; + else + fatal("invalid type %s", type); + } - if (strcasecmp(algname, "RSA") == 0) { - fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n" - "If you still wish to use RSA (RSAMD5) please " - "specify \"-a RSAMD5\"\n"); - if (freeit != NULL) - free(freeit); - return (1); + if (!oldstyle && prepub > 0) { + if (setpub && setact && (activate - prepub) < publish) + fatal("Activation and publication dates " + "are closer together than the\n\t" + "prepublication interval."); + + if (!setpub && !setact) { + setpub = setact = ISC_TRUE; + publish = now; + activate = now + prepub; + } else if (setpub && !setact) { + setact = ISC_TRUE; + activate = publish + prepub; + } else if (setact && !setpub) { + setpub = ISC_TRUE; + publish = activate - prepub; + } + + if ((activate - prepub) < now) + fatal("Time until activation is shorter " + "than the\n\tprepublication interval."); + } } else { - r.base = algname; - r.length = strlen(algname); - ret = dns_secalg_fromtext(&alg, &r); + char keystr[DST_KEY_FORMATSIZE]; + isc_stdtime_t when; + int major, minor; + + if (prepub == -1) + prepub = (30 * 86400); + + if (algname != NULL) + fatal("-S and -a cannot be used together"); + if (nametype != NULL) + fatal("-S and -n cannot be used together"); + if (type != NULL) + fatal("-S and -t cannot be used together"); + if (setpub || unsetpub) + fatal("-S and -P cannot be used together"); + if (setact || unsetact) + fatal("-S and -A cannot be used together"); + if (use_nsec3) + fatal("-S and -3 cannot be used together"); + if (oldstyle) + fatal("-S and -C cannot be used together"); + if (genonly) + fatal("-S and -G cannot be used together"); + + ret = dst_key_fromnamedfile(predecessor, directory, + DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, + mctx, &prevkey); if (ret != ISC_R_SUCCESS) - fatal("unknown algorithm %s", algname); - if (alg == DST_ALG_DH) - options |= DST_TYPE_KEY; - } + fatal("Invalid keyfile %s: %s", + predecessor, isc_result_totext(ret)); + if (!dst_key_isprivate(prevkey)) + fatal("%s is not a private key", predecessor); + + name = dst_key_name(prevkey); + alg = dst_key_alg(prevkey); + flags = dst_key_flags(prevkey); + + dst_key_format(prevkey, keystr, sizeof(keystr)); + dst_key_getprivateformat(prevkey, &major, &minor); + if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION) + fatal("Key %s has incompatible format version %d.%d\n\t" + "It is not possible to generate a successor key.", + keystr, major, minor); + + ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when); + if (ret != ISC_R_SUCCESS) + fatal("Key %s has no activation date.\n\t" + "You must use dnssec-settime -A to set one " + "before generating a successor.", keystr); - if (use_nsec3 && - alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 && - alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 && - alg != DST_ALG_ECCGOST && - alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) { - fatal("%s is incompatible with NSEC3; " - "do not use the -3 option", algname); - } + ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate); + if (ret != ISC_R_SUCCESS) + fatal("Key %s has no inactivation date.\n\t" + "You must use dnssec-settime -I to set one " + "before generating a successor.", keystr); + + publish = activate - prepub; + if (publish < now) + fatal("Key %s becomes inactive\n\t" + "sooner than the prepublication period " + "for the new key ends.\n\t" + "Either change the inactivation date with " + "dnssec-settime -I,\n\t" + "or use the -i option to set a shorter " + "prepublication interval.", keystr); + + ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when); + if (ret != ISC_R_SUCCESS) + fprintf(stderr, "%s: WARNING: Key %s has no removal " + "date;\n\t it will remain in the zone " + "indefinitely after rollover.\n\t " + "You can use dnssec-settime -D to " + "change this.\n", program, keystr); - if (type != NULL && (options & DST_TYPE_KEY) != 0) { - if (strcasecmp(type, "NOAUTH") == 0) - flags |= DNS_KEYTYPE_NOAUTH; - else if (strcasecmp(type, "NOCONF") == 0) - flags |= DNS_KEYTYPE_NOCONF; - else if (strcasecmp(type, "NOAUTHCONF") == 0) { - flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF); - } - else if (strcasecmp(type, "AUTHCONF") == 0) - /* nothing */; - else - fatal("invalid type %s", type); + setpub = setact = ISC_TRUE; } if (nametype == NULL) { @@ -446,16 +552,6 @@ main(int argc, char **argv) { fatal("a key with algorithm '%s' cannot be a zone key", algname); - dns_fixedname_init(&fname); - name = dns_fixedname_name(&fname); - isc_buffer_init(&buf, argv[isc_commandline_index], - strlen(argv[isc_commandline_index])); - isc_buffer_add(&buf, strlen(argv[isc_commandline_index])); - ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL); - if (ret != ISC_R_SUCCESS) - fatal("invalid key name %s: %s", argv[isc_commandline_index], - isc_result_totext(ret)); - isc_buffer_init(&buf, filename, sizeof(filename) - 1); /* associate the key */ @@ -570,6 +666,8 @@ main(int argc, char **argv) { isc_result_totext(ret)); printf("%s\n", filename); dst_key_free(&key); + if (prevkey != NULL) + dst_key_free(&prevkey); cleanup_logging(&log); cleanup_entropy(&ectx); diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook index 0dd3c0ea66b8c..a47c95589f646 100644 --- a/bin/dnssec/dnssec-keyfromlabel.docbook +++ b/bin/dnssec/dnssec-keyfromlabel.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ --> <refentry id="man.dnssec-keyfromlabel"> <refentryinfo> - <date>February 8, 2008</date> + <date>February 27, 2014</date> </refentryinfo> <refmeta> @@ -41,6 +40,7 @@ <year>2010</year> <year>2011</year> <year>2012</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -58,6 +58,7 @@ <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg> <arg><option>-G</option></arg> <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg> + <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg> <arg><option>-k</option></arg> <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg> @@ -65,8 +66,10 @@ <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg> <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg> + <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>-y</option></arg> <arg choice="req">name</arg> </cmdsynopsis> @@ -75,9 +78,12 @@ <refsect1> <title>DESCRIPTION</title> <para><command>dnssec-keyfromlabel</command> - gets keys with the given label from a crypto hardware and builds - key files for DNSSEC (Secure DNS), as defined in RFC 2535 - and RFC 4034. + generates a key pair of files that referencing a key object stored + in a cryptographic hardware service module (HSM). The private key + file can be used for DNSSEC signing of zone data as if it were a + conventional signing key created by <command>dnssec-keygen</command>, + but the key material is stored within the HSM, and the actual signing + takes place there. </para> <para> The <option>name</option> of the key is specified on the command @@ -264,6 +270,21 @@ </varlistentry> <varlistentry> + <term>-S <replaceable class="parameter">key</replaceable></term> + <listitem> + <para> + Generate a key as an explicit successor to an existing key. + The name, algorithm, size, and type of the key will be set + to match the predecessor. The activation date of the new + key will be set to the inactivation date of the existing + one. The publication date will be set to the activation + date minus the prepublication interval, which defaults to + 30 days. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-t <replaceable class="parameter">type</replaceable></term> <listitem> <para> @@ -285,6 +306,15 @@ </varlistentry> <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-y</term> <listitem> <para> @@ -311,7 +341,8 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </para> <variablelist> @@ -371,6 +402,34 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>-i <replaceable class="parameter">interval</replaceable></term> + <listitem> + <para> + Sets the prepublication interval for a key. If set, then + the publication and activation dates must be separated by at least + this much time. If the activation date is specified but the + publication date isn't, then the publication date will default + to this much time before the activation date; conversely, if + the publication date is specified but activation date isn't, + then activation will be set to this much time after publication. + </para> + <para> + If the key is being created as an explicit successor to another + key, then the default prepublication interval is 30 days; + otherwise it is zero. + </para> + <para> + As with date offsets, if the argument is followed by one of + the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the + interval is measured in years, months, weeks, days, hours, + or minutes, respectively. Without a suffix, the interval is + measured in seconds. + </para> + </listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index f0e2c5c3b86e9..36971c466adc8 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2008-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -28,14 +28,17 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543507"></a><h2>DESCRIPTION</h2> +<a name="id2543539"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keyfromlabel</strong></span> - gets keys with the given label from a crypto hardware and builds - key files for DNSSEC (Secure DNS), as defined in RFC 2535 - and RFC 4034. + generates a key pair of files that referencing a key object stored + in a cryptographic hardware service module (HSM). The private key + file can be used for DNSSEC signing of zone data as if it were a + conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>, + but the key material is stored within the HSM, and the actual signing + takes place there. </p> <p> The <code class="option">name</code> of the key is specified on the command @@ -44,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543525"></a><h2>OPTIONS</h2> +<a name="id2543560"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -151,6 +154,16 @@ Other possible values for this argument are listed in RFC 2535 and its successors. </p></dd> +<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt> +<dd><p> + Generate a key as an explicit successor to an existing key. + The name, algorithm, size, and type of the key will be set + to match the predecessor. The activation date of the new + key will be set to the inactivation date of the existing + one. The publication date will be set to the activation + date minus the prepublication interval, which defaults to + 30 days. + </p></dd> <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt> <dd><p> Indicates the use of the key. <code class="option">type</code> must be @@ -162,6 +175,10 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> <dt><span class="term">-y</span></dt> <dd><p> Allows DNSSEC key files to be generated even if the key ID @@ -173,7 +190,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543980"></a><h2>TIMING OPTIONS</h2> +<a name="id2544046"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -182,7 +199,8 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </p> <div class="variablelist"><dl> <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt> @@ -217,10 +235,34 @@ date, the key will no longer be included in the zone. (It may remain in the key repository, however.) </p></dd> +<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt> +<dd> +<p> + Sets the prepublication interval for a key. If set, then + the publication and activation dates must be separated by at least + this much time. If the activation date is specified but the + publication date isn't, then the publication date will default + to this much time before the activation date; conversely, if + the publication date is specified but activation date isn't, + then activation will be set to this much time after publication. + </p> +<p> + If the key is being created as an explicit successor to another + key, then the default prepublication interval is 30 days; + otherwise it is zero. + </p> +<p> + As with date offsets, if the argument is followed by one of + the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the + interval is measured in years, months, weeks, days, hours, + or minutes, respectively. Without a suffix, the interval is + measured in seconds. + </p> +</dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543054"></a><h2>GENERATED KEY FILES</h2> +<a name="id2543008"></a><h2>GENERATED KEY FILES</h2> <p> When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes successfully, @@ -259,7 +301,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543127"></a><h2>SEE ALSO</h2> +<a name="id2543080"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -267,7 +309,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543160"></a><h2>AUTHOR</h2> +<a name="id2543113"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 90daddd15690c..11d7e4f013665 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: dnssec\-keygen .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: February 07, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9" +.TH "DNSSEC\-KEYGEN" "8" "February 07, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ dnssec\-keygen \- DNSSEC key generation tool .SH "SYNOPSIS" .HP 14 -\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name} +\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-z\fR] {name} .SH "DESCRIPTION" .PP \fBdnssec\-keygen\fR @@ -197,9 +197,14 @@ must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. .RS 4 Sets the debugging level. .RE +.PP +\-V +.RS 4 +Prints version information. +.RE .SH "TIMING OPTIONS" .PP -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To explicitly prevent a date from being set, use 'none' or 'never'. .PP \-P \fIdate/offset\fR .RS 4 @@ -208,7 +213,7 @@ Sets the date on which a key is to be published to the zone. After that date, th .PP \-A \fIdate/offset\fR .RS 4 -Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now". +Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now". If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval. .RE .PP \-R \fIdate/offset\fR @@ -302,7 +307,7 @@ RFC 4034. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 706182977e283..26504410db2e0 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -1,5 +1,5 @@ /* - * Portions Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -29,8 +29,6 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.120 2011/11/30 00:48:51 marka Exp $ */ - /*! \file */ #include <config.h> @@ -142,6 +140,7 @@ usage(void) { fprintf(stderr, " -m <memory debugging mode>:\n"); fprintf(stderr, " usage | trace | record | size | mctx\n"); fprintf(stderr, " -v <level>: set verbosity level (0 - 10)\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, "Timing options:\n"); fprintf(stderr, " -P date/[+-]offset/none: set key publication date " "(default: now)\n"); @@ -257,7 +256,8 @@ main(int argc, char **argv) { /* * Process memory debugging argument first. */ -#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:v:" +#define CMDLINE_FLAGS "3A:a:b:Cc:D:d:E:eFf:Gg:hI:i:K:kL:m:n:P:p:qR:r:S:s:T:t:" \ + "v:V" while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'm': @@ -343,10 +343,7 @@ main(int argc, char **argv) { "To generate a key with TYPE=KEY, use -T KEY.\n"); break; case 'L': - if (strcmp(isc_commandline_argument, "none") == 0) - ttl = 0; - else - ttl = strtottl(isc_commandline_argument); + ttl = strtottl(isc_commandline_argument); setttl = ISC_TRUE; break; case 'n': @@ -403,61 +400,41 @@ main(int argc, char **argv) { if (setpub || unsetpub) fatal("-P specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setpub = ISC_TRUE; - publish = strtotime(isc_commandline_argument, - now, now); - } else { - unsetpub = ISC_TRUE; - } + publish = strtotime(isc_commandline_argument, + now, now, &setpub); + unsetpub = !setpub; break; case 'A': if (setact || unsetact) fatal("-A specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setact = ISC_TRUE; - activate = strtotime(isc_commandline_argument, - now, now); - } else { - unsetact = ISC_TRUE; - } + activate = strtotime(isc_commandline_argument, + now, now, &setact); + unsetact = !setact; break; case 'R': if (setrev || unsetrev) fatal("-R specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setrev = ISC_TRUE; - revoke = strtotime(isc_commandline_argument, - now, now); - } else { - unsetrev = ISC_TRUE; - } + revoke = strtotime(isc_commandline_argument, + now, now, &setrev); + unsetrev = !setrev; break; case 'I': if (setinact || unsetinact) fatal("-I specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setinact = ISC_TRUE; - inactive = strtotime(isc_commandline_argument, - now, now); - } else { - unsetinact = ISC_TRUE; - } + inactive = strtotime(isc_commandline_argument, + now, now, &setinact); + unsetinact = !setinact; break; case 'D': if (setdel || unsetdel) fatal("-D specified more than once"); - if (strcasecmp(isc_commandline_argument, "none")) { - setdel = ISC_TRUE; - delete = strtotime(isc_commandline_argument, - now, now); - } else { - unsetdel = ISC_TRUE; - } + delete = strtotime(isc_commandline_argument, + now, now, &setdel); + unsetdel = !setdel; break; case 'S': predecessor = isc_commandline_argument; @@ -474,8 +451,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* FALLTHROUGH */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); @@ -936,9 +918,9 @@ main(int argc, char **argv) { if (setpub) dst_key_settime(key, DST_TIME_PUBLISH, publish); - else if (setact) + else if (setact && !unsetpub) dst_key_settime(key, DST_TIME_PUBLISH, - activate); + activate - prepub); else if (!genonly && !unsetpub) dst_key_settime(key, DST_TIME_PUBLISH, now); diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index bc50c0226da26..725c4e1cbb2f5 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ --> <refentry id="man.dnssec-keygen"> <refentryinfo> - <date>June 30, 2000</date> + <date>February 07, 2014</date> </refentryinfo> <refmeta> @@ -45,6 +44,7 @@ <year>2010</year> <year>2011</year> <year>2012</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -86,6 +86,7 @@ <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg> <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>-z</option></arg> <arg choice="req">name</arg> </cmdsynopsis> @@ -417,6 +418,15 @@ </listitem> </varlistentry> + <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + </variablelist> </refsect1> @@ -431,7 +441,8 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </para> <variablelist> @@ -454,7 +465,9 @@ Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the -G option has not been used, the - default is "now". + default is "now". If set, if and -P is not set, then + the publication date will be set to the activation date + minus the prepublication interval. </para> </listitem> </varlistentry> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index ecf512b165f83..43837abecb11c 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543590"></a><h2>DESCRIPTION</h2> +<a name="id2543605"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543608"></a><h2>OPTIONS</h2> +<a name="id2543623"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -253,10 +253,14 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544187"></a><h2>TIMING OPTIONS</h2> +<a name="id2544216"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -265,7 +269,8 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. + is computed in seconds. To explicitly prevent a date from being + set, use 'none' or 'never'. </p> <div class="variablelist"><dl> <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt> @@ -280,7 +285,9 @@ Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the -G option has not been used, the - default is "now". + default is "now". If set, if and -P is not set, then + the publication date will be set to the activation date + minus the prepublication interval. </p></dd> <dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt> <dd><p> @@ -327,7 +334,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544377"></a><h2>GENERATED KEYS</h2> +<a name="id2544406"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, @@ -373,7 +380,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544459"></a><h2>EXAMPLE</h2> +<a name="id2544625"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -394,7 +401,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544571"></a><h2>SEE ALSO</h2> +<a name="id2544668"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2539</em>, @@ -403,7 +410,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544602"></a><h2>AUTHOR</h2> +<a name="id2544699"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8 index 2af719e249df7..eb87545575567 100644 --- a/bin/dnssec/dnssec-revoke.8 +++ b/bin/dnssec/dnssec-revoke.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: dnssec\-revoke .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 1, 2009 +.\" Date: October 20, 2011 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-REVOKE" "8" "June 1, 2009" "BIND9" "BIND9" +.TH "DNSSEC\-REVOKE" "8" "October 20, 2011" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -32,7 +32,7 @@ dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key .SH "SYNOPSIS" .HP 14 -\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile} +\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-revoke\fR @@ -59,6 +59,11 @@ After writing the new keyset files remove the original keyset files. Sets the debugging level. .RE .PP +\-V +.RS 4 +Prints version information. +.RE +.PP \-E \fIengine\fR .RS 4 Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine. @@ -84,5 +89,5 @@ RFC 5011. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c index 7b115810642e7..0b9a1f59ea611 100644 --- a/bin/dnssec/dnssec-revoke.c +++ b/bin/dnssec/dnssec-revoke.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */ - /*! \file */ #include <config.h> @@ -65,6 +63,7 @@ usage(void) { fprintf(stderr, " -r: remove old keyfiles after " "creating revoked version\n"); fprintf(stderr, " -v level: set level of verbosity\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, "Output:\n"); fprintf(stderr, " K<name>+<alg>+<new id>.key, " "K<name>+<alg>+<new id>.private\n"); @@ -104,7 +103,7 @@ main(int argc, char **argv) { isc_commandline_errprint = ISC_FALSE; - while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:")) != -1) { + while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) { switch (ch) { case 'E': engine = isc_commandline_argument; @@ -140,8 +139,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* Falls into */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); @@ -249,12 +253,10 @@ main(int argc, char **argv) { dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf); if (strcmp(oldname, newname) == 0) goto cleanup; - if (access(oldname, F_OK) == 0) - unlink(oldname); + (void)unlink(oldname); isc_buffer_clear(&buf); dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf); - if (access(oldname, F_OK) == 0) - unlink(oldname); + (void)unlink(oldname); } } else { dst_key_format(key, keystr, sizeof(keystr)); diff --git a/bin/dnssec/dnssec-revoke.docbook b/bin/dnssec/dnssec-revoke.docbook index 4062f5e0407de..85463d682cda2 100644 --- a/bin/dnssec/dnssec-revoke.docbook +++ b/bin/dnssec/dnssec-revoke.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ --> <refentry id="man.dnssec-revoke"> <refentryinfo> - <date>June 1, 2009</date> + <date>October 20, 2011</date> </refentryinfo> <refmeta> @@ -38,6 +37,7 @@ <copyright> <year>2009</year> <year>2011</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -47,6 +47,7 @@ <command>dnssec-revoke</command> <arg><option>-hr</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg> <arg><option>-f</option></arg> @@ -106,6 +107,15 @@ </varlistentry> <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-E <replaceable class="parameter">engine</replaceable></term> <listitem> <para> diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html index b3b71b961cf42..d09b7dcd378a9 100644 --- a/bin/dnssec/dnssec-revoke.html +++ b/bin/dnssec/dnssec-revoke.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543382"></a><h2>DESCRIPTION</h2> +<a name="id2543397"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-revoke</strong></span> reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -39,7 +39,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543394"></a><h2>OPTIONS</h2> +<a name="id2543409"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-h</span></dt> <dd><p> @@ -58,6 +58,10 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> <dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt> <dd><p> Use the given OpenSSL engine. When compiled with PKCS#11 support @@ -77,14 +81,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543512"></a><h2>SEE ALSO</h2> +<a name="id2543541"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 5011</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543537"></a><h2>AUTHOR</h2> +<a name="id2543565"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8 index 7c0c3b2892855..87bc52dc7839b 100644 --- a/bin/dnssec/dnssec-settime.8 +++ b/bin/dnssec/dnssec-settime.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: dnssec\-settime .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: July 15, 2009 +.\" Date: February 07, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-SETTIME" "8" "July 15, 2009" "BIND9" "BIND9" +.TH "DNSSEC\-SETTIME" "8" "February 07, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -32,7 +32,7 @@ dnssec\-settime \- Set the key timing metadata for a DNSSEC key .SH "SYNOPSIS" .HP 15 -\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} +\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-settime\fR @@ -81,6 +81,11 @@ removes it. Emit usage message and exit. .RE .PP +\-V +.RS 4 +Prints version information. +.RE +.PP \-v \fIlevel\fR .RS 4 Sets the debugging level. @@ -92,7 +97,7 @@ Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to .RE .SH "TIMING OPTIONS" .PP -Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none'. +Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none' or 'never'. .PP \-P \fIdate/offset\fR .RS 4 @@ -171,5 +176,5 @@ RFC 5011. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009\-2011, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c index 108d8033c126c..88f8cf1683310 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */ - /*! \file */ #include <config.h> @@ -68,6 +66,7 @@ usage(void) { fprintf(stderr, " -K directory: set key file location\n"); fprintf(stderr, " -L ttl: set default key TTL\n"); fprintf(stderr, " -v level: set level of verbosity\n"); + fprintf(stderr, " -V: print version information\n"); fprintf(stderr, " -h: help\n"); fprintf(stderr, "Timing options:\n"); fprintf(stderr, " -P date/[+-]offset/none: set/unset key " @@ -171,7 +170,7 @@ main(int argc, char **argv) { isc_stdtime_get(&now); -#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:" +#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:V" while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'E': @@ -236,10 +235,7 @@ main(int argc, char **argv) { } break; case 'L': - if (strcmp(isc_commandline_argument, "none") == 0) - ttl = 0; - else - ttl = strtottl(isc_commandline_argument); + ttl = strtottl(isc_commandline_argument); setttl = ISC_TRUE; break; case 'v': @@ -252,65 +248,45 @@ main(int argc, char **argv) { fatal("-P specified more than once"); changed = ISC_TRUE; - if (!strcasecmp(isc_commandline_argument, "none")) { - unsetpub = ISC_TRUE; - } else { - setpub = ISC_TRUE; - pub = strtotime(isc_commandline_argument, - now, now); - } + pub = strtotime(isc_commandline_argument, + now, now, &setpub); + unsetpub = !setpub; break; case 'A': if (setact || unsetact) fatal("-A specified more than once"); changed = ISC_TRUE; - if (!strcasecmp(isc_commandline_argument, "none")) { - unsetact = ISC_TRUE; - } else { - setact = ISC_TRUE; - act = strtotime(isc_commandline_argument, - now, now); - } + act = strtotime(isc_commandline_argument, + now, now, &setact); + unsetact = !setact; break; case 'R': if (setrev || unsetrev) fatal("-R specified more than once"); changed = ISC_TRUE; - if (!strcasecmp(isc_commandline_argument, "none")) { - unsetrev = ISC_TRUE; - } else { - setrev = ISC_TRUE; - rev = strtotime(isc_commandline_argument, - now, now); - } + rev = strtotime(isc_commandline_argument, + now, now, &setrev); + unsetrev = !setrev; break; case 'I': if (setinact || unsetinact) fatal("-I specified more than once"); changed = ISC_TRUE; - if (!strcasecmp(isc_commandline_argument, "none")) { - unsetinact = ISC_TRUE; - } else { - setinact = ISC_TRUE; - inact = strtotime(isc_commandline_argument, - now, now); - } + inact = strtotime(isc_commandline_argument, + now, now, &setinact); + unsetinact = !setinact; break; case 'D': if (setdel || unsetdel) fatal("-D specified more than once"); changed = ISC_TRUE; - if (!strcasecmp(isc_commandline_argument, "none")) { - unsetdel = ISC_TRUE; - } else { - setdel = ISC_TRUE; - del = strtotime(isc_commandline_argument, - now, now); - } + del = strtotime(isc_commandline_argument, + now, now, &setdel); + unsetdel = !setdel; break; case 'S': predecessor = isc_commandline_argument; @@ -324,8 +300,13 @@ main(int argc, char **argv) { program, isc_commandline_option); /* Falls into */ case 'h': + /* Does not return. */ usage(); + case 'V': + /* Does not return. */ + version(program); + default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index bc6870b132129..b2c6a2a2398ad 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ --> <refentry id="man.dnssec-settime"> <refentryinfo> - <date>July 15, 2009</date> + <date>February 07, 2014</date> </refentryinfo> <refmeta> @@ -39,6 +38,7 @@ <year>2009</year> <year>2010</year> <year>2011</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -55,6 +55,7 @@ <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg> <arg><option>-h</option></arg> + <arg><option>-V</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg> <arg choice="req">keyfile</arg> @@ -141,6 +142,15 @@ </varlistentry> <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-v <replaceable class="parameter">level</replaceable></term> <listitem> <para> @@ -171,7 +181,7 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. To unset a date, use 'none'. + is computed in seconds. To unset a date, use 'none' or 'never'. </para> <variablelist> diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html index 7b022658c058f..6cf3d2aab10d1 100644 --- a/bin/dnssec/dnssec-settime.html +++ b/bin/dnssec/dnssec-settime.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543432"></a><h2>DESCRIPTION</h2> +<a name="id2543447"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-settime</strong></span> reads a DNSSEC private key file and sets the key timing metadata as specified by the <code class="option">-P</code>, <code class="option">-A</code>, @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543480"></a><h2>OPTIONS</h2> +<a name="id2543495"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-f</span></dt> <dd><p> @@ -87,6 +87,10 @@ <dd><p> Emit usage message and exit. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> <dd><p> Sets the debugging level. @@ -99,7 +103,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543664"></a><h2>TIMING OPTIONS</h2> +<a name="id2543692"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -108,7 +112,7 @@ then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset - is computed in seconds. To unset a date, use 'none'. + is computed in seconds. To unset a date, use 'none' or 'never'. </p> <div class="variablelist"><dl> <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt> @@ -178,7 +182,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543802"></a><h2>PRINTING OPTIONS</h2> +<a name="id2543831"></a><h2>PRINTING OPTIONS</h2> <p> <span><strong class="command">dnssec-settime</strong></span> can also be used to print the timing metadata associated with a key. @@ -204,7 +208,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543880"></a><h2>SEE ALSO</h2> +<a name="id2543909"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -212,7 +216,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2542138"></a><h2>AUTHOR</h2> +<a name="id2543942"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index d35a54b999553..be2f5b34e0ad9 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: dnssec\-signzone .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 05, 2009 +.\" Date: December 11, 2013 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-SIGNZONE" "8" "June 05, 2009" "BIND9" "BIND9" +.TH "DNSSEC\-SIGNZONE" "8" "December 11, 2013" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ dnssec\-signzone \- DNSSEC zone signing tool .SH "SYNOPSIS" .HP 16 -\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...] +\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...] .SH "DESCRIPTION" .PP \fBdnssec\-signzone\fR @@ -159,6 +159,11 @@ Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. .RE .PP +\-V +.RS 4 +Prints version information. +.RE +.PP \-i \fIinterval\fR .RS 4 When a previously\-signed zone is passed as input, records may be resigned. The @@ -439,7 +444,7 @@ RFC 4641. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 0a13d9fa0a4e6..d3250d9c4c997 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -29,8 +29,6 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.285 2011/12/22 07:32:39 each Exp $ */ - /*! \file */ #include <config.h> @@ -500,6 +498,8 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name, result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_rrsig, set->type, 0, &sigset, NULL); if (result == ISC_R_NOTFOUND) { + vbprintf(2, "no existing signatures for %s/%s\n", + namestr, typestr); result = ISC_R_SUCCESS; nosigs = ISC_TRUE; } @@ -1652,10 +1652,14 @@ remove_records(dns_dbnode_t *node, dns_rdatatype_t which, } /* - * Remove signatures covering the given type (0 == all signatures). + * Remove signatures covering the given type. If type == 0, + * then remove all signatures, unless this is a delegation, in + * which case remove all signatures except for DS or nsec_datatype */ static void -remove_sigs(dns_dbnode_t *node, dns_rdatatype_t which) { +remove_sigs(dns_dbnode_t *node, isc_boolean_t delegation, + dns_rdatatype_t which) +{ isc_result_t result; dns_rdatatype_t type, covers; dns_rdatasetiter_t *rdsiter = NULL; @@ -1672,14 +1676,21 @@ remove_sigs(dns_dbnode_t *node, dns_rdatatype_t which) { covers = rdataset.covers; dns_rdataset_disassociate(&rdataset); - if (type == dns_rdatatype_rrsig && - (covers == which || which == 0)) - { - result = dns_db_deleterdataset(gdb, node, gversion, - type, covers); - check_result(result, "dns_db_deleterdataset()"); + if (type != dns_rdatatype_rrsig) continue; - } + + if (which == 0 && delegation && + (dns_rdatatype_atparent(covers) || + (nsec_datatype == dns_rdatatype_nsec && + covers == nsec_datatype))) + continue; + + if (which != 0 && covers != which) + continue; + + result = dns_db_deleterdataset(gdb, node, gversion, + type, covers); + check_result(result, "dns_db_deleterdataset()"); } dns_rdatasetiter_destroy(&rdsiter); } @@ -1766,7 +1777,7 @@ nsecify(void) { if (is_delegation(gdb, gversion, gorigin, name, node, &nsttl)) { zonecut = dns_fixedname_name(&fzonecut); dns_name_copy(name, zonecut, NULL); - remove_sigs(node, 0); + remove_sigs(node, ISC_TRUE, 0); if (generateds) add_ds(name, node, nsttl); } @@ -1788,7 +1799,7 @@ nsecify(void) { (zonecut != NULL && dns_name_issubdomain(nextname, zonecut))) { - remove_sigs(nextnode, 0); + remove_sigs(nextnode, ISC_FALSE, 0); remove_records(nextnode, dns_rdatatype_nsec, ISC_FALSE); dns_db_detachnode(gdb, &nextnode); @@ -2199,7 +2210,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations, if (!dns_name_issubdomain(nextname, gorigin) || (zonecut != NULL && dns_name_issubdomain(nextname, zonecut))) { - remove_sigs(nextnode, 0); + remove_sigs(nextnode, ISC_FALSE, 0); dns_db_detachnode(gdb, &nextnode); result = dns_dbiterator_next(dbiter); continue; @@ -2209,7 +2220,7 @@ nsec3ify(unsigned int hashalg, dns_iterations_t iterations, { zonecut = dns_fixedname_name(&fzonecut); dns_name_copy(nextname, zonecut, NULL); - remove_sigs(nextnode, 0); + remove_sigs(nextnode, ISC_TRUE, 0); if (generateds) add_ds(nextname, nextnode, nsttl); if (OPTOUT(nsec3flags) && @@ -2540,7 +2551,7 @@ report(const char *format, ...) { } static void -build_final_keylist() { +build_final_keylist(void) { isc_result_t result; dns_dbversion_t *ver = NULL; dns_diff_t diff; @@ -2926,6 +2937,7 @@ usage(void) { fprintf(stderr, "\t-j jitter:\n"); fprintf(stderr, "\t\trandomize signature end time up to jitter seconds\n"); fprintf(stderr, "\t-v debuglevel (0)\n"); + fprintf(stderr, "\t-V:\tprint version information\n"); fprintf(stderr, "\t-o origin:\n"); fprintf(stderr, "\t\tzone origin (name of zonefile)\n"); fprintf(stderr, "\t-f outfile:\n"); @@ -2981,6 +2993,7 @@ usage(void) { fprintf(stderr, "Signing Keys: "); fprintf(stderr, "(default: all zone keys that have private keys)\n"); fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n"); + exit(0); } @@ -3063,7 +3076,7 @@ main(int argc, char *argv[]) { /* Unused letters: Bb G J M q Yy (and F is reserved). */ #define CMDLINE_FLAGS \ - "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:L:l:m:n:N:o:O:PpQRr:s:ST:tuUv:X:xzZ:" + "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:L:l:m:n:N:o:O:PpQRr:s:ST:tuUv:VX:xzZ:" /* * Process memory debugging argument first. @@ -3180,10 +3193,6 @@ main(int argc, char *argv[]) { fatal("iterations too big"); break; - case 'h': - usage(); - break; - case 'I': inputformatstr = isc_commandline_argument; break; @@ -3330,17 +3339,24 @@ main(int argc, char *argv[]) { if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); + /* FALLTHROUGH */ + case 'h': + /* Does not return. */ usage(); + + case 'V': + /* Does not return. */ + version(program); + + case 'Z': /* Undocumented test options */ + if (!strcmp(isc_commandline_argument, "nonsecify")) + nonsecify = ISC_TRUE; break; default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); - case 'Z': /* Undocumented test options */ - if (!strcmp(isc_commandline_argument, "nonsecify")) - nonsecify = ISC_TRUE; - break; } } @@ -3361,17 +3377,18 @@ main(int argc, char *argv[]) { isc_stdtime_get(&now); if (startstr != NULL) { - starttime = strtotime(startstr, now, now); + starttime = strtotime(startstr, now, now, NULL); } else starttime = now - 3600; /* Allow for some clock skew. */ if (endstr != NULL) - endtime = strtotime(endstr, now, starttime); + endtime = strtotime(endstr, now, starttime, NULL); else endtime = starttime + (30 * 24 * 60 * 60); if (dnskey_endstr != NULL) { - dnskey_endtime = strtotime(dnskey_endstr, now, starttime); + dnskey_endtime = strtotime(dnskey_endstr, now, starttime, + NULL); if (endstr != NULL && dnskey_endtime == endtime) fprintf(stderr, "WARNING: -e and -X were both set, " "but have identical values.\n"); diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index a1adafd042017..4a092112c76f1 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> - <date>June 05, 2009</date> + <date>December 11, 2013</date> </refentryinfo> <refmeta> @@ -45,6 +44,7 @@ <year>2009</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -88,6 +88,7 @@ <arg><option>-t</option></arg> <arg><option>-u</option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg> <arg><option>-x</option></arg> <arg><option>-z</option></arg> @@ -309,6 +310,15 @@ </varlistentry> <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-i <replaceable class="parameter">interval</replaceable></term> <listitem> <para> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 65abf80eb53db..3995507201b60 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543629"></a><h2>DESCRIPTION</h2> +<a name="id2543644"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543644"></a><h2>OPTIONS</h2> +<a name="id2543659"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -165,6 +165,10 @@ Prints a short summary of the options and arguments to <span><strong class="command">dnssec-signzone</strong></span>. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt> <dd> <p> @@ -461,7 +465,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2545153"></a><h2>EXAMPLE</h2> +<a name="id2545181"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -491,14 +495,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2545208"></a><h2>SEE ALSO</h2> +<a name="id2545237"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2545236"></a><h2>AUTHOR</h2> +<a name="id2545265"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-verify.8 b/bin/dnssec/dnssec-verify.8 index 1de88fa03a2d6..df4278333dd71 100644 --- a/bin/dnssec/dnssec-verify.8 +++ b/bin/dnssec/dnssec-verify.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: dnssec\-verify .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: April 12, 2012 +.\" Date: June 26, 2012 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "DNSSEC\-VERIFY" "8" "April 12, 2012" "BIND9" "BIND9" +.TH "DNSSEC\-VERIFY" "8" "June 26, 2012" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -32,7 +32,7 @@ dnssec\-verify \- DNSSEC zone verification tool .SH "SYNOPSIS" .HP 14 -\fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile} +\fBdnssec\-verify\fR [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-x\fR] [\fB\-z\fR] {zonefile} .SH "DESCRIPTION" .PP \fBdnssec\-verify\fR @@ -62,6 +62,11 @@ The zone origin. If not specified, the name of the zone file is assumed to be th Sets the debugging level. .RE .PP +\-V +.RS 4 +Prints version information. +.RE +.PP \-x .RS 4 Only verify that the DNSKEY RRset is signed with key\-signing keys. Without this flag, it is assumed that the DNSKEY RRset will be signed by all active keys. When this flag is set, it will not be an error if the DNSKEY RRset is not signed by zone\-signing keys. This corresponds to the @@ -93,5 +98,5 @@ RFC 4033. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2012 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2012, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c index 682896cb768ca..09e5211d47af7 100644 --- a/bin/dnssec/dnssec-verify.c +++ b/bin/dnssec/dnssec-verify.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,8 +14,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-verify.c,v 1.1.2.1 2011/03/16 06:37:51 each Exp $ */ - /*! \file */ #include <config.h> @@ -131,6 +129,7 @@ usage(void) { fprintf(stderr, "Options: (default value in parenthesis) \n"); fprintf(stderr, "\t-v debuglevel (0)\n"); + fprintf(stderr, "\t-V:\tprint version information\n"); fprintf(stderr, "\t-o origin:\n"); fprintf(stderr, "\t\tzone origin (name of zonefile)\n"); fprintf(stderr, "\t-I format:\n"); @@ -162,10 +161,11 @@ main(int argc, char *argv[]) { #endif char *classname = NULL; dns_rdataclass_t rdclass; - char ch, *endp; + char *endp; + int ch; #define CMDLINE_FLAGS \ - "m:o:I:c:E:v:xz" + "hm:o:I:c:E:v:Vxz" /* * Process memory debugging argument first. @@ -209,10 +209,6 @@ main(int argc, char *argv[]) { engine = isc_commandline_argument; break; - case 'h': - usage(); - break; - case 'I': inputformatstr = isc_commandline_argument; break; @@ -243,8 +239,15 @@ main(int argc, char *argv[]) { if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); + /* FALLTHROUGH */ + + case 'h': + /* Does not return. */ usage(); - break; + + case 'V': + /* Does not return. */ + version(program); default: fprintf(stderr, "%s: unhandled option -%c\n", diff --git a/bin/dnssec/dnssec-verify.docbook b/bin/dnssec/dnssec-verify.docbook index 0835df1d5ea3d..d3c47c9c15a6e 100644 --- a/bin/dnssec/dnssec-verify.docbook +++ b/bin/dnssec/dnssec-verify.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-verify.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ --> <refentry id="man.dnssec-verify"> <refentryinfo> - <date>April 12, 2012</date> + <date>June 26, 2012</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2012</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -49,6 +49,7 @@ <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg> <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg> <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> + <arg><option>-V</option></arg> <arg><option>-x</option></arg> <arg><option>-z</option></arg> <arg choice="req">zonefile</arg> @@ -113,6 +114,15 @@ </varlistentry> <varlistentry> + <term>-V</term> + <listitem> + <para> + Prints version information. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-x</term> <listitem> <para> diff --git a/bin/dnssec/dnssec-verify.html b/bin/dnssec/dnssec-verify.html index 135556f51001c..8e237668992ae 100644 --- a/bin/dnssec/dnssec-verify.html +++ b/bin/dnssec/dnssec-verify.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-verify</code> [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543390"></a><h2>DESCRIPTION</h2> +<a name="id2543405"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-verify</strong></span> verifies that a zone is fully signed for each algorithm found in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 @@ -39,7 +39,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543402"></a><h2>OPTIONS</h2> +<a name="id2543417"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt> <dd><p> @@ -65,6 +65,10 @@ <dd><p> Sets the debugging level. </p></dd> +<dt><span class="term">-V</span></dt> +<dd><p> + Prints version information. + </p></dd> <dt><span class="term">-x</span></dt> <dd><p> Only verify that the DNSKEY RRset is signed with key-signing @@ -101,7 +105,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543543"></a><h2>SEE ALSO</h2> +<a name="id2543640"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -109,7 +113,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543637"></a><h2>AUTHOR</h2> +<a name="id2543666"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c index 74698e1b17ec1..b1d1ed664bf2b 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssectool.c,v 1.63 2011/10/21 03:55:33 marka Exp $ */ - /*! \file */ /*% @@ -122,6 +120,12 @@ vbprintf(int level, const char *fmt, ...) { } void +version(const char *program) { + fprintf(stderr, "%s %s\n", program, VERSION); + exit(0); +} + +void type_format(const dns_rdatatype_t type, char *cp, unsigned int size) { isc_buffer_t b; isc_region_t r; @@ -300,12 +304,21 @@ time_units(isc_stdtime_t offset, char *suffix, const char *str) { return(0); /* silence compiler warning */ } +static inline isc_boolean_t +isnone(const char *str) { + return (ISC_TF((strcasecmp(str, "none") == 0) || + (strcasecmp(str, "never") == 0))); +} + dns_ttl_t strtottl(const char *str) { const char *orig = str; dns_ttl_t ttl; char *endp; + if (isnone(str)) + return ((dns_ttl_t) 0); + ttl = strtol(str, &endp, 0); if (ttl == 0 && endp == str) fatal("TTL must be numeric"); @@ -314,12 +327,23 @@ strtottl(const char *str) { } isc_stdtime_t -strtotime(const char *str, isc_int64_t now, isc_int64_t base) { +strtotime(const char *str, isc_int64_t now, isc_int64_t base, + isc_boolean_t *setp) +{ isc_int64_t val, offset; isc_result_t result; const char *orig = str; char *endp; - int n; + size_t n; + + if (isnone(str)) { + if (setp != NULL) + *setp = ISC_FALSE; + return ((isc_stdtime_t) 0); + } + + if (setp != NULL) + *setp = ISC_TRUE; if ((str[0] == '0' || str[0] == '-') && str[1] == '\0') return ((isc_stdtime_t) 0); @@ -332,14 +356,14 @@ strtotime(const char *str, isc_int64_t now, isc_int64_t base) { * [+-]offset */ n = strspn(str, "0123456789"); - if ((n == 8 || n == 14) && + if ((n == 8u || n == 14u) && (str[n] == '\0' || str[n] == '-' || str[n] == '+')) { char timestr[15]; strlcpy(timestr, str, sizeof(timestr)); timestr[n] = 0; - if (n == 8) + if (n == 8u) strlcat(timestr, "000000", sizeof(timestr)); result = dns_time64_fromtext(timestr, &val); if (result != ISC_R_SUCCESS) diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h index 09b4fb103b13b..f51bd0001a7b3 100644 --- a/bin/dnssec/dnssectool.h +++ b/bin/dnssec/dnssectool.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007-2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -46,6 +46,9 @@ void vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3); void +version(const char *program); + +void type_format(const dns_rdatatype_t type, char *cp, unsigned int size); #define TYPE_FORMATSIZE 20 @@ -68,7 +71,8 @@ cleanup_entropy(isc_entropy_t **ectx); dns_ttl_t strtottl(const char *str); isc_stdtime_t -strtotime(const char *str, isc_int64_t now, isc_int64_t base); +strtotime(const char *str, isc_int64_t now, isc_int64_t base, + isc_boolean_t *setp); dns_rdataclass_t strtoclass(const char *str); diff --git a/bin/named/bind9.ver3.xsl b/bin/named/bind9.ver3.xsl index 699bcb4830a56..6720154d0b5ba 100644 --- a/bin/named/bind9.ver3.xsl +++ b/bin/named/bind9.ver3.xsl @@ -267,6 +267,13 @@ <div class="header"> <h1>ISC Bind 9 Configuration and Statistics</h1> </div> + <p>Alternate statistics views: <a href="/">All</a>, + <a href="/xml/v3/status">Status</a>, + <a href="/xml/v3/server">Server</a>, + <a href="/xml/v3/zones">Zones</a>, + <a href="/xml/v3/net">Network</a>, + <a href="/xml/v3/tasks">Tasks</a> and + <a href="/xml/v3/mem">Memory</a></p> <hr/> <h2>Server Times</h2> <table class="info"> diff --git a/bin/named/bind9.ver3.xsl.h b/bin/named/bind9.ver3.xsl.h index 371e69c7a171d..b90ae594ed5ba 100644 --- a/bin/named/bind9.ver3.xsl.h +++ b/bin/named/bind9.ver3.xsl.h @@ -272,6 +272,13 @@ static char xslmsg[] = " <div class=\"header\">\n" " <h1>ISC Bind 9 Configuration and Statistics</h1>\n" " </div>\n" + " <p>Alternate statistics views: <a href=\"/\">All</a>,\n" + " <a href=\"/xml/v3/status\">Status</a>,\n" + " <a href=\"/xml/v3/server\">Server</a>,\n" + " <a href=\"/xml/v3/zones\">Zones</a>,\n" + " <a href=\"/xml/v3/net\">Network</a>,\n" + " <a href=\"/xml/v3/tasks\">Tasks</a> and\n" + " <a href=\"/xml/v3/mem\">Memory</a></p>\n" " <hr/>\n" " <h2>Server Times</h2>\n" " <table class=\"info\">\n" diff --git a/bin/named/client.c b/bin/named/client.c index e68f96defa2c3..aed3b178133c5 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -233,6 +233,8 @@ static void client_request(isc_task_t *task, isc_event_t *event); static void ns_client_dumpmessage(ns_client_t *client, const char *reason); static isc_result_t get_client(ns_clientmgr_t *manager, ns_interface_t *ifp, dns_dispatch_t *disp, isc_boolean_t tcp); +static inline isc_boolean_t +allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl); void ns_client_recursing(ns_client_t *client) { @@ -973,7 +975,19 @@ ns_client_send(ns_client_t *client) { result = dns_compress_init(&cctx, -1, client->mctx); if (result != ISC_R_SUCCESS) goto done; - dns_compress_setsensitive(&cctx, ISC_TRUE); + if (client->peeraddr_valid && client->view != NULL) { + isc_netaddr_t netaddr; + dns_name_t *name = NULL; + + isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); + if (client->message->tsigkey != NULL) + name = &client->message->tsigkey->name; + if (client->view->nocasecompress == NULL || + !allowed(&netaddr, name, client->view->nocasecompress)) + { + dns_compress_setsensitive(&cctx, ISC_TRUE); + } + } cleanup_cctx = ISC_TRUE; result = dns_message_renderbegin(client->message, &cctx, &buffer); @@ -1249,7 +1263,7 @@ client_addopt(ns_client_t *client) { dns_view_t *view; dns_resolver_t *resolver; isc_uint16_t udpsize; - dns_ednsopt_t ednsopts[2]; + dns_ednsopt_t ednsopts[DNS_EDNSOPTIONS]; int count = 0; unsigned int flags; @@ -1278,6 +1292,7 @@ client_addopt(ns_client_t *client) { } else nsidp = ns_g_server->server_id; + INSIST(count < DNS_EDNSOPTIONS); ednsopts[count].code = DNS_OPT_NSID; ednsopts[count].length = strlen(nsidp); ednsopts[count].value = (unsigned char *)nsidp; @@ -2820,6 +2835,9 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) { int len = 1024; isc_result_t result; + if (!isc_log_wouldlog(ns_g_lctx, ISC_LOG_DEBUG(1))) + return; + /* * Note that these are multiline debug messages. We want a newline * to appear in the log after each message. diff --git a/bin/named/config.c b/bin/named/config.c index 278272082ae26..ebc48cfc464ec 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */ - /*! \file */ #include <config.h> @@ -160,6 +158,8 @@ options {\n\ dnssec-accept-expired no;\n\ clients-per-query 10;\n\ max-clients-per-query 100;\n\ + max-recursion-depth 7;\n\ + max-recursion-queries 50;\n\ zero-no-soa-ttl-cache no;\n\ nsec3-test-zone no;\n\ allow-new-zones no;\n\ diff --git a/bin/named/control.c b/bin/named/control.c index 35312fee59f37..306bca0b27946 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2007, 2009-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -203,7 +203,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) { command_compare(command, NS_COMMAND_LOADKEYS)) { result = ns_server_rekey(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_ADDZONE)) { - result = ns_server_add_zone(ns_g_server, command); + result = ns_server_add_zone(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_DELZONE)) { result = ns_server_del_zone(ns_g_server, command, text); } else if (command_compare(command, NS_COMMAND_SIGNING)) { diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index 509a113b35976..a9d498401d496 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -24,6 +24,7 @@ #include <isc/base64.h> #include <isc/buffer.h> #include <isc/event.h> +#include <isc/file.h> #include <isc/mem.h> #include <isc/net.h> #include <isc/netaddr.h> @@ -811,6 +812,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { char secret[1024]; isc_buffer_t b; + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_CONTROL, ISC_LOG_INFO, + "configuring command channel from '%s'", + ns_g_keyfile); + if (! isc_file_exists(ns_g_keyfile)) + return (ISC_R_FILENOTFOUND); + CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx)); CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config)); CHECK(cfg_map_get(config, "key", &key)); diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 3beabb82b2f65..444729a98f775 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */ - #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 52ba94d295386..1680776cd991a 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -345,7 +345,7 @@ ns_server_validation(ns_server_t *server, char *args); * Add a zone to a running process */ isc_result_t -ns_server_add_zone(ns_server_t *server, char *args); +ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text); /*% * Deletes a zone from a running process diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 47a6b782b68ad..400e8a7e531b2 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: lwresd .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: January 20, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9" +.TH "LWRESD" "8" "January 20, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -217,7 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007\-2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index dddfe5e517848..307131ad84754 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ --> <refentry> <refentryinfo> - <date>June 30, 2000</date> + <date>January 20, 2009</date> </refentryinfo> <refmeta> @@ -42,6 +41,7 @@ <year>2007</year> <year>2008</year> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 5dc01be1dfb7d..4bef3e262593f 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007-2009, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476274"></a><div class="titlepage"></div> +<a name="id2476282"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543469"></a><h2>DESCRIPTION</h2> +<a name="id2543479"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543516"></a><h2>OPTIONS</h2> +<a name="id2543526"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -197,7 +197,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543933"></a><h2>FILES</h2> +<a name="id2543943"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -210,14 +210,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543973"></a><h2>SEE ALSO</h2> +<a name="id2543982"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544007"></a><h2>AUTHOR</h2> +<a name="id2544017"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/main.c b/bin/named/main.c index 1d844e03e3d18..599c142fd4980 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - /*! \file */ #include <config.h> @@ -410,16 +408,16 @@ static void parse_command_line(int argc, char *argv[]) { int ch; int port; + const char *p; isc_boolean_t disable6 = ISC_FALSE; isc_boolean_t disable4 = ISC_FALSE; save_command_line(argc, argv); /* PLEASE keep options synchronized when main is hooked! */ +#define CMDLINE_FLAGS "46c:C:d:E:fFgi:lm:n:N:p:P:sS:t:T:U:u:vVx:" isc_commandline_errprint = ISC_FALSE; - while ((ch = isc_commandline_parse(argc, argv, - "46c:C:d:E:fFgi:lm:n:N:p:P:" - "sS:t:T:U:u:vVx:")) != -1) { + while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case '4': if (disable4) @@ -585,8 +583,14 @@ parse_command_line(int argc, char *argv[]) { usage(); if (isc_commandline_option == '?') exit(0); - ns_main_earlyfatal("unknown option '-%c'", - isc_commandline_option); + p = strchr(CMDLINE_FLAGS, isc_commandline_option); + if (p == NULL || *++p != ':') + ns_main_earlyfatal("unknown option '-%c'", + isc_commandline_option); + else + ns_main_earlyfatal("option '-%c' requires " + "an argument", + isc_commandline_option); /* FALLTHROUGH */ default: ns_main_earlyfatal("parsing options returned %d", ch); @@ -621,8 +625,14 @@ create_managers(void) { #ifdef WIN32 ns_g_udpdisp = 1; #else - if (ns_g_udpdisp == 0) - ns_g_udpdisp = ns_g_cpus_detected; + if (ns_g_udpdisp == 0) { + if (ns_g_cpus_detected == 1) + ns_g_udpdisp = 1; + else if (ns_g_cpus_detected < 4) + ns_g_udpdisp = 2; + else + ns_g_udpdisp = ns_g_cpus_detected / 2; + } if (ns_g_udpdisp > ns_g_cpus) ns_g_udpdisp = ns_g_cpus; #endif @@ -704,7 +714,7 @@ destroy_managers(void) { } static void -dump_symboltable() { +dump_symboltable(void) { int i; isc_result_t result; const char *fname; diff --git a/bin/named/named.8 b/bin/named/named.8 index b27be31859970..fe6bb4207e373 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: named .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: May 21, 2009 +.\" Date: February 20, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NAMED" "8" "May 21, 2009" "BIND9" "BIND9" +.TH "NAMED" "8" "February 20, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -174,9 +174,9 @@ Use \fI#listeners\fR worker threads to listen for incoming UDP packets on each address. If not specified, \fBnamed\fR -will use the number of detected CPUs. If +will calculate a default value based on the number of detected CPUs: 1 for 1 CPU, 2 for 2\-4 CPUs, and the number of detected CPUs divided by 2 for values higher than 4. If \fB\-n\fR -has been set to a higher value than the number of CPUs, then +has been set to a higher value than the number of detected CPUs, then \fB\-U\fR may be increased as high as that value, but no higher. .RE @@ -280,7 +280,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001, 2003 Internet Software Consortium. .br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 0f5662c3ae8ce..c4d75437da2eb 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -19,11 +19,11 @@ .\" Title: \fInamed.conf\fR .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Aug 13, 2004 +.\" Date: January 08, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "\fINAMED.CONF\fR" "5" "Aug 13, 2004" "BIND9" "BIND9" +.TH "\fINAMED.CONF\fR" "5" "January 08, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index b4d0c38e5e623..85d13db95d399 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.55 2011/11/07 00:25:53 each Exp $ --> <refentry> <refentryinfo> - <date>Aug 13, 2004</date> + <date>January 08, 2014</date> </refentryinfo> <refmeta> diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index 5847466785a45..0e1d2eb60da34 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -21,7 +21,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476274"></a><div class="titlepage"></div> +<a name="id2476282"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543361"></a><h2>DESCRIPTION</h2> +<a name="id2543367"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543388"></a><h2>ACL</h2> +<a name="id2543395"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543404"></a><h2>KEY</h2> +<a name="id2543411"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543424"></a><h2>MASTERS</h2> +<a name="id2543430"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543469"></a><h2>SERVER</h2> +<a name="id2543476"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -97,7 +97,7 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543538"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543544"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -105,7 +105,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543563"></a><h2>MANAGED-KEYS</h2> +<a name="id2543570"></a><h2>MANAGED-KEYS</h2> <div class="literallayout"><p><br> managed-keys {<br> <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -113,7 +113,7 @@ managed-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543592"></a><h2>CONTROLS</h2> +<a name="id2543598"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -125,7 +125,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543627"></a><h2>LOGGING</h2> +<a name="id2543634"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -143,7 +143,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543666"></a><h2>LWRES</h2> +<a name="id2543672"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -156,7 +156,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543707"></a><h2>OPTIONS</h2> +<a name="id2543714"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -361,7 +361,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544586"></a><h2>VIEW</h2> +<a name="id2544593"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -525,7 +525,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545302"></a><h2>ZONE</h2> +<a name="id2545308"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint | redirect |<br> @@ -622,12 +622,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545691"></a><h2>FILES</h2> +<a name="id2545698"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545703"></a><h2>SEE ALSO</h2> +<a name="id2545709"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 1f08e196e040f..7ca3d2bf6a7a9 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.28 2011/11/09 23:46:23 tbox Exp $ --> <refentry id="man.named"> <refentryinfo> - <date>May 21, 2009</date> + <date>February 20, 2014</date> </refentryinfo> <refmeta> @@ -45,6 +44,7 @@ <year>2009</year> <year>2011</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -291,10 +291,12 @@ Use <replaceable class="parameter">#listeners</replaceable> worker threads to listen for incoming UDP packets on each address. If not specified, <command>named</command> will - use the number of detected CPUs. If <option>-n</option> - has been set to a higher value than the number of CPUs, - then <option>-U</option> may be increased as high as that - value, but no higher. + calculate a default value based on the number of detected + CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of + detected CPUs divided by 2 for values higher than 4. + If <option>-n</option> has been set to a higher value than + the number of detected CPUs, then <option>-U</option> may + be increased as high as that value, but no higher. </para> </listitem> </varlistentry> diff --git a/bin/named/named.html b/bin/named/named.html index fc8de5147ad8c..218639991fa63 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2009, 2011, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2009, 2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543497"></a><h2>DESCRIPTION</h2> +<a name="id2543507"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543522"></a><h2>OPTIONS</h2> +<a name="id2543531"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -183,10 +183,12 @@ Use <em class="replaceable"><code>#listeners</code></em> worker threads to listen for incoming UDP packets on each address. If not specified, <span><strong class="command">named</strong></span> will - use the number of detected CPUs. If <code class="option">-n</code> - has been set to a higher value than the number of CPUs, - then <code class="option">-U</code> may be increased as high as that - value, but no higher. + calculate a default value based on the number of detected + CPUs: 1 for 1 CPU, 2 for 2-4 CPUs, and the number of + detected CPUs divided by 2 for values higher than 4. + If <code class="option">-n</code> has been set to a higher value than + the number of detected CPUs, then <code class="option">-U</code> may + be increased as high as that value, but no higher. </p></dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> @@ -238,7 +240,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544012"></a><h2>SIGNALS</h2> +<a name="id2544021"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -259,7 +261,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544060"></a><h2>CONFIGURATION</h2> +<a name="id2544205"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided @@ -276,7 +278,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544233"></a><h2>FILES</h2> +<a name="id2544310"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -289,7 +291,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544273"></a><h2>SEE ALSO</h2> +<a name="id2544349"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -302,7 +304,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544343"></a><h2>AUTHOR</h2> +<a name="id2544420"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/query.c b/bin/named/query.c index c357f83ee4274..af8e5da8204d3 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -2278,7 +2278,7 @@ query_dns64(ns_client_t *client, dns_name_t **namep, dns_rdataset_t *rdataset, dns64 != NULL; dns64 = dns_dns64_next(dns64)) { dns_rdataset_current(rdataset, &rdata); - isc__buffer_availableregion(buffer, &r); + isc_buffer_availableregion(buffer, &r); INSIST(r.length >= 16); result = dns_dns64_aaaafroma(dns64, &netaddr, client->signer, @@ -2518,11 +2518,12 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, if (result == ISC_R_SUCCESS) { /* * We've already got an RRset of the given name and type. - * There's nothing else to do; */ CTRACE("query_addrrset: dns_message_findname succeeded: done"); if (dbuf != NULL) query_releasename(client, namep); + if ((rdataset->attributes & DNS_RDATASETATTR_REQUIRED) != 0) + mrdataset->attributes |= DNS_RDATASETATTR_REQUIRED; return; } else if (result == DNS_R_NXDOMAIN) { /* @@ -2562,7 +2563,8 @@ query_addrrset(ns_client_t *client, dns_name_t **namep, static inline isc_result_t query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version, - unsigned int override_ttl, isc_boolean_t isassociated) + unsigned int override_ttl, isc_boolean_t isassociated, + dns_section_t section) { dns_name_t *name; dns_dbnode_t *node; @@ -2669,8 +2671,11 @@ query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version, sigrdatasetp = &sigrdataset; else sigrdatasetp = NULL; + + if (section == DNS_SECTION_ADDITIONAL) + rdataset->attributes |= DNS_RDATASETATTR_REQUIRED; query_addrrset(client, &name, &rdataset, sigrdatasetp, NULL, - DNS_SECTION_AUTHORITY); + section); } cleanup: @@ -3872,12 +3877,11 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, peeraddr = &client->peeraddr; else peeraddr = NULL; - result = dns_resolver_createfetch2(client->view->resolver, + result = dns_resolver_createfetch3(client->view->resolver, qname, qtype, qdomain, nameservers, NULL, peeraddr, client->message->id, - client->query.fetchoptions, - client->task, - query_resume, client, + client->query.fetchoptions, 0, NULL, + client->task, query_resume, client, rdataset, sigrdataset, &client->query.fetch); @@ -4946,7 +4950,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st, * response policy zone cannot verify. */ client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - DNS_MESSAGEFLAG_AD); + NS_CLIENTATTR_WANTAD); return (ISC_R_SUCCESS); } @@ -5138,7 +5142,7 @@ answer_in_glue(ns_client_t *client, dns_rdatatype_t qtype) { ISC_LIST_PREPEND(msg->sections[section], name, link); ISC_LIST_UNLINK(name->list, rdataset, link); ISC_LIST_PREPEND(name->list, rdataset, link); - rdataset->attributes |= DNS_RDATASETATTR_REQUIREDGLUE; + rdataset->attributes |= DNS_RDATASETATTR_REQUIRED; } } @@ -5594,8 +5598,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) isc_boolean_t resuming; int line = -1; isc_boolean_t dns64_exclude, dns64; + isc_boolean_t nxrewrite = ISC_FALSE; dns_clientinfomethods_t cm; dns_clientinfo_t ci; + isc_boolean_t associated; + dns_section_t section; + dns_ttl_t ttl; CTRACE("query_find"); @@ -5964,8 +5972,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * with other truncated responses in RespTruncated. */ if (wouldlog) { - ns_client_log(client, - NS_LOGCATEGORY_QUERY_EERRORS, + ns_client_log(client, DNS_LOGCATEGORY_RRL, NS_LOGMODULE_QUERY, DNS_RRL_LOG_DROP, "%s", log_buf); @@ -6069,9 +6076,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) switch (rpz_st->m.policy) { case DNS_RPZ_POLICY_NXDOMAIN: result = DNS_R_NXDOMAIN; + nxrewrite = ISC_TRUE; break; case DNS_RPZ_POLICY_NODATA: result = DNS_R_NXRRSET; + nxrewrite = ISC_TRUE; break; case DNS_RPZ_POLICY_RECORD: result = rpz_st->m.result; @@ -6130,7 +6139,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * response policy zone cannot verify. */ client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC | - DNS_MESSAGEFLAG_AD); + NS_CLIENTATTR_WANTAD); + client->message->flags &= ~DNS_MESSAGEFLAG_AD; query_putrdataset(client, &sigrdataset); rpz_st->q.is_zone = is_zone; is_zone = ISC_TRUE; @@ -6615,15 +6625,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ query_releasename(client, &fname); } + /* - * Add SOA. + * Add SOA to the additional section if generated by a RPZ + * rewrite. */ + associated = dns_rdataset_isassociated(rdataset); + section = nxrewrite ? DNS_SECTION_ADDITIONAL : + DNS_SECTION_AUTHORITY; + result = query_addsoa(client, db, version, ISC_UINT32_MAX, - dns_rdataset_isassociated(rdataset)); + associated, section); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; } + /* * Add NSEC record if we found one. */ @@ -6662,20 +6679,23 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } /* - * Add SOA. If the query was for a SOA record force the + * Add SOA to the additional section if generated by a + * RPZ rewrite. + * + * If the query was for a SOA record force the * ttl to zero so that it is possible for clients to find * the containing zone of an arbitrary name with a stub * resolver and not have it cached. */ - if (qtype == dns_rdatatype_soa && - zone != NULL && - dns_zone_getzeronosoattl(zone)) - result = query_addsoa(client, db, version, 0, - dns_rdataset_isassociated(rdataset)); - else - result = query_addsoa(client, db, version, - ISC_UINT32_MAX, - dns_rdataset_isassociated(rdataset)); + associated = dns_rdataset_isassociated(rdataset); + section = nxrewrite ? DNS_SECTION_ADDITIONAL : + DNS_SECTION_AUTHORITY; + ttl = ISC_UINT32_MAX; + if (!nxrewrite && qtype == dns_rdatatype_soa && + zone != NULL && dns_zone_getzeronosoattl(zone)) + ttl = 0; + result = query_addsoa(client, db, version, ttl, associated, + section); if (result != ISC_R_SUCCESS) { QUERY_ERROR(result); goto cleanup; @@ -7342,7 +7362,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * Add a fake SOA record. */ (void)query_addsoa(client, db, version, - 600, ISC_FALSE); + 600, ISC_FALSE, + DNS_SECTION_AUTHORITY); goto cleanup; } #endif diff --git a/bin/named/server.c b/bin/named/server.c index 77a4e44069762..84e3ecf321086 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -130,6 +130,14 @@ if (result != ISC_R_SUCCESS) goto cleanup; \ } while (0) +#define TCHECK(op) \ + do { tresult = (op); \ + if (tresult != ISC_R_SUCCESS) { \ + isc_buffer_clear(text); \ + goto cleanup; \ + } \ + } while (0) + #define CHECKM(op, msg) \ do { result = (op); \ if (result != ISC_R_SUCCESS) { \ @@ -357,12 +365,12 @@ ns_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenelt_t **target); + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenelt_t **target); static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenlist_t **target); + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenlist_t **target); static isc_result_t configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin, @@ -389,6 +397,9 @@ newzone_cfgctx_destroy(void **cfgp); static isc_result_t putstr(isc_buffer_t *b, const char *str); +static isc_result_t +putnull(isc_buffer_t *b); + isc_result_t add_comment(FILE *fp, const char *viewname); @@ -1338,10 +1349,8 @@ check_dbtype(dns_zone_t *zone, unsigned int dbtypec, const char **dbargv, * Check that all the arguments match. */ for (i = 0; i < dbtypec; i++) - if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) { + if (argv[i] == NULL || strcmp(argv[i], dbargv[i]) != 0) CHECK(ISC_R_FAILURE); - break; - } /* * Check that there are not extra arguments. @@ -2321,9 +2330,9 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, obj = NULL; if (dlz != NULL) { - (void)cfg_map_get(cfg_tuple_get(dlz, "options"), - "database", &obj); + (void)cfg_map_get(dlz, "database", &obj); if (obj != NULL) { + const cfg_obj_t *name; char *s = isc_mem_strdup(mctx, cfg_obj_asstring(obj)); if (s == NULL) { result = ISC_R_NOMEMORY; @@ -2336,8 +2345,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, goto cleanup; } - obj = cfg_tuple_get(dlz, "name"); - result = dns_dlzcreate(mctx, cfg_obj_asstring(obj), + name = cfg_map_getname(dlz); + result = dns_dlzcreate(mctx, cfg_obj_asstring(name), dlzargv[0], dlzargc, dlzargv, &view->dlzdatabase); isc_mem_free(mctx, s); @@ -3073,6 +3082,14 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, } /* + * Ignore case when compressing responses to the specified + * clients. This causes case not always to be preserved, + * and is needed by some broken clients. + */ + CHECK(configure_view_acl(vconfig, config, "no-case-compress", NULL, + actx, ns_g_mctx, &view->nocasecompress)); + + /* * Filter setting on addresses in the answer section. */ CHECK(configure_view_acl(vconfig, config, "deny-answer-addresses", @@ -3141,6 +3158,16 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_asuint32(obj), max_clients_per_query); + obj = NULL; + result = ns_config_get(maps, "max-recursion-depth", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setmaxdepth(view->resolver, cfg_obj_asuint32(obj)); + + obj = NULL; + result = ns_config_get(maps, "max-recursion-queries", &obj); + INSIST(result == ISC_R_SUCCESS); + dns_resolver_setmaxqueries(view->resolver, cfg_obj_asuint32(obj)); + #ifdef ALLOW_FILTER_AAAA_ON_V4 obj = NULL; result = ns_config_get(maps, "filter-aaaa-on-v4", &obj); @@ -3872,8 +3899,16 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, (void)cfg_map_get(zoptions, "forward", &forwardtype); (void)cfg_map_get(zoptions, "forwarders", &forwarders); - result = configure_forward(config, view, origin, forwarders, - forwardtype); + CHECK(configure_forward(config, view, origin, forwarders, + forwardtype)); + + /* + * Forward zones may also set delegation only. + */ + only = NULL; + tresult = cfg_map_get(zoptions, "delegation-only", &only); + if (tresult == ISC_R_SUCCESS && cfg_obj_asboolean(only)) + CHECK(dns_view_adddelegationonly(view, origin)); goto cleanup; } @@ -4559,6 +4594,9 @@ removed(dns_zone_t *zone, void *uap) { case dns_zone_stub: type = "stub"; break; + case dns_zone_staticstub: + type = "static-stub"; + break; case dns_zone_redirect: type = "redirect"; break; @@ -4654,8 +4692,8 @@ generate_session_key(const char *filename, const char *keynamestr, (int) isc_buffer_usedlength(&key_txtbuffer), (char*) isc_buffer_base(&key_txtbuffer)); - RUNTIME_CHECK(isc_stdio_flush(fp) == ISC_R_SUCCESS); - RUNTIME_CHECK(isc_stdio_close(fp) == ISC_R_SUCCESS); + CHECK(isc_stdio_flush(fp)); + CHECK(isc_stdio_close(fp)); dst_key_free(&key); @@ -4668,6 +4706,11 @@ generate_session_key(const char *filename, const char *keynamestr, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "failed to generate session key " "for dynamic DNS: %s", isc_result_totext(result)); + if (fp != NULL) { + if (isc_file_exists(filename)) + (void)isc_file_remove(filename); + (void)isc_stdio_close(fp); + } if (tsigkey != NULL) dns_tsigkey_detach(&tsigkey); if (key != NULL) @@ -5217,7 +5260,8 @@ load_configuration(const char *filename, ns_server_t *server, /* check return code? */ (void)ns_listenlist_fromconfig(clistenon, config, ns_g_aclconfctx, - ns_g_mctx, &listenon); + ns_g_mctx, AF_INET, + &listenon); } else if (!ns_g_lwresdonly) { /* * Not specified, use default. @@ -5244,7 +5288,8 @@ load_configuration(const char *filename, ns_server_t *server, /* check return code? */ (void)ns_listenlist_fromconfig(clistenon, config, ns_g_aclconfctx, - ns_g_mctx, &listenon); + ns_g_mctx, AF_INET6, + &listenon); } else if (!ns_g_lwresdonly) { isc_boolean_t enable; /* @@ -5759,7 +5804,7 @@ load_configuration(const char *filename, ns_server_t *server, } if (bindkeys_parser != NULL) { - if (bindkeys != NULL) + if (bindkeys != NULL) cfg_obj_destroy(bindkeys_parser, &bindkeys); cfg_parser_destroy(&bindkeys_parser); } @@ -6574,6 +6619,10 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, snprintf(problem, sizeof(problem), "no matching zone '%s' in any view", zonetxt); + else if (result == ISC_R_MULTIPLE) + snprintf(problem, sizeof(problem), + "zone '%s' was found in multiple views", + zonetxt); } else { result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); @@ -6600,9 +6649,8 @@ zone_from_args(ns_server_t *server, char *args, const char *zonetxt, isc_result_t tresult; tresult = putstr(text, problem); - if (tresult == ISC_R_SUCCESS && - isc_buffer_availablelength(text) > 0U) - isc_buffer_putuint8(text, 0); + if (tresult == ISC_R_SUCCESS) + putnull(text); } cleanup: @@ -6805,8 +6853,8 @@ ns_server_togglequerylog(ns_server_t *server, char *args) { static isc_result_t ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenlist_t **target) + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenlist_t **target) { isc_result_t result; const cfg_listelt_t *element; @@ -6825,7 +6873,7 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, ns_listenelt_t *delt = NULL; const cfg_obj_t *listener = cfg_listelt_value(element); result = ns_listenelt_fromconfig(listener, config, actx, - mctx, &delt); + mctx, family, &delt); if (result != ISC_R_SUCCESS) goto cleanup; ISC_LIST_APPEND(dlist->elts, delt, link); @@ -6844,8 +6892,8 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, */ static isc_result_t ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, - isc_mem_t *mctx, ns_listenelt_t **target) + cfg_aclconfctx_t *actx, isc_mem_t *mctx, + isc_uint16_t family, ns_listenelt_t **target) { isc_result_t result; const cfg_obj_t *portobj; @@ -6876,9 +6924,9 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (result != ISC_R_SUCCESS) return (result); - result = cfg_acl_fromconfig(cfg_tuple_get(listener, "acl"), - config, ns_g_lctx, actx, mctx, 0, - &delt->acl); + result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"), + config, ns_g_lctx, actx, mctx, 0, + family, &delt->acl); if (result != ISC_R_SUCCESS) { ns_listenelt_destroy(delt); return (result); @@ -8179,8 +8227,8 @@ add_comment(FILE *fp, const char *viewname) { * Act on an "addzone" command from the command channel. */ isc_result_t -ns_server_add_zone(ns_server_t *server, char *args) { - isc_result_t result; +ns_server_add_zone(ns_server_t *server, char *args, isc_buffer_t *text) { + isc_result_t result, tresult; isc_buffer_t argbuf; size_t arglen; cfg_parser_t *parser = NULL; @@ -8195,7 +8243,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { const char *argp; const char *viewname = NULL; dns_rdataclass_t rdclass; - dns_view_t *view = 0; + dns_view_t *view = NULL; isc_buffer_t buf; dns_fixedname_t fname; dns_name_t *dnsname; @@ -8276,7 +8324,14 @@ ns_server_add_zone(ns_server_t *server, char *args) { } /* Open save file for write configuration */ - CHECK(isc_stdio_open(view->new_zone_file, "a", &fp)); + result = isc_stdio_open(view->new_zone_file, "a", &fp); + if (result != ISC_R_SUCCESS) { + TCHECK(putstr(text, "unable to open '")); + TCHECK(putstr(text, view->new_zone_file)); + TCHECK(putstr(text, "': ")); + TCHECK(putstr(text, isc_result_totext(result))); + goto cleanup; + } CHECK(isc_stdio_tell(fp, &offset)); if (offset == 0) CHECK(add_comment(fp, view->name)); @@ -8289,8 +8344,11 @@ ns_server_add_zone(ns_server_t *server, char *args) { server->mctx, view, cfg->actx, ISC_FALSE); dns_view_freeze(view); isc_task_endexclusive(server->task); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { + TCHECK(putstr(text, "configure_zone failed: ")); + TCHECK(putstr(text, isc_result_totext(result))); goto cleanup; + } /* Is it there yet? */ CHECK(dns_zt_find(view->zonetable, dnsname, 0, NULL, &zone)); @@ -8303,6 +8361,9 @@ ns_server_add_zone(ns_server_t *server, char *args) { if (result != ISC_R_SUCCESS) { dns_db_t *dbp = NULL; + TCHECK(putstr(text, "dns_zone_loadnew failed: ")); + TCHECK(putstr(text, isc_result_totext(result))); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "addzone failed; reverting."); @@ -8324,7 +8385,7 @@ ns_server_add_zone(ns_server_t *server, char *args) { /* Emit the zone name, quoted and escaped */ isc_buffer_init(&buf, namebuf, sizeof(namebuf)); CHECK(dns_name_totext(dnsname, ISC_TRUE, &buf)); - isc_buffer_putuint8(&buf, 0); + putnull(&buf); CHECK(isc_stdio_write("zone \"", 6, 1, fp, NULL)); CHECK(isc_stdio_write(namebuf, strlen(namebuf), 1, fp, NULL)); CHECK(isc_stdio_write("\" ", 2, 1, fp, NULL)); @@ -8360,6 +8421,8 @@ ns_server_add_zone(ns_server_t *server, char *args) { result = ISC_R_SUCCESS; cleanup: + if (isc_buffer_usedlength(text) > 0) + putnull(text); if (fp != NULL) isc_stdio_close(fp); if (parser != NULL) { @@ -8538,6 +8601,8 @@ ns_server_del_zone(ns_server_t *server, char *args, isc_buffer_t *text) { result = ISC_R_SUCCESS; cleanup: + if (isc_buffer_usedlength(text) > 0) + putnull(text); if (ifp != NULL) isc_stdio_close(ifp); if (ofp != NULL) { @@ -8667,15 +8732,15 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { if (clear) { CHECK(dns_zone_keydone(zone, keystr)); - isc_buffer_putstr(text, "request queued"); - isc_buffer_putuint8(text, 0); + putstr(text, "request queued"); + putnull(text); } else if (chain) { CHECK(dns_zone_setnsec3param(zone, (isc_uint8_t)hash, (isc_uint8_t)flags, iter, (isc_uint8_t)saltlen, salt, ISC_TRUE)); - isc_buffer_putstr(text, "request queued"); - isc_buffer_putuint8(text, 0); + putstr(text, "request queued"); + putnull(text); } else if (list) { privatetype = dns_zone_getprivatetype(zone); origin = dns_zone_getorigin(zone); @@ -8687,8 +8752,8 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { dns_rdatatype_none, 0, &privset, NULL); if (result == ISC_R_NOTFOUND) { - isc_buffer_putstr(text, "No signing records found"); - isc_buffer_putuint8(text, 0); + putstr(text, "No signing records found"); + putnull(text); result = ISC_R_SUCCESS; goto cleanup; } @@ -8707,7 +8772,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { CHECK(dns_private_totext(&priv, &buf)); if (!first) - isc_buffer_putstr(text, "\n"); + putstr(text, "\n"); first = ISC_FALSE; n = snprintf((char *)isc_buffer_used(text), @@ -8718,8 +8783,8 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_add(text, (unsigned int)n); } - if (!first && isc_buffer_availablelength(text) > 0) - isc_buffer_putuint8(text, 0); + if (!first) + putnull(text); if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; @@ -8742,7 +8807,7 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) { static isc_result_t putstr(isc_buffer_t *b, const char *str) { - size_t l = strlen(str); + unsigned int l = strlen(str); /* * Use >= to leave space for NUL termination. @@ -8753,3 +8818,12 @@ putstr(isc_buffer_t *b, const char *str) { isc_buffer_putmem(b, (const unsigned char *)str, l); return (ISC_R_SUCCESS); } + +static isc_result_t +putnull(isc_buffer_t *b) { + if (isc_buffer_availablelength(b) == 0) + return (ISC_R_NOSPACE); + + isc_buffer_putuint8(b, 0); + return (ISC_R_SUCCESS); +} diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 2ba8a028a37af..e41cf00b77cb1 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -243,11 +243,13 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]); if (cd->dl_path == NULL) { + result = ISC_R_NOMEMORY; goto failed; } cd->dlzname = isc_mem_strdup(cd->mctx, dlzname); if (cd->dlzname == NULL) { + result = ISC_R_NOMEMORY; goto failed; } @@ -277,6 +279,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], dlopen_log(ISC_LOG_ERROR, "dlz_dlopen failed to open library '%s' - %s", cd->dl_path, dlerror()); + result = ISC_R_FAILURE; goto failed; } @@ -295,6 +298,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], cd->dlz_findzonedb == NULL) { /* We're missing a required symbol */ + result = ISC_R_FAILURE; goto failed; } @@ -330,6 +334,7 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], "dlz_dlopen: incorrect version %d " "should be %d in '%s'", cd->version, DLZ_DLOPEN_VERSION, cd->dl_path); + result = ISC_R_FAILURE; goto failed; } @@ -373,7 +378,6 @@ failed: return (result); } - /* * Called when bind is shutting down */ diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index d6c82a764ad8b..18e8c39103733 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011, 2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2002 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -197,8 +197,8 @@ linux_setcaps(cap_t caps) { #ifdef HAVE_LIBCAP #define SET_CAP(flag) \ do { \ - capval = (flag); \ cap_flag_value_t curval; \ + capval = (flag); \ err = cap_get_flag(curcaps, capval, CAP_PERMITTED, &curval); \ if (err != -1 && curval) { \ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \ @@ -607,7 +607,7 @@ ns_os_changeuser(void) { } void -ns_os_adjustnofile() { +ns_os_adjustnofile(void) { #ifdef HAVE_LINUXTHREADS isc_result_t result; isc_resourcevalue_t newvalue; diff --git a/bin/named/update.c b/bin/named/update.c index f3ad83878532c..01e3c58de5738 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2013 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -2887,10 +2887,18 @@ update_action(isc_task_t *task, isc_event_t *event) { dns_diff_clear(&ctx.del_diff); dns_diff_clear(&ctx.add_diff); } else { - CHECK(do_diff(&ctx.del_diff, db, ver, - &diff)); - CHECK(do_diff(&ctx.add_diff, db, ver, - &diff)); + result = do_diff(&ctx.del_diff, db, ver, + &diff); + if (result == ISC_R_SUCCESS) { + result = do_diff(&ctx.add_diff, + db, ver, + &diff); + } + if (result != ISC_R_SUCCESS) { + dns_diff_clear(&ctx.del_diff); + dns_diff_clear(&ctx.add_diff); + goto failure; + } CHECK(update_one_rr(db, ver, &diff, DNS_DIFFOP_ADD, name, ttl, &rdata)); @@ -3039,10 +3047,9 @@ update_action(isc_task_t *task, isc_event_t *event) { #define ALLOW_SECURE_TO_INSECURE(zone) \ ((dns_zone_getoptions(zone) & DNS_ZONEOPT_SECURETOINSECURE) != 0) + CHECK(rrset_exists(db, oldver, zonename, dns_rdatatype_dnskey, + 0, &had_dnskey)); if (!ALLOW_SECURE_TO_INSECURE(zone)) { - CHECK(rrset_exists(db, oldver, zonename, - dns_rdatatype_dnskey, 0, - &had_dnskey)); if (had_dnskey && !has_dnskey) { update_log(client, zone, LOGLEVEL_PROTOCOL, "update rejected: all DNSKEY " diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index 3369c42de1f91..b3839762d3362 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1082,7 +1082,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, obj = NULL; result = ns_config_get(maps, "also-notify", &obj); - if (result == ISC_R_SUCCESS) { + if (result == ISC_R_SUCCESS && + (notifytype == dns_notifytype_yes || + notifytype == dns_notifytype_explicit || + (notifytype == dns_notifytype_masteronly && + ztype == dns_zone_master))) + { isc_uint32_t addrcount; addrs = NULL; keynames = NULL; diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index 6546e9c7cc76e..5dc20ad90714d 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -30,7 +30,7 @@ DST_GSSAPI_INC = @DST_GSSAPI_INC@ CINCLUDES = ${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \ ${ISC_INCLUDES} ${ISCCFG_INCLUDES} ${DST_GSSAPI_INC} -CDEFINES = @USE_GSSAPI@ +CDEFINES = -DVERSION=\"${VERSION}\" @USE_GSSAPI@ CWARNINGS = LWRESLIBS = ../../lib/lwres/liblwres.@A@ diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1 index 1e2dcaffbc309..c46d023e8e815 100644 --- a/bin/nsupdate/nsupdate.1 +++ b/bin/nsupdate/nsupdate.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: nsupdate .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Aug 25, 2009 +.\" Date: April 18, 2014 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSUPDATE" "1" "Aug 25, 2009" "BIND9" "BIND9" +.TH "NSUPDATE" "1" "April 18, 2014" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -33,7 +33,7 @@ nsupdate \- Dynamic DNS update utility .SH "SYNOPSIS" .HP 9 -\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename] +\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [\fB\-V\fR] [filename] .SH "DESCRIPTION" .PP \fBnsupdate\fR @@ -97,7 +97,18 @@ option is used, a signature is generated from \fIkeyname\fR is the name of the key, and \fIsecret\fR -is the base64 encoded shared secret. Use of the +is the base64 encoded shared secret. +\fIhmac\fR +is the name of the key algorithm; valid choices are +hmac\-md5, +hmac\-sha1, +hmac\-sha224, +hmac\-sha256, +hmac\-sha384, or +hmac\-sha512. If +\fIhmac\fR +is not specified, the default is +hmac\-md5. NOTE: Use of the \fB\-y\fR option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from \fBps\fR(1) @@ -168,6 +179,10 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. This option may be specified multiple times. +.PP +The \-V option causes +\fBnsupdate\fR +to print the version number and exit. .SH "INPUT FORMAT" .PP \fBnsupdate\fR @@ -228,12 +243,15 @@ Specify the default time to live for records to be added. The value will clear the default ttl. .RE .PP -\fBkey\fR {name} {secret} +\fBkey\fR [hmac:] {keyname} {secret} .RS 4 Specifies that all updates are to be TSIG\-signed using the \fIkeyname\fR -\fIkeysecret\fR -pair. The +\fIsecret\fR +pair. If +\fIhmac\fR +is specified, then it sets the signing algorithm in use; the default is +hmac\-md5. The \fBkey\fR command overrides any key specified on the command line via \fB\-y\fR @@ -358,6 +376,16 @@ Displays the answer. Turn on debugging. .RE .PP +\fBversion\fR +.RS 4 +Print version number. +.RE +.PP +\fBhelp\fR +.RS 4 +Print a list of commands. +.RE +.PP Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" .PP @@ -435,7 +463,7 @@ RFC 2931, .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004\-2012 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2012, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000\-2003 Internet Software Consortium. .br diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 9923f89156bed..b77938d080f70 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -118,6 +118,9 @@ extern int h_errno; #define DNSDEFAULTPORT 53 +/* Number of addresses to request from bind9_getaddresses() */ +#define MAX_SERVERADDRS 4 + static isc_uint16_t dnsport = DNSDEFAULTPORT; #ifndef RESOLV_CONF @@ -156,13 +159,11 @@ static dns_tsigkey_t *tsigkey = NULL; static dst_key_t *sig0key = NULL; static lwres_context_t *lwctx = NULL; static lwres_conf_t *lwconf; -static isc_sockaddr_t *servers; +static isc_sockaddr_t *servers = NULL; +static isc_boolean_t default_servers = ISC_TRUE; static int ns_inuse = 0; static int ns_total = 0; -static isc_sockaddr_t *userserver = NULL; static isc_sockaddr_t *localaddr = NULL; -static isc_sockaddr_t *serveraddr = NULL; -static isc_sockaddr_t tempaddr; static const char *keyfile = NULL; static char *keystr = NULL; static isc_entropy_t *entropy = NULL; @@ -713,8 +714,8 @@ static void doshutdown(void) { isc_task_detach(&global_task); - if (userserver != NULL) - isc_mem_put(mctx, userserver, sizeof(isc_sockaddr_t)); + if (servers != NULL) + isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t)); if (localaddr != NULL) isc_mem_put(mctx, localaddr, sizeof(isc_sockaddr_t)); @@ -743,8 +744,6 @@ doshutdown(void) { lwres_conf_clear(lwctx); lwres_context_destroy(&lwctx); - isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t)); - ddebug("Destroying request manager"); dns_requestmgr_detach(&requestmgr); @@ -825,17 +824,37 @@ setup_system(void) { (void)lwres_conf_parse(lwctx, RESOLV_CONF); lwconf = lwres_conf_get(lwctx); - ns_total = lwconf->nsnext; - if (ns_total <= 0) { - /* No name servers in resolv.conf; default to loopback. */ - struct in_addr localhost; - ns_total = 1; + ns_inuse = 0; + if (local_only || lwconf->nsnext <= 0) { + struct in_addr in; + struct in6_addr in6; + + if (local_only && keyfile == NULL) + keyfile = SESSION_KEYFILE; + + default_servers = ISC_FALSE; + + if (servers != NULL) + isc_mem_put(mctx, servers, + ns_total * sizeof(isc_sockaddr_t)); + + ns_total = (have_ipv4 ? 1 : 0) + (have_ipv6 ? 1 : 0); servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t)); if (servers == NULL) fatal("out of memory"); - localhost.s_addr = htonl(INADDR_LOOPBACK); - isc_sockaddr_fromin(&servers[0], &localhost, dnsport); + + if (have_ipv4) { + in.s_addr = htonl(INADDR_LOOPBACK); + isc_sockaddr_fromin(&servers[0], &in, dnsport); + } + if (have_ipv6) { + memset(&in6, 0, sizeof(in6)); + in6.s6_addr[15] = 1; + isc_sockaddr_fromin6(&servers[(have_ipv4 ? 1 : 0)], + &in6, dnsport); + } } else { + ns_total = lwconf->nsnext; servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t)); if (servers == NULL) fatal("out of memory"); @@ -845,13 +864,14 @@ setup_system(void) { struct in_addr in4; memmove(&in4, lwconf->nameservers[i].address, 4); - isc_sockaddr_fromin(&servers[i], &in4, dnsport); + isc_sockaddr_fromin(&servers[i], + &in4, dnsport); } else { struct in6_addr in6; memmove(&in6, lwconf->nameservers[i].address, 16); - isc_sockaddr_fromin6(&servers[i], &in6, - dnsport); + isc_sockaddr_fromin6(&servers[i], + &in6, dnsport); } } } @@ -928,20 +948,26 @@ setup_system(void) { } static void -get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { +get_addresses(char *host, in_port_t port, + isc_sockaddr_t *sockaddr, int naddrs) +{ int count; isc_result_t result; isc_app_block(); - result = bind9_getaddresses(host, port, sockaddr, 1, &count); + result = bind9_getaddresses(host, port, sockaddr, naddrs, &count); isc_app_unblock(); if (result != ISC_R_SUCCESS) fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); - INSIST(count == 1); } -#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:" +static void +version(void) { + fputs("nsupdate " VERSION "\n", stderr); +} + +#define PARSE_ARGS_FMT "dDML:y:ghlovk:p:r:R::t:u:V" static void pre_parse_args(int argc, char **argv) { @@ -964,7 +990,11 @@ pre_parse_args(int argc, char **argv) { argv[0], isc_commandline_option); fprintf(stderr, "usage: nsupdate [-dD] [-L level] [-l]" "[-g | -o | -y keyname:secret | -k keyfile] " - "[-v] [filename]\n"); + "[-v] [-V] [filename]\n"); + exit(1); + + case 'V': + version(); exit(1); default: @@ -1077,22 +1107,6 @@ parse_args(int argc, char **argv, isc_mem_t *mctx, isc_entropy_t **ectx) { exit(1); } - if (local_only) { - struct in_addr localhost; - - if (keyfile == NULL) - keyfile = SESSION_KEYFILE; - - if (userserver == NULL) { - userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t)); - if (userserver == NULL) - fatal("out of memory"); - } - - localhost.s_addr = htonl(INADDR_LOOPBACK); - isc_sockaddr_fromin(userserver, &localhost, dnsport); - } - #ifdef GSSAPI if (usegsstsig && (keyfile != NULL || keystr != NULL)) { fprintf(stderr, "%s: cannot specify -g with -k or -y\n", @@ -1382,13 +1396,18 @@ evaluate_server(char *cmdline) { } } - if (userserver == NULL) { - userserver = isc_mem_get(mctx, sizeof(isc_sockaddr_t)); - if (userserver == NULL) - fatal("out of memory"); - } + if (servers != NULL) + isc_mem_put(mctx, servers, ns_total * sizeof(isc_sockaddr_t)); + + default_servers = ISC_FALSE; + + ns_total = MAX_SERVERADDRS; + servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t)); + if (servers == NULL) + fatal("out of memory"); - get_address(server, (in_port_t)port, userserver); + memset(servers, 0, ns_total * sizeof(isc_sockaddr_t)); + get_addresses(server, (in_port_t)port, servers, ns_total); return (STATUS_MORE); } @@ -1985,6 +2004,7 @@ do_next_command(char *cmdline) { } if (strcasecmp(word, "help") == 0) { fprintf(stdout, +"nsupdate " VERSION ":\n" "local address [port] (set local resolver)\n" "server address [port] (set master server for zone)\n" "send (send the update request)\n" @@ -2005,6 +2025,10 @@ do_next_command(char *cmdline) { "[update] del[ete] .... (remove the given record(s) from the zone)\n"); return (STATUS_MORE); } + if (strcasecmp(word, "version") == 0) { + fprintf(stdout, "nsupdate " VERSION "\n"); + return (STATUS_MORE); + } fprintf(stderr, "incorrect section name: %s\n", word); return (STATUS_SYNTAX); } @@ -2084,12 +2108,12 @@ check_tsig_error(dns_rdataset_t *rdataset, isc_buffer_t *b) { if (tsig.error != 0) { if (isc_buffer_remaininglength(b) < 1) check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength"); - isc__buffer_putstr(b, "(" /*)*/); + isc_buffer_putstr(b, "(" /*)*/); result = dns_tsigrcode_totext(tsig.error, b); check_result(result, "dns_tsigrcode_totext"); if (isc_buffer_remaininglength(b) < 1) check_result(ISC_R_NOSPACE, "isc_buffer_remaininglength"); - isc__buffer_putstr(b, /*(*/ ")"); + isc_buffer_putstr(b, /*(*/ ")"); } } @@ -2226,6 +2250,19 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master, } static void +next_server(const char *caller, isc_sockaddr_t *addr, isc_result_t eresult) { + char addrbuf[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); + fprintf(stderr, "; Communication with %s failed: %s\n", + addrbuf, isc_result_totext(eresult)); + if (++ns_inuse >= ns_total) + fatal("could not reach any name server"); + else + ddebug("%s: trying next server", caller); +} + +static void recvsoa(isc_task_t *task, isc_event_t *event) { dns_requestevent_t *reqev = NULL; dns_request_t *request = NULL; @@ -2269,15 +2306,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { } if (eresult != ISC_R_SUCCESS) { - char addrbuf[ISC_SOCKADDR_FORMATSIZE]; - - isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); - fprintf(stderr, "; Communication with %s failed: %s\n", - addrbuf, isc_result_totext(eresult)); - if (userserver != NULL) - fatal("could not talk to specified name server"); - else if (++ns_inuse >= lwconf->nsnext) - fatal("could not talk to any default name server"); + next_server("recvsoa", addr, eresult); ddebug("Destroying request [%p]", request); dns_request_destroy(&request); dns_message_renderreset(soaquery); @@ -2299,7 +2328,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { check_result(result, "dns_message_create"); result = dns_request_getresponse(request, rcvmsg, DNS_MESSAGEPARSE_PRESERVEORDER); - if (result == DNS_R_TSIGERRORSET && userserver != NULL) { + if (result == DNS_R_TSIGERRORSET && servers != NULL) { dns_message_destroy(&rcvmsg); ddebug("Destroying request [%p]", request); dns_request_destroy(&request); @@ -2415,9 +2444,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { fprintf(stderr, "The master is: %s\n", namestr); } - if (userserver != NULL) - serveraddr = userserver; - else { + if (servers == NULL) { char serverstr[DNS_NAME_MAXTEXT+1]; isc_buffer_t buf; @@ -2425,8 +2452,14 @@ recvsoa(isc_task_t *task, isc_event_t *event) { result = dns_name_totext(&master, ISC_TRUE, &buf); check_result(result, "dns_name_totext"); serverstr[isc_buffer_usedlength(&buf)] = 0; - get_address(serverstr, dnsport, &tempaddr); - serveraddr = &tempaddr; + + ns_total = MAX_SERVERADDRS; + servers = isc_mem_get(mctx, ns_total * sizeof(isc_sockaddr_t)); + if (servers == NULL) + fatal("out of memory"); + + memset(servers, 0, ns_total * sizeof(isc_sockaddr_t)); + get_addresses(serverstr, dnsport, servers, ns_total); } dns_rdata_freestruct(&soa); @@ -2438,11 +2471,11 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_name_dup(&master, mctx, &restart_master); start_gssrequest(&master); } else { - send_update(zonename, serveraddr, localaddr); + send_update(zonename, &servers[ns_inuse], localaddr); setzoneclass(dns_rdataclass_none); } #else - send_update(zonename, serveraddr, localaddr); + send_update(zonename, &servers[ns_inuse], localaddr); setzoneclass(dns_rdataclass_none); #endif @@ -2468,10 +2501,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_request_destroy(&request); dns_message_renderreset(soaquery); dns_message_settsigkey(soaquery, NULL); - if (userserver != NULL) - sendrequest(localaddr, userserver, soaquery, &request); - else - sendrequest(localaddr, &servers[ns_inuse], soaquery, &request); + sendrequest(localaddr, &servers[ns_inuse], soaquery, &request); goto out; } @@ -2488,7 +2518,7 @@ sendrequest(isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr, reqinfo->msg = msg; reqinfo->addr = destaddr; result = dns_request_createvia3(requestmgr, msg, srcaddr, destaddr, 0, - (userserver != NULL) ? tsigkey : NULL, + default_servers ? NULL : tsigkey, FIND_TIMEOUT * 20, FIND_TIMEOUT, 3, global_task, recvsoa, reqinfo, request); check_result(result, "dns_request_createvia"); @@ -2580,10 +2610,10 @@ start_gssrequest(dns_name_t *master) { if (kserver == NULL) fatal("out of memory"); } - if (userserver == NULL) - get_address(namestr, dnsport, kserver); + if (servers == NULL) + get_addresses(namestr, dnsport, kserver, 1); else - (void)memmove(kserver, userserver, sizeof(isc_sockaddr_t)); + memmove(kserver, &servers[ns_inuse], sizeof(isc_sockaddr_t)); dns_fixedname_init(&fname); servname = dns_fixedname_name(&fname); @@ -2712,20 +2742,11 @@ recvgss(isc_task_t *task, isc_event_t *event) { } if (eresult != ISC_R_SUCCESS) { - char addrbuf[ISC_SOCKADDR_FORMATSIZE]; - - isc_sockaddr_format(addr, addrbuf, sizeof(addrbuf)); - fprintf(stderr, "; Communication with %s failed: %s\n", - addrbuf, isc_result_totext(eresult)); - if (userserver != NULL) - fatal("could not talk to specified name server"); - else if (++ns_inuse >= lwconf->nsnext) - fatal("could not talk to any default name server"); + next_server("recvgss", addr, eresult); ddebug("Destroying request [%p]", request); dns_request_destroy(&request); dns_message_renderreset(tsigquery); - sendrequest(localaddr, &servers[ns_inuse], tsigquery, - &request); + sendrequest(localaddr, &servers[ns_inuse], tsigquery, &request); isc_mem_put(mctx, reqinfo, sizeof(nsu_gssinfo_t)); isc_event_free(&event); return; @@ -2813,7 +2834,7 @@ recvgss(isc_task_t *task, isc_event_t *event) { check_result(result, "dns_message_checksig"); #endif /* 0 */ - send_update(&tmpzonename, serveraddr, localaddr); + send_update(&tmpzonename, &servers[ns_inuse], localaddr); setzoneclass(dns_rdataclass_none); break; @@ -2847,8 +2868,8 @@ start_update(void) { if (answer != NULL) dns_message_destroy(&answer); - if (userzone != NULL && userserver != NULL && ! usegsstsig) { - send_update(userzone, userserver, localaddr); + if (userzone != NULL && ! usegsstsig) { + send_update(userzone, &servers[ns_inuse], localaddr); setzoneclass(dns_rdataclass_none); return; } @@ -2857,7 +2878,7 @@ start_update(void) { &soaquery); check_result(result, "dns_message_create"); - if (userserver == NULL) + if (default_servers) soaquery->flags |= DNS_MESSAGEFLAG_RD; result = dns_message_gettempname(soaquery, &name); @@ -2909,12 +2930,8 @@ start_update(void) { ISC_LIST_APPEND(name->list, rdataset, link); dns_message_addname(soaquery, name, DNS_SECTION_QUESTION); - if (userserver != NULL) - sendrequest(localaddr, userserver, soaquery, &request); - else { - ns_inuse = 0; - sendrequest(localaddr, &servers[ns_inuse], soaquery, &request); - } + ns_inuse = 0; + sendrequest(localaddr, &servers[ns_inuse], soaquery, &request); } static void diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index c54211cc87a12..e0f53e2a24c94 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id$ --> <refentry id="man.nsupdate"> <refentryinfo> - <date>Aug 25, 2009</date> + <date>April 18, 2014</date> </refentryinfo> <refmeta> <refentrytitle><application>nsupdate</application></refentrytitle> @@ -44,6 +43,7 @@ <year>2010</year> <year>2011</year> <year>2012</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -72,6 +72,7 @@ <arg><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg> <arg><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg> <arg><option>-v</option></arg> + <arg><option>-V</option></arg> <arg>filename</arg> </cmdsynopsis> </refsynopsisdiv> @@ -158,7 +159,13 @@ <optional><parameter>hmac:</parameter></optional><parameter>keyname:secret.</parameter> <parameter>keyname</parameter> is the name of the key, and <parameter>secret</parameter> is the base64 encoded shared secret. - Use of the <option>-y</option> option is discouraged because the + <parameter>hmac</parameter> is the name of the key algorithm; + valid choices are <literal>hmac-md5</literal>, + <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>, + <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or + <literal>hmac-sha512</literal>. If <parameter>hmac</parameter> + is not specified, the default is <literal>hmac-md5</literal>. + NOTE: Use of the <option>-y</option> option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from <citerefentry> @@ -238,6 +245,10 @@ <filename>keyboard</filename> indicates that keyboard input should be used. This option may be specified multiple times. </para> + <para> + The -V option causes <command>nsupdate</command> to print the + version number and exit. + </para> </refsect1> <refsect1> @@ -371,15 +382,17 @@ <varlistentry> <term> <command>key</command> - <arg choice="req">name</arg> + <arg choice="opt">hmac:</arg><arg choice="req">keyname</arg> <arg choice="req">secret</arg> </term> <listitem> <para> Specifies that all updates are to be TSIG-signed using the - <parameter>keyname</parameter> <parameter>keysecret</parameter> pair. - The <command>key</command> command - overrides any key specified on the command line via + <parameter>keyname</parameter> <parameter>secret</parameter> pair. + If <parameter>hmac</parameter> is specified, then it sets the + signing algorithm in use; the default is + <literal>hmac-md5</literal>. The <command>key</command> + command overrides any key specified on the command line via <option>-y</option> or <option>-k</option>. </para> </listitem> @@ -623,6 +636,28 @@ </listitem> </varlistentry> + <varlistentry> + <term> + <command>version</command> + </term> + <listitem> + <para> + Print version number. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <command>help</command> + </term> + <listitem> + <para> + Print a list of commands. + </para> + </listitem> + </varlistentry> + </variablelist> </para> diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 276d4af6fbe1d..2e71ec1b1a479 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -29,10 +29,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> +<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543464"></a><h2>DESCRIPTION</h2> +<a name="id2543479"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -113,7 +113,13 @@ [<span class="optional"><em class="parameter"><code>hmac:</code></em></span>]<em class="parameter"><code>keyname:secret.</code></em> <em class="parameter"><code>keyname</code></em> is the name of the key, and <em class="parameter"><code>secret</code></em> is the base64 encoded shared secret. - Use of the <code class="option">-y</code> option is discouraged because the + <em class="parameter"><code>hmac</code></em> is the name of the key algorithm; + valid choices are <code class="literal">hmac-md5</code>, + <code class="literal">hmac-sha1</code>, <code class="literal">hmac-sha224</code>, + <code class="literal">hmac-sha256</code>, <code class="literal">hmac-sha384</code>, or + <code class="literal">hmac-sha512</code>. If <em class="parameter"><code>hmac</code></em> + is not specified, the default is <code class="literal">hmac-md5</code>. + NOTE: Use of the <code class="option">-y</code> option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span> @@ -190,9 +196,13 @@ <code class="filename">keyboard</code> indicates that keyboard input should be used. This option may be specified multiple times. </p> +<p> + The -V option causes <span><strong class="command">nsupdate</strong></span> to print the + version number and exit. + </p> </div> <div class="refsect1" lang="en"> -<a name="id2543796"></a><h2>INPUT FORMAT</h2> +<a name="id2543849"></a><h2>INPUT FORMAT</h2> <p><span><strong class="command">nsupdate</strong></span> reads input from <em class="parameter"><code>filename</code></em> @@ -296,14 +306,16 @@ </p></dd> <dt><span class="term"> <span><strong class="command">key</strong></span> - {name} + [hmac:] {keyname} {secret} </span></dt> <dd><p> Specifies that all updates are to be TSIG-signed using the - <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair. - The <span><strong class="command">key</strong></span> command - overrides any key specified on the command line via + <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>secret</code></em> pair. + If <em class="parameter"><code>hmac</code></em> is specified, then it sets the + signing algorithm in use; the default is + <code class="literal">hmac-md5</code>. The <span><strong class="command">key</strong></span> + command overrides any key specified on the command line via <code class="option">-y</code> or <code class="option">-k</code>. </p></dd> <dt><span class="term"> @@ -472,6 +484,18 @@ <dd><p> Turn on debugging. </p></dd> +<dt><span class="term"> + <span><strong class="command">version</strong></span> + </span></dt> +<dd><p> + Print version number. + </p></dd> +<dt><span class="term"> + <span><strong class="command">help</strong></span> + </span></dt> +<dd><p> + Print a list of commands. + </p></dd> </dl></div> <p> </p> @@ -480,7 +504,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544725"></a><h2>EXAMPLES</h2> +<a name="id2544823"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -534,7 +558,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544769"></a><h2>FILES</h2> +<a name="id2544867"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -557,7 +581,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2542121"></a><h2>SEE ALSO</h2> +<a name="id2544950"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 2136</em>, <em class="citetitle">RFC 3007</em>, @@ -572,7 +596,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2542179"></a><h2>BUGS</h2> +<a name="id2542004"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 9c87c68a7578c..27887cf081922 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: rndc .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 7, 2013 +.\" Date: December 04, 2013 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "RNDC" "8" "June 7, 2013" "BIND9" "BIND9" +.TH "RNDC" "8" "December 04, 2013" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -364,7 +364,7 @@ can be deleted in this manner. .PP \fBsigning \fR\fB[( \-list | \-clear \fIkeyid/algorithm\fR | \-clear all | \-nsec3param ( \fIparameters\fR | none ) ) ]\fR\fB \fR\fB\fIzone\fR\fR\fB \fR\fB[\fIclass\fR [\fIview\fR]]\fR\fB \fR .RS 4 -List, edit, or remove the DNSSEC signing state for the specified zone. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type +List, edit, or remove the DNSSEC signing state records for the specified zone. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type \fBsig\-signing\-type\fR. \fBrndc signing \-list\fR converts these records into a human\-readable form, indicating which keys are currently signing or have finished signing the zone, and which NSEC3 chains are being created or removed. @@ -417,7 +417,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index 33802db2aa400..edb3a31109047 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -15,8 +15,6 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id$ */ - /*! \file */ /* @@ -101,82 +99,80 @@ Usage: %s [-b address] [-c config] [-s server] [-p port]\n\ \n\ command is one of the following:\n\ \n\ - reload Reload configuration file and zones.\n\ - reload zone [class [view]]\n\ - Reload a single zone.\n\ - refresh zone [class [view]]\n\ - Schedule immediate maintenance for a zone.\n\ - retransfer zone [class [view]]\n\ - Retransfer a single zone without checking serial number.\n\ + addzone zone [class [view]] { zone-options }\n\ + Add zone to given view. Requires new-zone-file option.\n\ + delzone zone [class [view]]\n\ + Removes zone from given view. Requires new-zone-file option.\n\ + dumpdb [-all|-cache|-zones] [view ...]\n\ + Dump cache(s) to the dump file (named_dump.db).\n\ + flush Flushes all of the server's caches.\n\ + flush [view] Flushes the server's cache for a view.\n\ + flushname name [view]\n\ + Flush the given name from the server's cache(s)\n\ + flushtree name [view]\n\ + Flush all names under the given name from the server's cache(s)\n\ freeze Suspend updates to all dynamic zones.\n\ freeze zone [class [view]]\n\ Suspend updates to a dynamic zone.\n\ - thaw Enable updates to all dynamic zones and reload them.\n\ - thaw zone [class [view]]\n\ - Enable updates to a frozen dynamic zone and reload it.\n\ - sync [-clean] Dump changes to all dynamic zones to disk, and optionally\n\ - remove their journal files.\n\ - sync [-clean] zone [class [view]]\n\ - Dump a single zone's changes to disk, and optionally\n\ - remove its journal file.\n\ - notify zone [class [view]]\n\ - Resend NOTIFY messages for the zone.\n\ - reconfig Reload configuration file and new zones only.\n\ - sign zone [class [view]]\n\ - Update zone keys, and sign as needed.\n\ + halt Stop the server without saving pending updates.\n\ + halt -p Stop the server without saving pending updates reporting\n\ + process id.\n\ loadkeys zone [class [view]]\n\ Update keys without signing immediately.\n\ - stats Write server statistics to the statistics file.\n\ + notify zone [class [view]]\n\ + Resend NOTIFY messages for the zone.\n\ + notrace Set debugging level to 0.\n\ querylog newstate\n\ Enable / disable query logging.\n\ - dumpdb [-all|-cache|-zones] [view ...]\n\ - Dump cache(s) to the dump file (named_dump.db).\n\ + reconfig Reload configuration file and new zones only.\n\ + recursing Dump the queries that are currently recursing (named.recursing)\n\ + refresh zone [class [view]]\n\ + Schedule immediate maintenance for a zone.\n\ + reload Reload configuration file and zones.\n\ + reload zone [class [view]]\n\ + Reload a single zone.\n\ + retransfer zone [class [view]]\n\ + Retransfer a single zone without checking serial number.\n\ secroots [view ...]\n\ Write security roots to the secroots file.\n\ + sign zone [class [view]]\n\ + Update zone keys, and sign as needed.\n\ + signing -clear all zone [class [view]]\n\ + Remove the private records for all keys that have\n\ + finished signing the given zone.\n\ + signing -clear <keyid>/<algorithm> zone [class [view]]\n\ + Remove the private record that indicating the given key\n\ + has finished signing the given zone.\n\ + signing -list zone [class [view]]\n\ + List the private records showing the state of DNSSEC\n\ + signing in the given zone.\n\ + signing -nsec3param hash flags iterations salt zone [class [view]]\n\ + Add NSEC3 chain to zone if already signed.\n\ + Prime zone with NSEC3 chain if not yet signed.\n\ + signing -nsec3param none zone [class [view]]\n\ + Remove NSEC3 chains from zone.\n\ + stats Write server statistics to the statistics file.\n\ + status Display status of the server.\n\ stop Save pending updates to master files and stop the server.\n\ stop -p Save pending updates to master files and stop the server\n\ reporting process id.\n\ - halt Stop the server without saving pending updates.\n\ - halt -p Stop the server without saving pending updates reporting\n\ - process id.\n\ + sync [-clean] Dump changes to all dynamic zones to disk, and optionally\n\ + remove their journal files.\n\ + sync [-clean] zone [class [view]]\n\ + Dump a single zone's changes to disk, and optionally\n\ + remove its journal file.\n\ + thaw Enable updates to all dynamic zones and reload them.\n\ + thaw zone [class [view]]\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ trace Increment debugging level by one.\n\ trace level Change the debugging level.\n\ - notrace Set debugging level to 0.\n\ - flush Flushes all of the server's caches.\n\ - flush [view] Flushes the server's cache for a view.\n\ - flushname name [view]\n\ - Flush the given name from the server's cache(s)\n\ - flushtree name [view]\n\ - Flush all names under the given name from the server's cache(s)\n\ - status Display status of the server.\n\ - recursing Dump the queries that are currently recursing (named.recursing)\n\ + tsig-delete keyname [view]\n\ + Delete a TKEY-negotiated TSIG key.\n\ tsig-list List all currently active TSIG keys, including both statically\n\ configured and TKEY-negotiated keys.\n\ - tsig-delete keyname [view] \n\ - Delete a TKEY-negotiated TSIG key.\n\ validation newstate [view]\n\ Enable / disable DNSSEC validation.\n\ - addzone [\"file\"] zone [class [view]] { zone-options }\n\ - Add zone to given view. Requires new-zone-file option.\n\ - delzone [\"file\"] zone [class [view]]\n\ - Removes zone from given view. Requires new-zone-file option.\n\ - signing -list zone [class [view]]\n\ - List the private records showing the state of DNSSEC\n\ - signing in the given zone.\n\ - signing -clear <keyid>/<algorithm> zone [class [view]]\n\ - Remove the private record that indicating the given key\n\ - has finished signing the given zone.\n\ - signing -clear all zone [class [view]]\n\ - Remove the private records for all keys that have\n\ - finished signing the given zone.\n\ - signing -nsec3param none zone [class [view]]\n\ - Remove NSEC3 chains from zone.\n\ - signing -nsec3param hash flags iterations salt zone [class [view]]\n\ - Add NSEC3 chain to zone if already signed.\n\ - Prime zone with NSEC3 chain if not yet signed.\n\ - *restart Restart the server.\n\ \n\ -* == not yet implemented\n\ Version: %s\n", progname, version); diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 694a4815dac6f..ce7b09930e962 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and/or distribute this software for any @@ -20,11 +20,11 @@ .\" Title: \fIrndc.conf\fR .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: June 30, 2000 +.\" Date: June 18, 2007 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "\fIRNDC.CONF\fR" "5" "June 30, 2000" "BIND9" "BIND9" +.TH "\fIRNDC.CONF\fR" "5" "June 18, 2007" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -208,7 +208,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC") .br Copyright \(co 2000, 2001 Internet Software Consortium. .br diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook index 9de1995467fdc..8dcdef819718d 100644 --- a/bin/rndc/rndc.conf.docbook +++ b/bin/rndc/rndc.conf.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.docbook,v 1.17 2007/06/18 23:47:25 tbox Exp $ --> <refentry id="man.rndc.conf"> <refentryinfo> - <date>June 30, 2000</date> + <date>June 18, 2007</date> </refentryinfo> <refmeta> @@ -40,6 +39,7 @@ <year>2004</year> <year>2005</year> <year>2007</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index b0f904b2ab37c..5b33584b98483 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543354"></a><h2>DESCRIPTION</h2> +<a name="id2543364"></a><h2>DESCRIPTION</h2> <p><code class="filename">rndc.conf</code> is the configuration file for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -117,7 +117,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543502"></a><h2>EXAMPLE</h2> +<a name="id2543512"></a><h2>EXAMPLE</h2> <pre class="programlisting"> options { default-server localhost; @@ -191,7 +191,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543594"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2543604"></a><h2>NAME SERVER CONFIGURATION</h2> <p> The name server must be configured to accept rndc connections and to recognize the key specified in the <code class="filename">rndc.conf</code> @@ -201,7 +201,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543616"></a><h2>SEE ALSO</h2> +<a name="id2543625"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>, @@ -209,7 +209,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543654"></a><h2>AUTHOR</h2> +<a name="id2543664"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index 2b91d2d57accf..5de34d27a3b84 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -18,10 +18,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ --> <refentry id="man.rndc"> <refentryinfo> - <date>June 7, 2013</date> + <date>December 04, 2013</date> </refentryinfo> <refmeta> @@ -41,6 +40,7 @@ <year>2005</year> <year>2007</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -632,8 +632,8 @@ <term><userinput>signing <optional>( -list | -clear <replaceable>keyid/algorithm</replaceable> | -clear <literal>all</literal> | -nsec3param ( <replaceable>parameters</replaceable> | <literal>none</literal> ) ) </optional> <replaceable>zone</replaceable> <optional><replaceable>class</replaceable> <optional><replaceable>view</replaceable></optional></optional> </userinput></term> <listitem> <para> - List, edit, or remove the DNSSEC signing state for - the specified zone. The status of ongoing DNSSEC + List, edit, or remove the DNSSEC signing state records + for the specified zone. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 34972772fe5a1..0e74ea3531edc 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005, 2007, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and/or distribute this software for any @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543418"></a><h2>DESCRIPTION</h2> +<a name="id2543428"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543453"></a><h2>OPTIONS</h2> +<a name="id2543463"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> <dd><p> @@ -127,7 +127,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543650"></a><h2>COMMANDS</h2> +<a name="id2543659"></a><h2>COMMANDS</h2> <p> A list of commands supported by <span><strong class="command">rndc</strong></span> can be seen by running <span><strong class="command">rndc</strong></span> without arguments. @@ -419,8 +419,8 @@ <dt><span class="term"><strong class="userinput"><code>signing [<span class="optional">( -list | -clear <em class="replaceable"><code>keyid/algorithm</code></em> | -clear <code class="literal">all</code> | -nsec3param ( <em class="replaceable"><code>parameters</code></em> | <code class="literal">none</code> ) ) </span>] <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>] </code></strong></span></dt> <dd> <p> - List, edit, or remove the DNSSEC signing state for - the specified zone. The status of ongoing DNSSEC + List, edit, or remove the DNSSEC signing state records + for the specified zone. The status of ongoing DNSSEC operations (such as signing or generating NSEC3 chains) is stored in the zone in the form of DNS resource records of type @@ -480,7 +480,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544843"></a><h2>LIMITATIONS</h2> +<a name="id2541986"></a><h2>LIMITATIONS</h2> <p> There is currently no way to provide the shared secret for a <code class="option">key_id</code> without using the configuration file. @@ -490,7 +490,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2542131"></a><h2>SEE ALSO</h2> +<a name="id2542004"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -500,7 +500,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2545190"></a><h2>AUTHOR</h2> +<a name="id2545200"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/arpaname.1 b/bin/tools/arpaname.1 index 5b582514224f7..d8a43171f502b 100644 --- a/bin/tools/arpaname.1 +++ b/bin/tools/arpaname.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: arpaname .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: March 4, 2009 +.\" Date: March 03, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "ARPANAME" "1" "March 4, 2009" "BIND9" "BIND9" +.TH "ARPANAME" "1" "March 03, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -44,5 +44,5 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/arpaname.docbook b/bin/tools/arpaname.docbook index 6fb3ca29e5a26..04fd54aec5933 100644 --- a/bin/tools/arpaname.docbook +++ b/bin/tools/arpaname.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: arpaname.docbook,v 1.1 2009/03/04 01:30:27 marka Exp $ --> <refentry id="man.arpaname"> <refentryinfo> - <date>March 4, 2009</date> + <date>March 03, 2009</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/arpaname.html b/bin/tools/arpaname.html index 92f46b4f71f62..29ea03b513993 100644 --- a/bin/tools/arpaname.html +++ b/bin/tools/arpaname.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,20 +31,20 @@ <div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543347"></a><h2>DESCRIPTION</h2> +<a name="id2543356"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543360"></a><h2>SEE ALSO</h2> +<a name="id2543369"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543373"></a><h2>AUTHOR</h2> +<a name="id2543383"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/genrandom.8 b/bin/tools/genrandom.8 index fd9ebf46eb800..30d50d7eaabcf 100644 --- a/bin/tools/genrandom.8 +++ b/bin/tools/genrandom.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: genrandom .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Feb 19, 2009 +.\" Date: August 08, 2011 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "GENRANDOM" "8" "Feb 19, 2009" "BIND9" "BIND9" +.TH "GENRANDOM" "8" "August 08, 2011" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -65,5 +65,5 @@ The file name into which random data should be written. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009\-2011, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/genrandom.c b/bin/tools/genrandom.c index 0d7eb726d6de2..7a6c64153ee79 100644 --- a/bin/tools/genrandom.c +++ b/bin/tools/genrandom.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -120,7 +120,9 @@ main(int argc, char **argv) { return (0); } - len = strlen(argv[isc_commandline_index]) + 2; + len = strlen(argv[isc_commandline_index]); + INSIST((len + 2) > len); + len += 2; name = (char *) malloc(len); if (name == NULL) { perror("malloc"); diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook index 33d5cf71d815a..ecc206a5496ce 100644 --- a/bin/tools/genrandom.docbook +++ b/bin/tools/genrandom.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: genrandom.docbook,v 1.8 2011/08/08 23:46:41 tbox Exp $ --> <refentry id="man.genrandom"> <refentryinfo> - <date>Feb 19, 2009</date> + <date>August 08, 2011</date> </refentryinfo> <refmeta> @@ -39,6 +38,7 @@ <year>2009</year> <year>2010</year> <year>2011</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/genrandom.html b/bin/tools/genrandom.html index 6b70434079734..e125a0120889e 100644 --- a/bin/tools/genrandom.html +++ b/bin/tools/genrandom.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2011, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543368"></a><h2>DESCRIPTION</h2> +<a name="id2543378"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">genrandom</strong></span> generates a file or a set of files containing a specified quantity @@ -40,7 +40,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543381"></a><h2>ARGUMENTS</h2> +<a name="id2543390"></a><h2>ARGUMENTS</h2> <div class="variablelist"><dl> <dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt> <dd><p> @@ -58,14 +58,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543442"></a><h2>SEE ALSO</h2> +<a name="id2543451"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543468"></a><h2>AUTHOR</h2> +<a name="id2543478"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8 index 6364e54d94b8f..1b842fbd00b7e 100644 --- a/bin/tools/isc-hmac-fixup.8 +++ b/bin/tools/isc-hmac-fixup.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: isc\-hmac\-fixup .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: January 5, 2010 +.\" Date: April 28, 2013 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "ISC\-HMAC\-FIXUP" "8" "January 5, 2010" "BIND9" "BIND9" +.TH "ISC\-HMAC\-FIXUP" "8" "April 28, 2013" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -57,5 +57,5 @@ RFC 2104. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2010, 2013 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/isc-hmac-fixup.c b/bin/tools/isc-hmac-fixup.c index daf391a81cd68..00613b387c48c 100644 --- a/bin/tools/isc-hmac-fixup.c +++ b/bin/tools/isc-hmac-fixup.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2010, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -52,7 +52,7 @@ main(int argc, char **argv) { fprintf(stderr, "error: %s\n", isc_result_totext(result)); return (1); } - isc__buffer_usedregion(&buf, &r); + isc_buffer_usedregion(&buf, &r); if (!strcasecmp(argv[1], "md5") || !strcasecmp(argv[1], "hmac-md5")) { diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook index cc72373352c49..986c30b8551c0 100644 --- a/bin/tools/isc-hmac-fixup.docbook +++ b/bin/tools/isc-hmac-fixup.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: isc-hmac-fixup.docbook,v 1.2 2010/01/07 21:52:11 each Exp $ --> <refentry id="man.isc-hmac-fixup"> <refentryinfo> - <date>January 5, 2010</date> + <date>April 28, 2013</date> </refentryinfo> <refmeta> @@ -38,6 +37,7 @@ <copyright> <year>2010</year> <year>2013</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/isc-hmac-fixup.html b/bin/tools/isc-hmac-fixup.html index f5ab4b5a2054f..cb975589c25e9 100644 --- a/bin/tools/isc-hmac-fixup.html +++ b/bin/tools/isc-hmac-fixup.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2010, 2013 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2010, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543355"></a><h2>DESCRIPTION</h2> +<a name="id2543366"></a><h2>DESCRIPTION</h2> <p> Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543379"></a><h2>SECURITY CONSIDERATIONS</h2> +<a name="id2543389"></a><h2>SECURITY CONSIDERATIONS</h2> <p> Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span> are shortened, but as this is how the HMAC protocol works in @@ -68,14 +68,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543393"></a><h2>SEE ALSO</h2> +<a name="id2543403"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2104</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543410"></a><h2>AUTHOR</h2> +<a name="id2543489"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/named-journalprint.8 b/bin/tools/named-journalprint.8 index 670cd5d3dda09..ec91eb2734942 100644 --- a/bin/tools/named-journalprint.8 +++ b/bin/tools/named-journalprint.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: named\-journalprint .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Feb 18, 2009 +.\" Date: December 04, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NAMED\-JOURNALPRINT" "8" "Feb 18, 2009" "BIND9" "BIND9" +.TH "NAMED\-JOURNALPRINT" "8" "December 04, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -56,5 +56,5 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/named-journalprint.docbook b/bin/tools/named-journalprint.docbook index d0bea2c483ada..8d65c8e30093b 100644 --- a/bin/tools/named-journalprint.docbook +++ b/bin/tools/named-journalprint.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-journalprint.docbook,v 1.2 2009/12/04 21:59:23 marka Exp $ --> <refentry id="man.named-journalprint"> <refentryinfo> - <date>Feb 18, 2009</date> + <date>December 04, 2009</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/named-journalprint.html b/bin/tools/named-journalprint.html index 8639ee885a86d..3e5e19f239f22 100644 --- a/bin/tools/named-journalprint.html +++ b/bin/tools/named-journalprint.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543344"></a><h2>DESCRIPTION</h2> +<a name="id2543354"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-journalprint</strong></span> prints the contents of a zone journal file in a human-readable @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543379"></a><h2>SEE ALSO</h2> +<a name="id2543389"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>, @@ -65,7 +65,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543410"></a><h2>AUTHOR</h2> +<a name="id2543420"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/nsec3hash.8 b/bin/tools/nsec3hash.8 index 324391042c904..d4444ce8e2c32 100644 --- a/bin/tools/nsec3hash.8 +++ b/bin/tools/nsec3hash.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -19,11 +19,11 @@ .\" Title: nsec3hash .\" Author: .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> -.\" Date: Feb 18, 2009 +.\" Date: March 02, 2009 .\" Manual: BIND9 .\" Source: BIND9 .\" -.TH "NSEC3HASH" "8" "Feb 18, 2009" "BIND9" "BIND9" +.TH "NSEC3HASH" "8" "March 02, 2009" "BIND9" "BIND9" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -66,5 +66,5 @@ RFC 5155. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2014 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/nsec3hash.c b/bin/tools/nsec3hash.c index 57f24c251eee5..1a2a9558bf3f8 100644 --- a/bin/tools/nsec3hash.c +++ b/bin/tools/nsec3hash.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2008, 2009, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008, 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -59,8 +59,9 @@ check_result(isc_result_t result, const char *message) { } static void -usage() { - printf("Usage: %s salt algorithm iterations domain\n", program); +usage(void) { + fprintf(stderr, "Usage: %s salt algorithm iterations domain\n", + program); exit(1); } @@ -115,7 +116,7 @@ main(int argc, char **argv) { region.base = hash; region.length = length; isc_buffer_init(&buffer, text, sizeof(text)); - isc_base32hex_totext(®ion, 1, "", &buffer); + isc_base32hexnp_totext(®ion, 1, "", &buffer); fprintf(stdout, "%.*s (salt=%s, hash=%u, iterations=%u)\n", (int)isc_buffer_usedlength(&buffer), text, argv[1], hash_alg, iterations); return(0); diff --git a/bin/tools/nsec3hash.docbook b/bin/tools/nsec3hash.docbook index d20eb83b990b6..618e53a1aae7e 100644 --- a/bin/tools/nsec3hash.docbook +++ b/bin/tools/nsec3hash.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,10 +17,9 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsec3hash.docbook,v 1.3 2009/03/02 23:47:43 tbox Exp $ --> <refentry id="man.nsec3hash"> <refentryinfo> - <date>Feb 18, 2009</date> + <date>March 02, 2009</date> </refentryinfo> <refmeta> @@ -37,6 +36,7 @@ <docinfo> <copyright> <year>2009</year> + <year>2014</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/nsec3hash.html b/bin/tools/nsec3hash.html index e5b5a14842a40..acb83e6ee1526 100644 --- a/bin/tools/nsec3hash.html +++ b/bin/tools/nsec3hash.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543369"></a><h2>DESCRIPTION</h2> +<a name="id2543379"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -39,7 +39,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543382"></a><h2>ARGUMENTS</h2> +<a name="id2543392"></a><h2>ARGUMENTS</h2> <div class="variablelist"><dl> <dt><span class="term">salt</span></dt> <dd><p> @@ -63,14 +63,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543444"></a><h2>SEE ALSO</h2> +<a name="id2543453"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 5155</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543461"></a><h2>AUTHOR</h2> +<a name="id2543470"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |