diff options
Diffstat (limited to 'bin')
88 files changed, 2154 insertions, 1372 deletions
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 1b67ca88596f5..f4d573db916a9 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.c,v 1.4.12.7 2004/11/30 01:15:40 marka Exp $ */ +/* $Id: check-tool.c,v 1.4.12.11 2007/09/13 05:18:07 each Exp $ */ #include <config.h> #include <stdio.h> -#include <string.h> #include "check-tool.h" #include <isc/util.h> @@ -29,6 +28,7 @@ #include <isc/log.h> #include <isc/region.h> #include <isc/stdio.h> +#include <isc/string.h> #include <isc/types.h> #include <dns/fixedname.h> diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h index 105cd258ca3d6..cbe18afa25b04 100644 --- a/bin/check/check-tool.h +++ b/bin/check/check-tool.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.h,v 1.2.12.5 2004/03/08 04:04:13 marka Exp $ */ +/* $Id: check-tool.h,v 1.2.12.8 2007/08/28 07:19:07 tbox Exp $ */ #ifndef CHECK_TOOL_H #define CHECK_TOOL_H diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index 7d0633582dbfa..148e6c59d5dff 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -1,5 +1,5 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") -.\" Copyright (C) 2000-2002 Internet Software Consortium. +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.11.12.8 2006/06/29 13:02:30 marka Exp $ +.\" $Id: named-checkconf.8,v 1.11.12.13 2007/06/20 02:26:23 marka Exp $ .\" .hy 0 .ad l .\" Title: named\-checkconf .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 14, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -39,27 +39,37 @@ named\-checkconf \- named configuration file syntax checking tool \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file. .SH "OPTIONS" -.TP 3n +.PP \-t \fIdirectory\fR -chroot to +.RS 4 +Chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP 3n +.RE +.PP \-v +.RS 4 Print the version of the \fBnamed\-checkconf\fR program and exit. -.TP 3n +.RE +.PP \-z -Perform a check load the master zonefiles found in +.RS 4 +Perform a test load of all master zones found in \fInamed.conf\fR. -.TP 3n +.RE +.PP \-j +.RS 4 When loading a zonefile read the journal if it exists. -.TP 3n +.RE +.PP filename +.RS 4 The name of the configuration file to be checked. If not specified, it defaults to \fI/etc/named.conf\fR. +.RE .SH "RETURN VALUES" .PP \fBnamed\-checkconf\fR @@ -67,9 +77,13 @@ returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkzone\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index f50461d792561..cc0101c31e609 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.12.12.11 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: named-checkconf.c,v 1.12.12.14 2007/08/28 07:19:07 tbox Exp $ */ #include <config.h> diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index c2529f642fe07..b955becd80919 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.7 2005/05/12 21:35:56 sra Exp $ --> +<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.13 2007/08/28 07:19:07 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,12 +35,14 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> <year>2000</year> <year>2001</year> <year>2002</year> + <year>2003</year> <holder>Internet Software Consortium.</holder> </copyright> </docinfo> @@ -77,7 +79,7 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - chroot to <filename>directory</filename> so that include + Chroot to <filename>directory</filename> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </para> @@ -98,7 +100,7 @@ <term>-z</term> <listitem> <para> - Perform a check load the master zonefiles found in + Perform a test load of all master zones found in <filename>named.conf</filename>. </para> </listitem> @@ -142,6 +144,9 @@ <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, + <citerefentry> + <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> </refsect1> diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index 2283c51626154..0617e0bbc64fd 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -1,6 +1,6 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: named-checkconf.html,v 1.5.2.1.4.21 2007/06/20 02:26:23 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkconf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkconf</span> — named configuration file syntax checking tool</p> @@ -32,18 +32,18 @@ <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549430"></a><h2>DESCRIPTION</h2> +<a name="id2543374"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a named configuration file. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549443"></a><h2>OPTIONS</h2> +<a name="id2543387"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> - chroot to <code class="filename">directory</code> so that include + Chroot to <code class="filename">directory</code> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </p></dd> @@ -54,7 +54,7 @@ </p></dd> <dt><span class="term">-z</span></dt> <dd><p> - Perform a check load the master zonefiles found in + Perform a test load of all master zones found in <code class="filename">named.conf</code>. </p></dd> <dt><span class="term">-j</span></dt> @@ -69,21 +69,22 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549534"></a><h2>RETURN VALUES</h2> +<a name="id2543479"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549547"></a><h2>SEE ALSO</h2> +<a name="id2543492"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549639"></a><h2>AUTHOR</h2> +<a name="id2543524"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index f50085c78456b..b6402626dc7a0 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -1,5 +1,5 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") -.\" Copyright (C) 2000-2002 Internet Software Consortium. +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.11.2.1.8.11 2006/10/05 02:50:17 marka Exp $ +.\" $Id: named-checkzone.8,v 1.11.2.1.8.16 2007/06/20 02:26:23 marka Exp $ .\" .hy 0 .ad l .\" Title: named\-checkzone .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 13, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -43,25 +43,36 @@ does when loading a zone. This makes \fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server. .SH "OPTIONS" -.TP 3n +.PP \-d +.RS 4 Enable debugging. -.TP 3n +.RE +.PP \-q +.RS 4 Quiet mode \- exit code only. -.TP 3n +.RE +.PP \-v +.RS 4 Print the version of the \fBnamed\-checkzone\fR program and exit. -.TP 3n +.RE +.PP \-j +.RS 4 When loading the zone file read the journal if it exists. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specify the class of the zone. If not specified "IN" is assumed. -.TP 3n +.RE +.PP \-k \fImode\fR +.RS 4 Perform \fB"check\-names"\fR checks with the specified failure mode. Possible modes are @@ -69,37 +80,52 @@ checks with the specified failure mode. Possible modes are \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP 3n +.RE +.PP \-n \fImode\fR +.RS 4 Specify whether NS records should be checked to see if they are addresses. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR. -.TP 3n +.RE +.PP \-o \fIfilename\fR +.RS 4 Write zone output to \fIfilename\fR. -.TP 3n +.RE +.PP \-t \fIdirectory\fR -chroot to +.RS 4 +Chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named. -.TP 3n +.RE +.PP \-w \fIdirectory\fR +.RS 4 chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in \fInamed.conf\fR. -.TP 3n +.RE +.PP \-D +.RS 4 Dump zone file in canonical format. -.TP 3n +.RE +.PP zonename +.RS 4 The domain name of the zone being checked. -.TP 3n +.RE +.PP filename +.RS 4 The name of the zone file. +.RE .SH "RETURN VALUES" .PP \fBnamed\-checkzone\fR @@ -107,10 +133,14 @@ returns an exit status of 1 if errors were detected and 0 otherwise. .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), RFC 1035, BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index a24e92b49963b..9ea37e19c7e37 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.13 2006/09/30 23:58:36 marka Exp $ --> +<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.19 2007/08/28 07:19:07 tbox Exp $ --> <refentry> <refentryinfo> @@ -36,12 +36,14 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> <year>2000</year> <year>2001</year> <year>2002</year> + <year>2003</year> <holder>Internet Software Consortium.</holder> </copyright> </docinfo> @@ -168,7 +170,7 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - chroot to <filename>directory</filename> so that include + Chroot to <filename>directory</filename> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </para> @@ -233,6 +235,9 @@ <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, + <citerefentry> + <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, <citetitle>RFC 1035</citetitle>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>. </para> diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index 8f5195a6d8f85..295da1362673f 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -1,6 +1,6 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.html,v 1.5.2.2.4.17 2006/10/05 02:50:17 marka Exp $ --> +<!-- $Id: named-checkzone.html,v 1.5.2.2.4.23 2007/06/20 02:26:23 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named-checkzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named-checkzone</span> — zone file validity checking tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549490"></a><h2>DESCRIPTION</h2> +<a name="id2543434"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> @@ -42,7 +42,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549510"></a><h2>OPTIONS</h2> +<a name="id2543454"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -85,7 +85,7 @@ </p></dd> <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd><p> - chroot to <code class="filename">directory</code> so that include + Chroot to <code class="filename">directory</code> so that include directives in the configuration file are processed as if run by a similarly chrooted named. </p></dd> @@ -111,22 +111,23 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549824"></a><h2>RETURN VALUES</h2> +<a name="id2543700"></a><h2>RETURN VALUES</h2> <p> <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549836"></a><h2>SEE ALSO</h2> +<a name="id2543713"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549863"></a><h2>AUTHOR</h2> +<a name="id2543748"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in index 65c14ce882221..c68e6d8f316b1 100644 --- a/bin/dig/Makefile.in +++ b/bin/dig/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2000-2002 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.25.12.12 2004/08/18 23:25:57 marka Exp $ +# $Id: Makefile.in,v 1.25.12.15 2007/08/28 07:19:07 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 735f31c2a570b..a5f5ff3c04a38 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.14.2.4.2.11 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dig.1,v 1.14.2.4.2.18 2007/05/16 06:10:54 marka Exp $ .\" .hy 0 .ad l .\" Title: dig .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -50,7 +50,7 @@ Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR -option is given. Unlike earlier versions, the BIND9 implementation of +option is given. Unlike earlier versions, the BIND 9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line. .PP @@ -65,21 +65,28 @@ It is possible to set per\-user defaults for \fBdig\fR via \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments. +.PP +The IN and CH class names overlap with the IN and CH top level domains names. Either use the +\fB\-t\fR +and +\fB\-c\fR +options to specify the type and class or use "IN." and "CH." when looking up these top level domains. .SH "SIMPLE USAGE" .PP A typical invocation of \fBdig\fR looks like: .sp -.RS 3n +.RS 4 .nf dig @server name type .fi .RE .sp where: -.TP 3n +.PP \fBserver\fR +.RS 4 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied \fIserver\fR argument is a hostname, @@ -91,11 +98,15 @@ argument is provided, consults \fI/etc/resolv.conf\fR and queries the name servers listed there. The reply from the name server that responds is displayed. -.TP 3n +.RE +.PP \fBname\fR +.RS 4 is the name of the resource record that is to be looked up. -.TP 3n +.RE +.PP \fBtype\fR +.RS 4 indicates what type of query is required \(em ANY, A, MX, SIG, etc. \fItype\fR can be any valid query type. If no @@ -103,6 +114,7 @@ can be any valid query type. If no argument is supplied, \fBdig\fR will perform a lookup for an A record. +.RE .SH "OPTIONS" .PP The @@ -114,14 +126,14 @@ The default query class (IN for internet) is overridden by the \fB\-c\fR option. \fIclass\fR -is any valid class, such as HS for Hesiod records or CH for CHAOSNET records. +is any valid class, such as HS for Hesiod records or CH for Chaosnet records. .PP The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file -\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to +\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to \fBdig\fR using the command\-line interface. .PP @@ -146,7 +158,7 @@ to only use IPv6 query transport. The \fB\-t\fR option sets the query type to -\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the +\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, \fItype\fR @@ -154,7 +166,7 @@ is set to ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR. .PP -Reverse lookups \- mapping addresses to names \- are simplified by the +Reverse lookups \(em mapping addresses to names \(em are simplified by the \fB\-x\fR option. \fIaddr\fR @@ -202,19 +214,26 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k no to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form \fB+keyword=value\fR. The query options are: -.TP 3n +.PP \fB+[no]tcp\fR -Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. -.TP 3n +.RS 4 +Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. +.RE +.PP \fB+[no]vc\fR +.RS 4 Use [do not use] TCP when querying name servers. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility. The "vc" stands for "virtual circuit". -.TP 3n +.RE +.PP \fB+[no]ignore\fR +.RS 4 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed. -.TP 3n +.RE +.PP \fB+domain=somename\fR +.RS 4 Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR @@ -222,36 +241,54 @@ directive in \fI/etc/resolv.conf\fR, and enable search list processing as if the \fI+search\fR option were given. -.TP 3n +.RE +.PP \fB+[no]search\fR +.RS 4 Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv.conf\fR (if any). The search list is not used by default. -.TP 3n +.RE +.PP \fB+[no]defname\fR +.RS 4 Deprecated, treated as a synonym for \fI+[no]search\fR -.TP 3n +.RE +.PP \fB+[no]aaonly\fR +.RS 4 Sets the "aa" flag in the query. -.TP 3n +.RE +.PP \fB+[no]aaflag\fR +.RS 4 A synonym for \fI+[no]aaonly\fR. -.TP 3n +.RE +.PP \fB+[no]adflag\fR +.RS 4 Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness. -.TP 3n +.RE +.PP \fB+[no]cdflag\fR +.RS 4 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses. -.TP 3n +.RE +.PP \fB+[no]cl\fR +.RS 4 Display [do not display] the CLASS when printing the record. -.TP 3n +.RE +.PP \fB+[no]ttlid\fR +.RS 4 Display [do not display] the TTL when printing the record. -.TP 3n +.RE +.PP \fB+[no]recurse\fR +.RS 4 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means \fBdig\fR normally sends recursive queries. Recursion is automatically disabled when the @@ -259,75 +296,109 @@ normally sends recursive queries. Recursion is automatically disabled when the or \fI+trace\fR query options are used. -.TP 3n +.RE +.PP \fB+[no]nssearch\fR +.RS 4 When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone. -.TP 3n +.RE +.PP \fB+[no]trace\fR +.RS 4 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup. -.TP 3n +.RE +.PP \fB+[no]cmd\fR -toggles the printing of the initial comment in the output identifying the version of +.RS 4 +Toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied. This comment is printed by default. -.TP 3n +.RE +.PP \fB+[no]short\fR +.RS 4 Provide a terse answer. The default is to print the answer in a verbose form. -.TP 3n +.RE +.PP \fB+[no]identify\fR +.RS 4 Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer. -.TP 3n +.RE +.PP \fB+[no]comments\fR +.RS 4 Toggle the display of comment lines in the output. The default is to print comments. -.TP 3n +.RE +.PP \fB+[no]stats\fR -This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics. -.TP 3n +.RS 4 +This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics. +.RE +.PP \fB+[no]qr\fR +.RS 4 Print [do not print] the query as it is sent. By default, the query is not printed. -.TP 3n +.RE +.PP \fB+[no]question\fR +.RS 4 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment. -.TP 3n +.RE +.PP \fB+[no]answer\fR +.RS 4 Display [do not display] the answer section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]authority\fR +.RS 4 Display [do not display] the authority section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]additional\fR +.RS 4 Display [do not display] the additional section of a reply. The default is to display it. -.TP 3n +.RE +.PP \fB+[no]all\fR +.RS 4 Set or clear all display flags. -.TP 3n +.RE +.PP \fB+time=T\fR +.RS 4 Sets the timeout for a query to \fIT\fR -seconds. The default time out is 5 seconds. An attempt to set +seconds. The default timeout is 5 seconds. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied. -.TP 3n +.RE +.PP \fB+tries=T\fR +.RS 4 Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1. -.TP 3n +.RE +.PP \fB+retry=T\fR +.RS 4 Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2. Unlike \fI+tries\fR, this does not include the initial query. -.TP 3n +.RE +.PP \fB+ndots=D\fR +.RS 4 Set the number of dots that have to appear in \fIname\fR to @@ -339,30 +410,44 @@ or \fBdomain\fR directive in \fI/etc/resolv.conf\fR. -.TP 3n +.RE +.PP \fB+bufsize=B\fR +.RS 4 Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. -.TP 3n +.RE +.PP \fB+[no]multiline\fR +.RS 4 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output. -.TP 3n +.RE +.PP \fB+[no]fail\fR -Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour. -.TP 3n +.RS 4 +Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior. +.RE +.PP \fB+[no]besteffort\fR +.RS 4 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers. -.TP 3n +.RE +.PP \fB+[no]dnssec\fR +.RS 4 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query. -.TP 3n +.RE +.PP \fB+[no]sigchase\fR +.RS 4 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+trusted\-key=####\fR +.RS 4 Specifies a file containing trusted keys to be used with \fB+sigchase\fR. Each DNSKEY record must be on its own line. .sp @@ -375,9 +460,12 @@ then in the current directory. .sp Requires dig be compiled with \-DDIG_SIGCHASE. -.TP 3n +.RE +.PP \fB+[no]topdown\fR -When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RS 4 +When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE. +.RE .SH "MULTIPLE QUERIES" .PP The BIND 9 implementation of @@ -394,7 +482,7 @@ A global set of query options, which should be applied to all queries, can also \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options. For example: .sp -.RS 3n +.RS 4 .nf dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr .fi @@ -425,8 +513,11 @@ isc.org. \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035. -.SH "BUGS " +.SH "BUGS" .PP There are probably too many query options. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 619e0298064bf..763613dfca79b 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.157.2.13.2.31 2006/07/22 23:52:57 marka Exp $ */ +/* $Id: dig.c,v 1.157.2.13.2.35 2007/08/28 07:19:07 tbox Exp $ */ #include <config.h> #include <stdlib.h> @@ -625,42 +625,6 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) { } } -/* - * Reorder an argument list so that server names all come at the end. - * This is a bit of a hack, to allow batch-mode processing to properly - * handle the server options. - */ -static void -reorder_args(int argc, char *argv[]) { - int i, j; - char *ptr; - int end; - - debug("reorder_args()"); - end = argc - 1; - while (argv[end][0] == '@') { - end--; - if (end == 0) - return; - } - debug("arg[end]=%s", argv[end]); - for (i = 1; i < end - 1; i++) { - if (argv[i][0] == '@') { - debug("arg[%d]=%s", i, argv[i]); - ptr = argv[i]; - for (j = i + 1; j < end; j++) { - debug("Moving %s to %d", argv[j], j - 1); - argv[j - 1] = argv[j]; - } - debug("moving %s to end, %d", ptr, end - 1); - argv[end - 1] = ptr; - end--; - if (end < 1) - return; - } - } -} - static isc_uint32_t parse_uint(char *arg, const char *desc, isc_uint32_t max) { isc_result_t result; @@ -1054,7 +1018,8 @@ static const char *single_dash_opts = "46dhimnv"; static const char *dash_opts = "46bcdfhikmnptvyx"; static isc_boolean_t dash_option(char *option, char *next, dig_lookup_t **lookup, - isc_boolean_t *open_type_class) + isc_boolean_t *open_type_class, isc_boolean_t *need_clone, + int argc, char **argv, isc_boolean_t *firstarg) { char opt, *value, *ptr; isc_result_t result; @@ -1245,7 +1210,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, keysecret[sizeof(keysecret)-1]=0; return (value_from_next); case 'x': - *lookup = clone_lookup(default_lookup, ISC_TRUE); + if (*need_clone) + *lookup = clone_lookup(default_lookup, ISC_TRUE); + *need_clone = ISC_TRUE; if (get_reverse(textname, sizeof(textname), value, ip6_int, ISC_FALSE) == ISC_R_SUCCESS) { strncpy((*lookup)->textname, textname, @@ -1259,6 +1226,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, if (!(*lookup)->rdclassset) (*lookup)->rdclass = dns_rdataclass_in; (*lookup)->new_search = ISC_TRUE; + if (*firstarg) { + printgreeting(argc, argv, *lookup); + *firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, *lookup, link); } else { fprintf(stderr, "Invalid IP address %s\n", value); @@ -1349,6 +1320,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, char rcfile[256]; #endif char *input; + int i; + isc_boolean_t need_clone = ISC_TRUE; /* * The semantics for parsing the args is a bit complex; if @@ -1396,7 +1369,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug(".digrc argv %d: %s", + i, bargv[i]); parse_args(ISC_TRUE, ISC_TRUE, bargc, (char **)bargv); } @@ -1405,7 +1380,12 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, #endif } - lookup = default_lookup; + if (is_batchfile && !config_only) { + /* Processing '-f batchfile'. */ + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_FALSE; + } else + lookup = default_lookup; rc = argc; rv = argv; @@ -1421,13 +1401,17 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, } else if (rv[0][0] == '-') { if (rc <= 1) { if (dash_option(&rv[0][1], NULL, - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } } else { if (dash_option(&rv[0][1], rv[1], - &lookup, &open_type_class)) { + &lookup, &open_type_class, + &need_clone, argc, argv, + &firstarg)) { rc--; rv++; } @@ -1495,21 +1479,29 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, continue; } } + if (!config_only) { - lookup = clone_lookup(default_lookup, - ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, + ISC_TRUE); + need_clone = ISC_TRUE; strncpy(lookup->textname, rv[0], sizeof(lookup->textname)); lookup->textname[sizeof(lookup->textname)-1]=0; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; + if (firstarg) { + printgreeting(argc, argv, lookup); + firstarg = ISC_FALSE; + } ISC_LIST_APPEND(lookup_list, lookup, link); debug("looking up %s", lookup->textname); } /* XXX Error message */ } } + /* * If we have a batchfile, seed the lookup list with the * first entry, then trust the callback in dighost_shutdown @@ -1544,15 +1536,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, bargv[0] = argv[0]; argv0 = argv[0]; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); + return; } + return; } /* * If no lookup specified, search for root */ if ((lookup_list.head == NULL) && !config_only) { - lookup = clone_lookup(default_lookup, ISC_TRUE); + if (need_clone) + lookup = clone_lookup(default_lookup, ISC_TRUE); + need_clone = ISC_TRUE; lookup->trace_root = ISC_TF(lookup->trace || lookup->ns_search_only); lookup->new_search = ISC_TRUE; @@ -1564,10 +1561,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, firstarg = ISC_FALSE; } ISC_LIST_APPEND(lookup_list, lookup, link); - } else if (!config_only && firstarg) { - printgreeting(argc, argv, lookup); - firstarg = ISC_FALSE; } + if (!need_clone) + destroy_lookup(lookup); } /* @@ -1581,7 +1577,7 @@ dighost_shutdown(void) { int bargc; char *bargv[16]; char *input; - + int i; if (batchname == NULL) { isc_app_shutdown(); @@ -1609,7 +1605,8 @@ dighost_shutdown(void) { bargv[0] = argv0; - reorder_args(bargc, (char **)bargv); + for(i = 0; i < bargc; i++) + debug("batch argv %d: %s", i, bargv[i]); parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv); start_lookup(); } else { @@ -1624,7 +1621,6 @@ dighost_shutdown(void) { int main(int argc, char **argv) { isc_result_t result; - dig_server_t *s, *s2; ISC_LIST_INIT(lookup_list); ISC_LIST_INIT(server_list); @@ -1645,16 +1641,7 @@ main(int argc, char **argv) { result = isc_app_onrun(mctx, global_task, onrun_callback, NULL); check_result(result, "isc_app_onrun"); isc_app_run(); - s = ISC_LIST_HEAD(default_lookup->my_server_list); - while (s != NULL) { - debug("freeing server %p belonging to %p", - s, default_lookup); - s2 = s; - s = ISC_LIST_NEXT(s, link); - ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link); - isc_mem_free(mctx, s2); - } - isc_mem_free(mctx, default_lookup); + destroy_lookup(default_lookup); if (batchname != NULL) { if (batchfp != stdin) fclose(batchfp); diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 87c98ae7b1f09..82b2516cbbe6f 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.4.2.7.4.12 2005/08/30 00:50:29 marka Exp $ --> +<!-- $Id: dig.docbook,v 1.4.2.7.4.20 2007/08/28 07:19:07 tbox Exp $ --> <refentry> @@ -36,6 +36,8 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -101,7 +103,7 @@ Although <command>dig</command> is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the <option>-h</option> option is given. -Unlike earlier versions, the BIND9 implementation of +Unlike earlier versions, the BIND 9 implementation of <command>dig</command> allows multiple lookups to be issued from the command line. </para> @@ -123,6 +125,13 @@ It is possible to set per-user defaults for <command>dig</command> via are applied before the command line arguments. </para> + <para> + The IN and CH class names overlap with the IN and CH top level + domains names. Either use the <option>-t</option> and + <option>-c</option> options to specify the type and class or + use "IN." and "CH." when looking up these top level domains. + </para> + </refsect1> <refsect1> @@ -179,14 +188,14 @@ may be specified by appending "#<port>" <para> The default query class (IN for internet) is overridden by the <option>-c</option> option. <parameter>class</parameter> is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. +class, such as HS for Hesiod records or CH for Chaosnet records. </para> <para> The <option>-f</option> option makes <command>dig </command> operate in batch mode by reading a list of lookup requests to process from the file <parameter>filename</parameter>. The file contains a number of -queries, one per line. Each entry in the file should be organised in +queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to <command>dig</command> using the command-line interface. </para> @@ -209,7 +218,7 @@ use IPv4 query transport. The <option>-6</option> option forces <para> The <option>-t</option> option sets the query type to <parameter>type</parameter>. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the +supported in BIND 9. The default query type is "A", unless the <option>-x</option> option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, @@ -220,7 +229,7 @@ since the serial number in the zone's SOA record was </para> <para> -Reverse lookups - mapping addresses to names - are simplified by the +Reverse lookups — mapping addresses to names — are simplified by the <option>-x</option> option. <parameter>addr</parameter> is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the @@ -283,7 +292,7 @@ The query options are: <varlistentry><term><option>+[no]tcp</option></term> <listitem><para> Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in +behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. </para></listitem></varlistentry> @@ -384,7 +393,7 @@ resolve the lookup. <varlistentry><term><option>+[no]cmd</option></term> <listitem><para> -toggles the printing of the initial comment in the output identifying +Toggles the printing of the initial comment in the output identifying the version of <command>dig</command> and the query options that have been applied. This comment is printed by default. </para></listitem></varlistentry> @@ -412,7 +421,7 @@ print comments. <varlistentry><term><option>+[no]stats</option></term> <listitem><para> This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is +was made, the size of the reply and so on. The default behavior is to print the query statistics. </para></listitem></varlistentry> @@ -455,7 +464,7 @@ Set or clear all display flags. <listitem><para> Sets the timeout for a query to -<parameter>T</parameter> seconds. The default time out is 5 seconds. +<parameter>T</parameter> seconds. The default timeout is 5 seconds. An attempt to set <parameter>T</parameter> to less than 1 will result in a query timeout of 1 second being applied. </para></listitem></varlistentry> @@ -509,7 +518,7 @@ of the <command>dig</command> output. <listitem><para> Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver -behaviour. +behavior. </para></listitem></varlistentry> <varlistentry><term><option>+[no]besteffort</option></term> @@ -551,7 +560,7 @@ Chase DNSSEC signature chains. Requires dig be compiled with <varlistentry><term><option>+[no]topdown</option></term> <listitem><para> -When chasing DNSSEC signature chains perform a top down validation. +When chasing DNSSEC signature chains perform a top-down validation. Requires dig be compiled with -DDIG_SIGCHASE. </para></listitem></varlistentry> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index 06771b3a1c265..054c1974656bd 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.6.2.4.2.15 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: dig.html,v 1.6.2.4.2.23 2007/05/16 06:10:54 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dig</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>dig — DNS lookup utility</p> @@ -34,7 +34,7 @@ <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549541"></a><h2>DESCRIPTION</h2> +<a name="id2543485"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -49,7 +49,7 @@ Although <span><strong class="command">dig</strong></span> is normally used with arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the <code class="option">-h</code> option is given. -Unlike earlier versions, the BIND9 implementation of +Unlike earlier versions, the BIND 9 implementation of <span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the command line. </p> @@ -67,9 +67,15 @@ It is possible to set per-user defaults for <span><strong class="command">dig</s <code class="filename">${HOME}/.digrc</code>. This file is read and any options in it are applied before the command line arguments. </p> +<p> + The IN and CH class names overlap with the IN and CH top level + domains names. Either use the <code class="option">-t</code> and + <code class="option">-c</code> options to specify the type and class or + use "IN." and "CH." when looking up these top level domains. + </p> </div> <div class="refsect1" lang="en"> -<a name="id2549600"></a><h2>SIMPLE USAGE</h2> +<a name="id2543554"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -107,7 +113,7 @@ ANY, A, MX, SIG, etc. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549747"></a><h2>OPTIONS</h2> +<a name="id2543633"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid address on @@ -117,13 +123,13 @@ may be specified by appending "#<port>" <p> The default query class (IN for internet) is overridden by the <code class="option">-c</code> option. <em class="parameter"><code>class</code></em> is any valid -class, such as HS for Hesiod records or CH for CHAOSNET records. +class, such as HS for Hesiod records or CH for Chaosnet records. </p> <p> The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate in batch mode by reading a list of lookup requests to process from the file <em class="parameter"><code>filename</code></em>. The file contains a number of -queries, one per line. Each entry in the file should be organised in +queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to <span><strong class="command">dig</strong></span> using the command-line interface. </p> @@ -143,7 +149,7 @@ use IPv4 query transport. The <code class="option">-6</code> option forces <p> The <code class="option">-t</code> option sets the query type to <em class="parameter"><code>type</code></em>. It can be any valid query type which is -supported in BIND9. The default query type "A", unless the +supported in BIND 9. The default query type is "A", unless the <code class="option">-x</code> option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required, @@ -153,7 +159,7 @@ since the serial number in the zone's SOA record was <em class="parameter"><code>N</code></em>. </p> <p> -Reverse lookups - mapping addresses to names - are simplified by the +Reverse lookups — mapping addresses to names — are simplified by the <code class="option">-x</code> option. <em class="parameter"><code>addr</code></em> is an IPv4 address in dotted-decimal notation, or a colon-delimited IPv6 address. When this option is used, there is no need to provide the @@ -188,7 +194,7 @@ being used. In BIND, this is done by providing appropriate </p> </div> <div class="refsect1" lang="en"> -<a name="id2549998"></a><h2>QUERY OPTIONS</h2> +<a name="id2543816"></a><h2>QUERY OPTIONS</h2> <p> <span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -209,7 +215,7 @@ The query options are: <dt><span class="term"><code class="option">+[no]tcp</code></span></dt> <dd><p> Use [do not use] TCP when querying name servers. The default -behaviour is to use UDP unless an AXFR or IXFR query is requested, in +behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used. </p></dd> <dt><span class="term"><code class="option">+[no]vc</code></span></dt> @@ -295,7 +301,7 @@ resolve the lookup. </p></dd> <dt><span class="term"><code class="option">+[no]cmd</code></span></dt> <dd><p> -toggles the printing of the initial comment in the output identifying +Toggles the printing of the initial comment in the output identifying the version of <span><strong class="command">dig</strong></span> and the query options that have been applied. This comment is printed by default. </p></dd> @@ -319,7 +325,7 @@ print comments. <dt><span class="term"><code class="option">+[no]stats</code></span></dt> <dd><p> This query option toggles the printing of statistics: when the query -was made, the size of the reply and so on. The default behaviour is +was made, the size of the reply and so on. The default behavior is to print the query statistics. </p></dd> <dt><span class="term"><code class="option">+[no]qr</code></span></dt> @@ -355,7 +361,7 @@ Set or clear all display flags. <dd><p> Sets the timeout for a query to -<em class="parameter"><code>T</code></em> seconds. The default time out is 5 seconds. +<em class="parameter"><code>T</code></em> seconds. The default timeout is 5 seconds. An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result in a query timeout of 1 second being applied. </p></dd> @@ -402,7 +408,7 @@ of the <span><strong class="command">dig</strong></span> output. <dd><p> Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver -behaviour. +behavior. </p></dd> <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt> <dd><p> @@ -437,7 +443,7 @@ Chase DNSSEC signature chains. Requires dig be compiled with </dd> <dt><span class="term"><code class="option">+[no]topdown</code></span></dt> <dd><p> -When chasing DNSSEC signature chains perform a top down validation. +When chasing DNSSEC signature chains perform a top-down validation. Requires dig be compiled with -DDIG_SIGCHASE. </p></dd> </dl></div> @@ -446,7 +452,7 @@ Requires dig be compiled with -DDIG_SIGCHASE. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550666"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2544553"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports specifying multiple queries on the command line (in addition to @@ -487,7 +493,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550725"></a><h2>FILES</h2> +<a name="id2544612"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> @@ -496,7 +502,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550744"></a><h2>SEE ALSO</h2> +<a name="id2544631"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -505,7 +511,7 @@ will not print the initial query when it looks up the NS records for </p> </div> <div class="refsect1" lang="en"> -<a name="id2550782"></a><h2>BUGS </h2> +<a name="id2544738"></a><h2>BUGS </h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 398711d4f1cd1..f3b0d9954b969 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.221.2.19.2.36 2006/12/07 01:26:33 marka Exp $ */ +/* $Id: dighost.c,v 1.221.2.19.2.46 2008/01/17 23:45:26 tbox Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -462,6 +462,7 @@ void fatal(const char *format, ...) { va_list args; + fflush(stdout); fprintf(stderr, "%s: ", progname); va_start(args, format); vfprintf(stderr, format, args); @@ -479,6 +480,7 @@ debug(const char *format, ...) { va_list args; if (debugging) { + fflush(stdout); va_start(args, format); vfprintf(stderr, format, args); va_end(args); @@ -591,7 +593,7 @@ set_nameserver(char *opt) { opt, isc_result_totext(result)); flush_server_list(); - + for (i = 0; i < count; i++) { isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); isc_netaddr_format(&netaddr, tmp, sizeof(tmp)); @@ -723,6 +725,8 @@ make_empty_lookup(void) { looknew->section_authority = ISC_TRUE; looknew->section_additional = ISC_TRUE; looknew->new_search = ISC_FALSE; + looknew->done_as_is = ISC_FALSE; + looknew->need_search = ISC_FALSE; ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->my_server_list); @@ -794,6 +798,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->section_additional = lookold->section_additional; looknew->retries = lookold->retries; looknew->tsigctx = NULL; + looknew->need_search = lookold->need_search; + looknew->done_as_is = lookold->done_as_is; if (servers) clone_server_list(lookold->my_server_list, @@ -854,7 +860,7 @@ setup_text_key(void) { result = isc_base64_decodestring(keysecret, &secretbuf); if (result != ISC_R_SUCCESS) goto failure; - + secretsize = isc_buffer_usedlength(&secretbuf); result = dns_name_fromtext(&keyname, namebuf, @@ -964,7 +970,7 @@ setup_system(void) { domain = NULL; } } - + if (ndots == -1) { ndots = lwconf->ndots; debug("ndots is %d.", ndots); @@ -1023,7 +1029,7 @@ clear_searchlist(void) { void set_search_domain(char *domain) { dig_searchlist_t *search; - + clear_searchlist(); search = make_searchlist_entry(domain); ISC_LIST_APPEND(search_list, search, link); @@ -1209,9 +1215,7 @@ clear_query(dig_query_t *query) { */ static isc_boolean_t try_clear_lookup(dig_lookup_t *lookup) { - dig_server_t *s; dig_query_t *q; - void *ptr; REQUIRE(lookup != NULL); @@ -1232,7 +1236,16 @@ try_clear_lookup(dig_lookup_t *lookup) { * At this point, we know there are no queries on the lookup, * so can make it go away also. */ - debug("cleared"); + destroy_lookup(lookup); + return (ISC_TRUE); +} + +void +destroy_lookup(dig_lookup_t *lookup) { + dig_server_t *s; + void *ptr; + + debug("destroy"); s = ISC_LIST_HEAD(lookup->my_server_list); while (s != NULL) { debug("freeing server %p belonging to %p", s, lookup); @@ -1257,7 +1270,6 @@ try_clear_lookup(dig_lookup_t *lookup) { dst_context_destroy(&lookup->tsigctx); isc_mem_free(mctx, lookup); - return (ISC_TRUE); } /* @@ -1336,7 +1348,7 @@ start_lookup(void) { current_lookup->qrdtype_sigchase = current_lookup->qrdtype; current_lookup->qrdtype = dns_rdatatype_ns; - + current_lookup->rdclass_sigchase = current_lookup->rdclass; current_lookup->rdclass_sigchaseset @@ -1415,7 +1427,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) INSIST(!free_now); debug("following up %s", query->lookup->textname); - + for (result = dns_message_firstname(msg, section); result == ISC_R_SUCCESS; result = dns_message_nextname(msg, section)) { @@ -1450,7 +1462,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) dns_rdataset_current(rdataset, &rdata); query->lookup->nsfound++; - (void)dns_rdata_tostruct(&rdata, &ns, NULL); + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); dns_name_format(&ns.name, namestr, sizeof(namestr)); dns_rdata_freestruct(&ns); @@ -1499,6 +1512,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) static isc_boolean_t next_origin(dns_message_t *msg, dig_query_t *query) { dig_lookup_t *lookup; + dig_searchlist_t *search; UNUSED(msg); @@ -1513,13 +1527,22 @@ next_origin(dns_message_t *msg, dig_query_t *query) { * about finding the next entry. */ return (ISC_FALSE); - if (query->lookup->origin == NULL) + if (query->lookup->origin == NULL && !query->lookup->need_search) /* * Then we just did rootorg; there's nothing left. */ return (ISC_FALSE); - lookup = requeue_lookup(query->lookup, ISC_TRUE); - lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link); + if (query->lookup->origin == NULL && query->lookup->need_search) { + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } else { + search = ISC_LIST_NEXT(query->lookup->origin, link); + if (search == NULL && query->lookup->done_as_is) + return (ISC_FALSE); + lookup = requeue_lookup(query->lookup, ISC_TRUE); + lookup->origin = search; + } cancel_lookup(query->lookup); return (ISC_TRUE); } @@ -1641,11 +1664,16 @@ setup_lookup(dig_lookup_t *lookup) { * take the first entry in the searchlist iff either usesearch * is TRUE or we got a domain line in the resolv.conf file. */ - /* XXX New search here? */ - if ((count_dots(lookup->textname) >= ndots) || !usesearch) - lookup->origin = NULL; /* Force abs lookup */ - else if (lookup->origin == NULL && lookup->new_search && usesearch) - lookup->origin = ISC_LIST_HEAD(search_list); + if (lookup->new_search) { + if ((count_dots(lookup->textname) >= ndots) || !usesearch) { + lookup->origin = NULL; /* Force abs lookup */ + lookup->done_as_is = ISC_TRUE; + lookup->need_search = usesearch; + } else if (lookup->origin == NULL && usesearch) { + lookup->origin = ISC_LIST_HEAD(search_list); + lookup->need_search = ISC_FALSE; + } + } if (lookup->origin != NULL) { debug("trying origin %s", lookup->origin->origin); @@ -1891,7 +1919,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { for (b = ISC_LIST_HEAD(sevent->bufferlist); b != NULL; - b = ISC_LIST_HEAD(sevent->bufferlist)) + b = ISC_LIST_HEAD(sevent->bufferlist)) ISC_LIST_DEQUEUE(sevent->bufferlist, b, link); query = event->ev_arg; @@ -1971,7 +1999,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) { &l->interval, global_task, connect_timeout, l, &l->timer); check_result(result, "isc_timer_create"); -} +} static void connect_done(isc_task_t *task, isc_event_t *event); @@ -1993,7 +2021,7 @@ send_tcp_connect(dig_query_t *query) { query->waiting_connect = ISC_TRUE; query->lookup->current_query = query; get_address(query->servname, port, &query->sockaddr); - + if (specified_source && (isc_sockaddr_pf(&query->sockaddr) != isc_sockaddr_pf(&bind_address))) { @@ -2462,7 +2490,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, goto next_rdata; /* Now we have an SOA. Work with it. */ debug("got an SOA"); - (void)dns_rdata_tostruct(&rdata, &soa, NULL); + result = dns_rdata_tostruct(&rdata, &soa, NULL); + check_result(result, "dns_rdata_tostruct"); serial = soa.serial; dns_rdata_freestruct(&soa); if (!query->first_soa_rcvd) { @@ -2660,7 +2689,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { } } - result = dns_message_peekheader(b, &id, &msgflags); + result = dns_message_peekheader(b, &id, &msgflags); if (result != ISC_R_SUCCESS || l->sendmsg->id != id) { match = ISC_FALSE; if (l->tcp_mode) { @@ -2774,7 +2803,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { check_next_lookup(l); UNLOCK_LOOKUP; return; - } + } if (msg->rcode == dns_rcode_servfail && !l->servfail_stops) { dig_query_t *next = ISC_LIST_NEXT(query, link); if (l->current_query == query) @@ -2856,7 +2885,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { } if (!l->doing_xfr || l->xfr_q == query) { - if (msg->rcode != dns_rcode_noerror && l->origin != NULL) { + if (msg->rcode != dns_rcode_noerror && + (l->origin != NULL || l->need_search)) { if (!next_origin(msg, query)) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); @@ -2925,11 +2955,11 @@ recv_done(isc_task_t *task, isc_event_t *event) { isc_buffer_usedregion(b, &r); result = isc_buffer_allocate(mctx, &buf, r.length); - + check_result(result, "isc_buffer_allocate"); result = isc_buffer_copyregion(buf, &r); check_result(result, "isc_buffer_copyregion"); - + result = dns_message_parse(msg_temp, buf, 0); isc_buffer_free(&buf); @@ -2946,7 +2976,6 @@ recv_done(isc_task_t *task, isc_event_t *event) { chase_msg2->msg = msg; } #endif - } #ifdef DIG_SIGCHASE @@ -3210,7 +3239,7 @@ destroy_libs(void) { #endif debug("Destroy memory"); - + #endif if (memdebugging != 0) isc_mem_stats(mctx, stderr); @@ -3254,7 +3283,7 @@ dump_database_section(dns_message_t *msg, int section) dns_message_currentname(msg, section, &msg_name); for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL; - rdataset = ISC_LIST_NEXT(rdataset, link)) { + rdataset = ISC_LIST_NEXT(rdataset, link)) { dns_name_print(msg_name, stdout); printf("\n"); print_rdataset(msg_name, rdataset, mctx); @@ -3277,7 +3306,7 @@ dump_database(void) { if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY) == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_AUTHORITY); - + if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL) == ISC_R_SUCCESS) dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL); @@ -3309,7 +3338,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) { if ((siginfo.covered == covers) || (covers == dns_rdatatype_any)) { dns_rdata_reset(&sigrdata); - dns_rdata_freestruct(&siginfo); + dns_rdata_freestruct(&siginfo); return (rdataset); } dns_rdata_reset(&sigrdata); @@ -3516,7 +3545,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { isc_mem_free(mctx, tempname); return (ISC_R_FAILURE); } - + x = cp--; while (cp >= tempname && *cp == 'X') { isc_random_get(&which); @@ -3528,12 +3557,12 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { tempnamekey = isc_mem_allocate(mctx, tempnamekeylen); if (tempnamekey == NULL) return (ISC_R_NOMEMORY); - + memset(tempnamekey, 0, tempnamekeylen); strncpy(tempnamekey, tempname, tempnamelen); strcat(tempnamekey ,".key"); - + if (isc_file_exists(tempnamekey)) { isc_mem_free(mctx, tempnamekey); isc_mem_free(mctx, tempname); @@ -3554,7 +3583,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { cleanup: isc_mem_free(mctx, tempname); - + return (result); } @@ -3593,7 +3622,7 @@ get_trusted_key(isc_mem_t *mctx) filename); return (ISC_R_FAILURE); } - while (fgets(buf, 1500, fp) != NULL) { + while (fgets(buf, sizeof(buf), fp) != NULL) { result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp); if (result != ISC_R_SUCCESS) { fclose(fp); @@ -3701,9 +3730,8 @@ prepare_lookup(dns_name_t *name) dns_rdataset_current(chase_nsrdataset, &rdata); - (void)dns_rdata_tostruct(&rdata, &ns, NULL); - - + result = dns_rdata_tostruct(&rdata, &ns, NULL); + check_result(result, "dns_rdata_tostruct"); #ifdef __FOLLOW_GLUE__ @@ -3730,7 +3758,7 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } @@ -3760,7 +3788,7 @@ prepare_lookup(dns_name_t *name) srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); } @@ -3772,7 +3800,7 @@ prepare_lookup(dns_name_t *name) dns_name_print(&ns.name, stdout); printf("\n"); srv = make_server(namestr, namestr); - + ISC_LIST_APPEND(lookup->my_server_list, srv, link); #endif @@ -3919,7 +3947,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) { * return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key * and the RRset is valid * return ISC_R_NOTFOUND if not contains trusted key - or if the RRset isn't valid + or if the RRset isn't valid * return ISC_R_FAILURE if problem * */ @@ -3944,7 +3972,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(rdataset, &rdata); INSIST(rdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -3954,7 +3982,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset, if (dst_key_compare(tk_list.key[i], dnsseckey) == ISC_TRUE) { dns_rdata_reset(&rdata); - + printf(";; Ok, find a Trusted Key in the " "DNSKEY RRset: %d\n", dst_key_id(dnsseckey)); @@ -3999,7 +4027,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset, do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4095,12 +4123,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, result = dns_rdataset_first(keyrdataset); check_result(result, "empty KEY dataset"); - dns_rdata_init(&keyrdata); + dns_rdata_init(&keyrdata); do { dns_rdataset_current(keyrdataset, &keyrdata); INSIST(keyrdata.type == dns_rdatatype_dnskey); - + result = dns_dnssec_keyfromrdata(name, &keyrdata, mctx, &dnsseckey); check_result(result, "dns_dnssec_keyfromrdata"); @@ -4127,8 +4155,8 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, " new DS rdata\n"); return (result); } - - + + if (dns_rdata_compare(&dsrdata, &newdsrdata) == 0) { printf(";; OK a DS valids a DNSKEY" @@ -4136,7 +4164,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, printf(";; Now verify that this" " DNSKEY validates the " "DNSKEY RRset\n"); - + result = sigchase_verify_sig_key(name, keyrdataset, dnsseckey, @@ -4147,7 +4175,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset, dns_rdata_reset(&newdsrdata); dns_rdata_reset(&dsrdata); dst_key_free(&dnsseckey); - + return (result); } } else { @@ -4372,7 +4400,7 @@ sigchase_td(dns_message_t *msg) chase_sigrdataset = NULL; have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; - + dns_name_init(&tmp_name, NULL); result = child_of_zone(&chase_name, &chase_current_name, &tmp_name); @@ -4454,7 +4482,7 @@ sigchase_td(dns_message_t *msg) prepare_lookup(&chase_authority_name); - + have_response = ISC_FALSE; have_delegation_ns = ISC_FALSE; delegation_follow = ISC_TRUE; @@ -4769,7 +4797,7 @@ sigchase_bu(dns_message_t *msg) } printf(";; An NSEC prove the non-existence of a answers," " Now we want validate this NSEC\n"); - + dup_name(&rdata_name, &chase_name, mctx); free_name(&rdata_name, mctx); chase_rdataset = rdataset; @@ -5021,7 +5049,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset, ret = dns_rdataset_first(nsecset); check_result(ret,"dns_rdataset_first"); - + dns_rdataset_current(nsecset, &nsec); ret = dns_nsec_typepresent(&nsec, type); diff --git a/bin/dig/host.1 b/bin/dig/host.1 index 3a0432cc1d39a..2d1687a687c33 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -1,5 +1,5 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") -.\" Copyright (C) 2000-2002 Internet Software Consortium. +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.11.2.1.4.8 2006/06/29 13:02:30 marka Exp $ +.\" $Id: host.1,v 1.11.2.1.4.12 2007/05/09 03:32:36 marka Exp $ .\" .hy 0 .ad l .\" Title: host .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -130,7 +130,7 @@ makes. This should mean that the name server receiving the query will not attemp \fB\-r\fR option enables \fBhost\fR -to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. +to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. .PP By default \fBhost\fR @@ -152,7 +152,7 @@ The \fB\-t\fR option is used to select the query type. \fItype\fR -can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, +can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, \fBhost\fR automatically selects an appropriate query type. By default it looks for A records, but if the \fB\-C\fR @@ -187,4 +187,7 @@ will effectively wait forever for a reply. The time to wait for a response will \fBdig\fR(1), \fBnamed\fR(8). .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/dig/host.c b/bin/dig/host.c index 7d8ce9b80b1ae..5eb6c1bf25995 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.76.2.5.2.16 2006/05/23 04:43:47 marka Exp $ */ +/* $Id: host.c,v 1.76.2.5.2.19 2007/08/28 07:19:07 tbox Exp $ */ #include <config.h> #include <limits.h> @@ -410,8 +410,10 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { if (msg->rcode != 0) { char namestr[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, namestr, sizeof(namestr)); - printf("Host %s not found: %d(%s)\n", namestr, - msg->rcode, rcodetext[msg->rcode]); + printf("Host %s not found: %d(%s)\n", + (msg->rcode != dns_rcode_nxdomain) ? namestr : + query->lookup->textname, msg->rcode, + rcodetext[msg->rcode]); return (ISC_R_SUCCESS); } diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index 2b6e92b76d460..a399043403ba9 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.2.2.2.4.7 2005/05/13 01:22:32 marka Exp $ --> +<!-- $Id: host.docbook,v 1.2.2.2.4.12 2007/08/28 07:19:07 tbox Exp $ --> <refentry> @@ -36,12 +36,14 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> <year>2000</year> <year>2001</year> <year>2002</year> + <year>2003</year> <holder>Internet Software Consortium.</holder> </copyright> </docinfo> @@ -160,7 +162,7 @@ desired — bit in the query which <command>host</command> makes. This should mean that the name server receiving the query will not attempt to resolve <parameter>name</parameter>. The <option>-r</option> option enables <command>host</command> to mimic -the behaviour of a name server by making non-recursive queries and +the behavior of a name server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. </para> @@ -180,7 +182,7 @@ use IPv4 query transport. The <option>-6</option> option forces <para> The <option>-t</option> option is used to select the query type. -<parameter>type</parameter> can be any recognised query type: CNAME, +<parameter>type</parameter> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <command>host</command> automatically selects an appropriate query type. By default it looks for A records, but if the diff --git a/bin/dig/host.html b/bin/dig/host.html index 4c1621510441c..07c930550f454 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -1,6 +1,6 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - - Copyright (C) 2000-2002 Internet Software Consortium. + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.4.2.1.4.14 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: host.html,v 1.4.2.1.4.19 2007/05/09 03:32:36 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>host</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>host — DNS lookup utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549466"></a><h2>DESCRIPTION</h2> +<a name="id2543411"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. @@ -114,7 +114,7 @@ desired — bit in the query which <span><strong class="command">host</stron This should mean that the name server receiving the query will not attempt to resolve <em class="parameter"><code>name</code></em>. The <code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic -the behaviour of a name server by making non-recursive queries and +the behavior of a name server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers. </p> @@ -131,7 +131,7 @@ use IPv4 query transport. The <code class="option">-6</code> option forces </p> <p> The <code class="option">-t</code> option is used to select the query type. -<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME, +<em class="parameter"><code>type</code></em> can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, <span><strong class="command">host</strong></span> automatically selects an appropriate query type. By default it looks for A records, but if the @@ -155,13 +155,13 @@ value for an integer quantity. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549874"></a><h2>FILES</h2> +<a name="id2543682"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2549886"></a><h2>SEE ALSO</h2> +<a name="id2543694"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index 91dae5cf2e241..1e6ea7b8acc98 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.71.2.6.2.14 2006/12/07 01:26:33 marka Exp $ */ +/* $Id: dig.h,v 1.71.2.6.2.18 2007/08/28 07:19:07 tbox Exp $ */ #ifndef DIG_H #define DIG_H @@ -116,6 +116,8 @@ struct dig_lookup { section_additional, servfail_stops, new_search, + need_search, + done_as_is, besteffort, dnssec; #ifdef DIG_SIGCHASE @@ -282,6 +284,9 @@ void setup_lookup(dig_lookup_t *lookup); void +destroy_lookup(dig_lookup_t *lookup); + +void do_lookup(dig_lookup_t *lookup); void diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index 7b1d4d2f7f72d..4121c8d4ac0ce 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.1.6.7 2006/06/29 13:02:30 marka Exp $ +.\" $Id: nslookup.1,v 1.1.6.12 2007/05/16 06:10:54 marka Exp $ .\" .hy 0 .ad l .\" Title: nslookup .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use .SH "ARGUMENTS" .PP Interactive mode is entered in the following cases: -.TP 3n +.TP 4 1. when no arguments are given (the default name server will be used) -.TP 3n +.TP 4 2. when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server. .sp @@ -54,17 +54,22 @@ when the first argument is a hyphen (\-) and the second argument is the host nam Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server. .PP Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: -.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE +.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE .SH "INTERACTIVE COMMANDS" -.TP 3n -host [server] +.PP +\fBhost\fR [server] +.RS 4 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name. .sp To look up a host not in the current domain, append a period to the name. -.TP 3n +.RE +.PP \fBserver\fR \fIdomain\fR -.TP 3n +.RS 4 +.RE +.PP \fBlserver\fR \fIdomain\fR +.RS 4 Change the default server to \fIdomain\fR; \fBlserver\fR @@ -72,107 +77,158 @@ uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned. -.TP 3n +.RE +.PP \fBroot\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBfinger\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBls\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBview\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBhelp\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fB?\fR +.RS 4 not implemented -.TP 3n +.RE +.PP \fBexit\fR +.RS 4 Exits the program. -.TP 3n +.RE +.PP \fBset\fR \fIkeyword\fR\fI[=value]\fR +.RS 4 This command is used to change state information that affects the lookups. Valid keywords are: -.RS 3n -.TP 3n +.RS 4 +.PP \fBall\fR +.RS 4 Prints the current values of the frequently used options to \fBset\fR. Information about the current default server and host is also printed. -.TP 3n +.RE +.PP \fBclass=\fR\fIvalue\fR +.RS 4 Change the query class to one of: -.RS 3n -.TP 3n +.RS 4 +.PP \fBIN\fR +.RS 4 the Internet class -.TP 3n +.RE +.PP \fBCH\fR +.RS 4 the Chaos class -.TP 3n +.RE +.PP \fBHS\fR +.RS 4 the Hesiod class -.TP 3n +.RE +.PP \fBANY\fR +.RS 4 wildcard .RE -.IP "" 3n +.RE +.IP "" 4 The class specifies the protocol group of the information. .sp (Default = IN; abbreviation = cl) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBdebug\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RS 4 +Turn on or off the display of the full response packet and any intermediate response packets when searching. .sp (Default = nodebug; abbreviation = [no]deb) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBd2\fR -Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer. +.RS 4 +Turn debugging mode on or off. This displays more about what nslookup is doing. .sp (Default = nod2) -.TP 3n +.RE +.PP \fBdomain=\fR\fIname\fR +.RS 4 Sets the search list to \fIname\fR. -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBsearch\fR +.RS 4 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received. .sp (Default = search) -.TP 3n +.RE +.PP \fBport=\fR\fIvalue\fR +.RS 4 Change the default TCP/UDP name server port to \fIvalue\fR. .sp (Default = 53; abbreviation = po) -.TP 3n +.RE +.PP \fBquerytype=\fR\fIvalue\fR -.TP 3n +.RS 4 +.RE +.PP \fBtype=\fR\fIvalue\fR +.RS 4 Change the type of the information query. .sp (Default = A; abbreviations = q, ty) -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBrecurse\fR +.RS 4 Tell the name server to query other servers if it does not have the information. .sp (Default = recurse; abbreviation = [no]rec) -.TP 3n +.RE +.PP \fBretry=\fR\fInumber\fR +.RS 4 Set the number of retries to number. -.TP 3n +.RE +.PP \fBtimeout=\fR\fInumber\fR +.RS 4 Change the initial timeout interval for waiting for a reply to number seconds. -.TP 3n +.RE +.PP \fB\fI[no]\fR\fR\fBvc\fR +.RS 4 Always use a virtual circuit when sending requests to the server. .sp (Default = novc) .RE -.IP "" 3n +.RE +.IP "" 4 +.RE .SH "FILES" .PP \fI/etc/resolv.conf\fR @@ -185,4 +241,5 @@ Always use a virtual circuit when sending requests to the server. .PP Andrew Cherenson .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index 5ae64d0d59406..32fcdbf325f65 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.90.2.4.2.12 2006/06/09 23:50:53 marka Exp $ */ +/* $Id: nslookup.c,v 1.90.2.4.2.15 2007/08/28 07:19:07 tbox Exp $ */ #include <config.h> @@ -409,8 +409,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) { char nametext[DNS_NAME_FORMATSIZE]; dns_name_format(query->lookup->name, nametext, sizeof(nametext)); - printf("** server can't find %s: %s\n", nametext, - rcodetext[msg->rcode]); + printf("** server can't find %s: %s\n", + (msg->rcode != dns_rcode_nxdomain) ? nametext : + query->lookup->textname, rcodetext[msg->rcode]); debug("returning with rcode == 0"); return (ISC_R_SUCCESS); } diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index 741ad345a27ab..090545468651b 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -1,10 +1,10 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.docbook,v 1.3.6.7 2006/01/06 00:01:42 marka Exp $ --> +<!-- $Id: nslookup.docbook,v 1.3.6.13 2007/08/28 07:19:07 tbox Exp $ --> <!-- - Copyright (c) 1985, 1989 @@ -69,6 +69,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -141,7 +142,7 @@ nslookup -query=hinfo -timeout=10 <refsect1> <title>INTERACTIVE COMMANDS</title> <variablelist> -<varlistentry><term>host <optional>server</optional></term> +<varlistentry><term><constant>host</constant> <optional>server</optional></term> <listitem><para> Look up information for host using the current default server or using server, if specified. If host is an Internet address and @@ -221,18 +222,16 @@ the lookups. Valid keywords are: <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term> <listitem><para> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn on or off the display of the full response packet and + any intermediate response packets when searching. </para><para> (Default = nodebug; abbreviation = <optional>no</optional>deb) </para></listitem></varlistentry> <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term> <listitem><para> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn debugging mode on or off. This displays more about + what nslookup is doing. </para><para> (Default = nod2) </para></listitem></varlistentry> diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index e6801e9512d8d..a3462594048d4 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.html,v 1.1.6.12 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: nslookup.html,v 1.1.6.18 2007/05/16 06:10:54 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nslookup</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482694"></a><div class="titlepage"></div> +<a name="id2476276"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nslookup — query Internet name servers interactively</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549404"></a><h2>DESCRIPTION</h2> +<a name="id2543346"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> @@ -43,7 +43,7 @@ domain. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549421"></a><h2>ARGUMENTS</h2> +<a name="id2543363"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -75,9 +75,9 @@ nslookup -query=hinfo -timeout=10 </p> </div> <div class="refsect1" lang="en"> -<a name="id2549464"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2543405"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> -<dt><span class="term">host [<span class="optional">server</span>]</span></dt> +<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt> <dd> <p> Look up information for host using the current default server or @@ -151,9 +151,8 @@ the lookups. Valid keywords are: <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt> <dd> <p> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn on or off the display of the full response packet and + any intermediate response packets when searching. </p> <p> (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb) @@ -162,9 +161,8 @@ the lookups. Valid keywords are: <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt> <dd> <p> - Turn debugging mode on. A lot more information is - printed about the packet sent to the server and the - resulting answer. + Turn debugging mode on or off. This displays more about + what nslookup is doing. </p> <p> (Default = nod2) @@ -241,13 +239,13 @@ the lookups. Valid keywords are: </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549990"></a><h2>FILES</h2> +<a name="id2543797"></a><h2>FILES</h2> <p> <code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2550003"></a><h2>SEE ALSO</h2> +<a name="id2543810"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, @@ -255,7 +253,7 @@ the lookups. Valid keywords are: </p> </div> <div class="refsect1" lang="en"> -<a name="id2550038"></a><h2>Author</h2> +<a name="id2543845"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in index b9b7bea37c267..25437c3a0d5b5 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2000-2002 Internet Software Consortium. +# Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.19.12.12 2005/05/02 00:25:54 marka Exp $ +# $Id: Makefile.in,v 1.19.12.15 2007/08/28 07:19:07 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index 35bb0efda57ae..877ac07829094 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.19.12.10 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dnssec-keygen.8,v 1.19.12.13 2007/05/09 03:32:36 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-keygen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -37,10 +37,11 @@ dnssec\-keygen \- DNSSEC key generation tool .SH "DESCRIPTION" .PP \fBdnssec\-keygen\fR -generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. +generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. .SH "OPTIONS" -.TP 3n +.PP \-a \fIalgorithm\fR +.RS 4 Selects the cryptographic algorithm. The value of \fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive. @@ -48,38 +49,58 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. .sp Note 2: HMAC\-MD5 and DH automatically set the \-k flag. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. -.TP 3n +.RE +.PP \-n \fInametype\fR +.RS 4 Specifies the owner type of the key. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used. -.TP 3n +.RE +.PP \-e +.RS 4 If generating an RSAMD5/RSASHA1 key, use a large exponent. -.TP 3n +.RE +.PP \-f \fIflag\fR +.RS 4 Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY. -.TP 3n +.RE +.PP \-g \fIgenerator\fR +.RS 4 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR. -.TP 3n +.RE +.PP \-k +.RS 4 Generate KEY records rather than DNSKEY records. -.TP 3n +.RE +.PP \-p \fIprotocol\fR +.RS 4 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -87,17 +108,24 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIstrength\fR +.RS 4 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC. -.TP 3n +.RE +.PP \-t \fItype\fR +.RS 4 Indicates the use of the key. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. +.RE .SH "GENERATED KEYS" .PP When @@ -105,23 +133,21 @@ When completes successfully, it prints a string of the form \fIKnnnn.+aaa+iiiii\fR to the standard output. This is an identification string for the key it has generated. -.TP 3n +.TP 4 \(bu \fInnnn\fR is the key name. -.TP 3n +.TP 4 \(bu \fIaaa\fR is the numeric representation of the algorithm. -.TP 3n +.TP 4 \(bu \fIiiiii\fR is the key identifier (or footprint). -.sp -.RE .PP \fBdnssec\-keygen\fR -creates two file, with names based on the printed string. +creates two files, with names based on the printed string. \fIKnnnn.+aaa+iiiii.key\fR contains the public key, and \fIKnnnn.+aaa+iiiii.private\fR @@ -133,13 +159,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o .PP The \fI.private\fR -file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission. +file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission. .PP Both \fI.key\fR and \fI.private\fR -files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent. +files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent. .SH "EXAMPLE" .PP To generate a 768\-bit DSA key for the domain @@ -156,7 +182,7 @@ In this example, creates the files \fIKexample.com.+003+26160.key\fR and -\fIKexample.com.+003+26160.private\fR +\fIKexample.com.+003+26160.private\fR. .SH "SEE ALSO" .PP \fBdnssec\-signzone\fR(8), @@ -168,4 +194,7 @@ RFC 2539. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 7feaf7c3d977f..9e0b8c7cb965f 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -1,9 +1,9 @@ /* - * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Portions Copyright (C) 2000-2003 Internet Software Consortium. + * Portions Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.48.2.1.10.11 2004/06/11 01:17:34 marka Exp $ */ +/* $Id: dnssec-keygen.c,v 1.48.2.1.10.14 2007/08/28 07:19:07 tbox Exp $ */ #include <config.h> diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index e1eee228ee659..6ef1f090e628f 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.3.12.13 2007/08/28 07:19:07 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -76,7 +77,7 @@ <title>DESCRIPTION</title> <para> <command>dnssec-keygen</command> generates keys for DNSSEC - (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate + (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. </para> @@ -282,7 +283,7 @@ </listitem> </itemizedlist> <para> - <command>dnssec-keygen</command> creates two file, with names based + <command>dnssec-keygen</command> creates two files, with names based on the printed string. <filename>Knnnn.+aaa+iiiii.key</filename> contains the public key, and <filename>Knnnn.+aaa+iiiii.private</filename> contains the private @@ -294,13 +295,13 @@ statement). </para> <para> - The <filename>.private</filename> file contains algorithm specific + The <filename>.private</filename> file contains algorithm-specific fields. For obvious security reasons, this file does not have general read permission. </para> <para> Both <filename>.key</filename> and <filename>.private</filename> - files are generated for symmetric encryption algorithm such as + files are generated for symmetric encryption algorithms such as HMAC-MD5, even though the public and private key are equivalent. </para> </refsect1> @@ -324,7 +325,7 @@ <para> In this example, <command>dnssec-keygen</command> creates the files <filename>Kexample.com.+003+26160.key</filename> and - <filename>Kexample.com.+003+26160.private</filename> + <filename>Kexample.com.+003+26160.private</filename>. </para> </refsect1> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 7a15099bae01a..6d3cc83f5ddf4 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.15 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.19 2007/05/09 03:32:36 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-keygen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-keygen</span> — DNSSEC key generation tool</p> @@ -32,16 +32,16 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549521"></a><h2>DESCRIPTION</h2> +<a name="id2543462"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC - (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate + (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549533"></a><h2>OPTIONS</h2> +<a name="id2543475"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -144,7 +144,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549939"></a><h2>GENERATED KEYS</h2> +<a name="id2543744"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> @@ -164,7 +164,7 @@ </p></li> </ul></div> <p> - <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based + <span><strong class="command">dnssec-keygen</strong></span> creates two files, with names based on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code> contains the public key, and <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private @@ -176,18 +176,18 @@ statement). </p> <p> - The <code class="filename">.private</code> file contains algorithm specific + The <code class="filename">.private</code> file contains algorithm-specific fields. For obvious security reasons, this file does not have general read permission. </p> <p> Both <code class="filename">.key</code> and <code class="filename">.private</code> - files are generated for symmetric encryption algorithm such as + files are generated for symmetric encryption algorithms such as HMAC-MD5, even though the public and private key are equivalent. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550027"></a><h2>EXAMPLE</h2> +<a name="id2543900"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -205,11 +205,11 @@ <p> In this example, <span><strong class="command">dnssec-keygen</strong></span> creates the files <code class="filename">Kexample.com.+003+26160.key</code> and - <code class="filename">Kexample.com.+003+26160.private</code> + <code class="filename">Kexample.com.+003+26160.private</code>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550073"></a><h2>SEE ALSO</h2> +<a name="id2543946"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -219,7 +219,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550106"></a><h2>AUTHOR</h2> +<a name="id2543979"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 734eca6f80708..e1e88c8466cef 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.11 2006/06/29 13:02:30 marka Exp $ +.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.14 2007/05/09 03:32:36 marka Exp $ .\" .hy 0 .ad l .\" Title: dnssec\-signzone .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -41,51 +41,72 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version \fIkeyset\fR file for each child zone. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Verify all generated signatures. -.TP 3n +.RE +.PP \-c \fIclass\fR +.RS 4 Specifies the DNS class of the zone. -.TP 3n +.RE +.PP \-k \fIkey\fR +.RS 4 Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times. -.TP 3n +.RE +.PP \-l \fIdomain\fR +.RS 4 Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records. -.TP 3n +.RE +.PP \-d \fIdirectory\fR +.RS 4 Look for \fIkeyset\fR files in \fBdirectory\fR as the directory -.TP 3n +.RE +.PP \-g +.RS 4 Generate DS records for child zones from keyset files. Existing DS records will be removed. -.TP 3n +.RE +.PP \-s \fIstart\-time\fR +.RS 4 Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used. -.TP 3n +.RE +.PP \-e \fIend\-time\fR +.RS 4 Specify the date and time when the generated RRSIG records expire. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default. -.TP 3n +.RE +.PP \-f \fIoutput\-file\fR +.RS 4 The name of the output file containing the signed zone. The default is to append \fI.signed\fR -to the input file. -.TP 3n +to the input filename. +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR. -.TP 3n +.RE +.PP \-i \fIinterval\fR -When a previously signed zone is passed as input, records may be resigned. The +.RS 4 +When a previously\-signed zone is passed as input, records may be resigned. The \fBinterval\fR option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced. .sp @@ -96,17 +117,25 @@ or are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced. -.TP 3n +.RE +.PP \-n \fIncpus\fR +.RS 4 Specifies the number of threads to use. By default, one thread is started for each detected CPU. -.TP 3n +.RE +.PP \-o \fIorigin\fR +.RS 4 The zone origin. If not specified, the name of the zone file is assumed to be the origin. -.TP 3n +.RE +.PP \-p +.RS 4 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited. -.TP 3n +.RE +.PP \-r \fIrandomdev\fR +.RS 4 Specifies the source of randomness. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -114,42 +143,68 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-t +.RS 4 Print statistics at completion. -.TP 3n +.RE +.PP \-v \fIlevel\fR +.RS 4 Sets the debugging level. -.TP 3n +.RE +.PP \-z +.RS 4 Ignore KSK flag on key when determining what to sign. -.TP 3n +.RE +.PP zonefile +.RS 4 The file containing the zone to be signed. -.TP 3n +.RE +.PP key -The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory. +.RS 4 +Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing. +.RE .SH "EXAMPLE" .PP The following command signs the \fBexample.com\fR -zone with the DSA key generated in the +zone with the DSA key generated by \fBdnssec\-keygen\fR -man page. The zone's keys must be in the zone. If there are +(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for \fIkeyset\fR -files associated with child zones, they must be in the current directory. -\fBexample.com\fR, the following command would be issued: -.PP -\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR -.PP -The command would print a string of the form: +files, in the current directory, so that DS records can be generated from them (\fB\-g\fR). +.sp +.RS 4 +.nf +% dnssec\-signzone \-g \-o example.com db.example.com \\ +Kexample.com.+003+17247 +db.example.com.signed +% +.fi +.RE .PP -In this example, +In the above example, \fBdnssec\-signzone\fR creates the file \fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a \fInamed.conf\fR file. +.PP +This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory. +.sp +.RS 4 +.nf +% cp db.example.com.signed db.example.com +% dnssec\-signzone \-o example.com db.example.com +db.example.com.signed +% +.fi +.RE .SH "SEE ALSO" .PP \fBdnssec\-keygen\fR(8), @@ -159,4 +214,7 @@ RFC 2535. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index 4ac840df06b89..10e1133660c41 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -1,9 +1,9 @@ /* - * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003 Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -16,7 +16,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.139.2.2.4.23 2006/01/04 23:50:19 marka Exp $ */ +/* $Id: dnssec-signzone.c,v 1.139.2.2.4.29 2008/01/30 01:51:54 marka Exp $ */ #include <config.h> @@ -159,37 +159,6 @@ dumpnode(dns_name_t *name, dns_dbnode_t *node) { check_result(result, "dns_master_dumpnodetostream"); } -static void -dumpdb(dns_db_t *db) { - dns_dbiterator_t *dbiter = NULL; - dns_dbnode_t *node; - dns_fixedname_t fname; - dns_name_t *name; - isc_result_t result; - - dbiter = NULL; - result = dns_db_createiterator(db, ISC_FALSE, &dbiter); - check_result(result, "dns_db_createiterator()"); - - dns_fixedname_init(&fname); - name = dns_fixedname_name(&fname); - node = NULL; - - for (result = dns_dbiterator_first(dbiter); - result == ISC_R_SUCCESS; - result = dns_dbiterator_next(dbiter)) - { - result = dns_dbiterator_current(dbiter, &node, name); - check_result(result, "dns_dbiterator_current()"); - dumpnode(name, node); - dns_db_detachnode(db, &node); - } - if (result != ISC_R_NOMORE) - fatal("iterating database: %s", isc_result_totext(result)); - - dns_dbiterator_destroy(&dbiter); -} - static signer_key_t * newkeystruct(dst_key_t *dstkey, isc_boolean_t signwithkey) { signer_key_t *key; @@ -974,7 +943,7 @@ active_node(dns_dbnode_t *node) { fatal("rdataset iteration failed: %s", isc_result_totext(result)); } else { - /* + /* * Delete RRSIGs for types that no longer exist. */ result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2); @@ -1382,7 +1351,7 @@ loadzonekeys(dns_db_t *db) { for (i = 0; i < nkeys; i++) { signer_key_t *key; - key = newkeystruct(keys[i], ISC_TRUE); + key = newkeystruct(keys[i], dst_key_isprivate(keys[i])); ISC_LIST_APPEND(keylist, key, link); } dns_db_detachnode(db, &node); @@ -1506,7 +1475,7 @@ writeset(const char *prefix, dns_rdatatype_t type) { unsigned char dsbuf[DNS_DS_BUFFERSIZE]; unsigned char keybuf[DST_KEY_MAXSIZE]; unsigned int filenamelen; - const dns_master_style_t *style = + const dns_master_style_t *style = (type == dns_rdatatype_dnskey) ? masterstyle : dsstyle; isc_buffer_init(&namebuf, namestr, sizeof(namestr)); @@ -1692,13 +1661,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) { printf("Signatures successfully verified: %10d\n", nverified); printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed); runtime_ms = runtime_us / 1000; - printf("Runtime in seconds: %7u.%03u\n", - (unsigned int) (runtime_ms / 1000), + printf("Runtime in seconds: %7u.%03u\n", + (unsigned int) (runtime_ms / 1000), (unsigned int) (runtime_ms % 1000)); if (runtime_us > 0) { sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us; printf("Signatures per second: %7u.%03u\n", - (unsigned int) sig_ms / 1000, + (unsigned int) sig_ms / 1000, (unsigned int) sig_ms % 1000); } } @@ -1720,7 +1689,6 @@ main(int argc, char *argv[]) { isc_boolean_t free_output = ISC_FALSE; int tempfilelen; dns_rdataclass_t rdclass; - dns_db_t *udb = NULL; isc_task_t **tasks = NULL; isc_buffer_t b; int len; @@ -1776,7 +1744,7 @@ main(int argc, char *argv[]) { "positive"); break; - case 'l': + case 'l': dns_fixedname_init(&dlv_fixed); len = strlen(isc_commandline_argument); isc_buffer_init(&b, isc_commandline_argument, len); @@ -1904,7 +1872,7 @@ main(int argc, char *argv[]) { result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL, 0, 24, 0, 0, 0, 8, mctx); check_result(result, "dns_master_stylecreate"); - + gdb = NULL; TIME_NOW(&timer_start); @@ -1926,8 +1894,8 @@ main(int argc, char *argv[]) { DST_TYPE_PRIVATE, mctx, &newkey); if (result != ISC_R_SUCCESS) - fatal("cannot load dnskey %s: %s", argv[i], - isc_result_totext(result)); + fatal("cannot load dnskey %s: %s", argv[i], + isc_result_totext(result)); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -1935,7 +1903,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { if (!dst_key_isprivate(dkey)) fatal("cannot sign zone with " @@ -1964,7 +1932,7 @@ main(int argc, char *argv[]) { mctx, &newkey); if (result != ISC_R_SUCCESS) fatal("cannot load dnskey %s: %s", dskeyfile[i], - isc_result_totext(result)); + isc_result_totext(result)); key = ISC_LIST_HEAD(keylist); while (key != NULL) { @@ -1972,7 +1940,7 @@ main(int argc, char *argv[]) { if (dst_key_id(dkey) == dst_key_id(newkey) && dst_key_alg(dkey) == dst_key_alg(newkey) && dns_name_equal(dst_key_name(dkey), - dst_key_name(newkey))) + dst_key_name(newkey))) { /* Override key flags. */ key->issigningkey = ISC_TRUE; @@ -2074,11 +2042,6 @@ main(int argc, char *argv[]) { isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *)); postsign(); - if (udb != NULL) { - dumpdb(udb); - dns_db_detach(&udb); - } - result = isc_stdio_close(fp); check_result(result, "isc_stdio_close"); removefile = ISC_FALSE; diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 35f35cc7339dc..d3f9fc5c5b838 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.11 2005/06/24 00:18:15 marka Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.16 2007/08/28 07:19:07 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -188,7 +189,7 @@ <para> The name of the output file containing the signed zone. The default is to append <filename>.signed</filename> to the - input file. + input filename. </para> </listitem> </varlistentry> @@ -207,7 +208,7 @@ <term>-i <replaceable class="parameter">interval</replaceable></term> <listitem> <para> - When a previously signed zone is passed as input, records + When a previously-signed zone is passed as input, records may be resigned. The <option>interval</option> option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the @@ -315,9 +316,11 @@ <term>key</term> <listitem> <para> - The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. + Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing. </para> </listitem> </varlistentry> @@ -328,26 +331,31 @@ <refsect1> <title>EXAMPLE</title> <para> - The following command signs the <userinput>example.com</userinput> - zone with the DSA key generated in the <command>dnssec-keygen</command> - man page. The zone's keys must be in the zone. If there are - <filename>keyset</filename> files associated with child zones, - they must be in the current directory. - <userinput>example.com</userinput>, the following command would be - issued: + The following command signs the <userinput>example.com</userinput> + zone with the DSA key generated by <command>dnssec-keygen</command> + (Kexample.com.+003+17247). The zone's keys must be in the master + file (<filename>db.example.com</filename>). This invocation looks + for <filename>keyset</filename> files, in the current directory, + so that DS records can be generated from them (<command>-g</command>). </para> +<programlisting>% dnssec-signzone -g -o example.com db.example.com \ +Kexample.com.+003+17247 +db.example.com.signed +%</programlisting> <para> - <userinput>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</userinput> + In the above example, <command>dnssec-signzone</command> creates + the file <filename>db.example.com.signed</filename>. This + file should be referenced in a zone statement in a + <filename>named.conf</filename> file. </para> <para> - The command would print a string of the form: - </para> - <para> - In this example, <command>dnssec-signzone</command> creates - the file <filename>db.example.com.signed</filename>. This file - should be referenced in a zone statement in a - <filename>named.conf</filename> file. + This example re-signs a previously signed zone with default parameters. + The private keys are assumed to be in the current directory. </para> +<programlisting>% cp db.example.com.signed db.example.com +% dnssec-signzone -o example.com db.example.com +db.example.com.signed +%</programlisting> </refsect1> <refsect1> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index bd926312e8682..b3d00ce0f0563 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.16 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.20 2007/05/09 03:32:36 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>dnssec-signzone</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">dnssec-signzone</span> — DNSSEC zone signing tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549544"></a><h2>DESCRIPTION</h2> +<a name="id2543485"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549560"></a><h2>OPTIONS</h2> +<a name="id2543501"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -98,7 +98,7 @@ <dd><p> The name of the output file containing the signed zone. The default is to append <code class="filename">.signed</code> to the - input file. + input filename. </p></dd> <dt><span class="term">-h</span></dt> <dd><p> @@ -108,7 +108,7 @@ <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt> <dd> <p> - When a previously signed zone is passed as input, records + When a previously-signed zone is passed as input, records may be resigned. The <code class="option">interval</code> option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the @@ -172,38 +172,45 @@ </p></dd> <dt><span class="term">key</span></dt> <dd><p> - The keys used to sign the zone. If no keys are specified, the - default all zone keys that have private key files in the - current directory. + Specify which keys should be used to sign the zone. If + no keys are specified, then the zone will be examined + for DNSKEY records at the zone apex. If these are found and + there are matching private keys, in the current directory, + then these will be used for signing. </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2550068"></a><h2>EXAMPLE</h2> +<a name="id2543874"></a><h2>EXAMPLE</h2> <p> - The following command signs the <strong class="userinput"><code>example.com</code></strong> - zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span> - man page. The zone's keys must be in the zone. If there are - <code class="filename">keyset</code> files associated with child zones, - they must be in the current directory. - <strong class="userinput"><code>example.com</code></strong>, the following command would be - issued: + The following command signs the <strong class="userinput"><code>example.com</code></strong> + zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> + (Kexample.com.+003+17247). The zone's keys must be in the master + file (<code class="filename">db.example.com</code>). This invocation looks + for <code class="filename">keyset</code> files, in the current directory, + so that DS records can be generated from them (<span><strong class="command">-g</strong></span>). </p> +<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \ +Kexample.com.+003+17247 +db.example.com.signed +%</pre> <p> - <strong class="userinput"><code>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</code></strong> + In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates + the file <code class="filename">db.example.com.signed</code>. This + file should be referenced in a zone statement in a + <code class="filename">named.conf</code> file. </p> <p> - The command would print a string of the form: - </p> -<p> - In this example, <span><strong class="command">dnssec-signzone</strong></span> creates - the file <code class="filename">db.example.com.signed</code>. This file - should be referenced in a zone statement in a - <code class="filename">named.conf</code> file. + This example re-signs a previously signed zone with default parameters. + The private keys are assumed to be in the current directory. </p> +<pre class="programlisting">% cp db.example.com.signed db.example.com +% dnssec-signzone -o example.com db.example.com +db.example.com.signed +%</pre> </div> <div class="refsect1" lang="en"> -<a name="id2550118"></a><h2>SEE ALSO</h2> +<a name="id2543993"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -211,7 +218,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550145"></a><h2>AUTHOR</h2> +<a name="id2544020"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index 50fb93bf11d99..a2c92bcfbe27b 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 1998-2002 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 1998-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.74.12.11 2004/09/06 21:47:25 marka Exp $ +# $Id: Makefile.in,v 1.74.12.14 2007/08/28 07:19:08 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/aclconf.c b/bin/named/aclconf.c index 102a891033a49..4a6cce72fbc45 100644 --- a/bin/named/aclconf.c +++ b/bin/named/aclconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.c,v 1.27.12.7 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: aclconf.c,v 1.27.12.10 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/client.c b/bin/named/client.c index b0ce793b98eaa..6d4cc91a4e4ca 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.176.2.13.4.31 2006/07/22 01:09:38 marka Exp $ */ +/* $Id: client.c,v 1.176.2.13.4.38 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> @@ -1149,7 +1149,7 @@ client_addopt(ns_client_t *client) { rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE); /* - * No ENDS options in the default case. + * No EDNS options in the default case. */ rdata->data = NULL; rdata->length = 0; @@ -1349,6 +1349,14 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* + * Hash the incoming request here as it is after + * dns_dispatch_importrecv(). + */ + dns_dispatch_hash(&client->now, sizeof(client->now)); + dns_dispatch_hash(isc_buffer_base(buffer), + isc_buffer_usedlength(buffer)); + + /* * It's a request. Parse it. */ result = dns_message_parse(client->message, buffer, 0); @@ -1413,7 +1421,7 @@ client_request(isc_task_t *task, isc_event_t *event) { } /* - * Do we understand this version of ENDS? + * Do we understand this version of EDNS? * * XXXRTH need library support for this! */ @@ -1485,6 +1493,7 @@ client_request(isc_task_t *task, isc_event_t *event) { "failed to get request's " "destination: %s", isc_result_totext(result)); + ns_client_next(client, ISC_R_SUCCESS); goto cleanup; } } @@ -1573,21 +1582,29 @@ client_request(isc_task_t *task, isc_event_t *event) { char tsigrcode[64]; isc_buffer_t b; dns_name_t *name = NULL; + dns_rcode_t status; + isc_result_t tresult; - isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); - RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus, - &b) == ISC_R_SUCCESS); - tsigrcode[isc_buffer_usedlength(&b)] = '\0'; /* There is a signature, but it is bad. */ if (dns_message_gettsig(client->message, &name) != NULL) { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(name, namebuf, sizeof(namebuf)); + status = client->message->tsigstatus; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, "request has invalid signature: " "TSIG %s: %s (%s)", namebuf, isc_result_totext(result), tsigrcode); } else { + status = client->message->sig0status; + isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1); + tresult = dns_tsigrcode_totext(status, &b); + INSIST(tresult == ISC_R_SUCCESS); + tsigrcode[isc_buffer_usedlength(&b)] = '\0'; ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT, ISC_LOG_ERROR, "request has invalid signature: %s (%s)", diff --git a/bin/named/config.c b/bin/named/config.c index 7b5b99e6720e5..88e7bc9e34078 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,11 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.11.2.4.8.32 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: config.c,v 1.11.2.4.8.36 2007/09/13 05:18:08 each Exp $ */ #include <config.h> #include <stdlib.h> -#include <string.h> #include <isc/buffer.h> #include <isc/log.h> @@ -28,6 +27,7 @@ #include <isc/region.h> #include <isc/result.h> #include <isc/sockaddr.h> +#include <isc/string.h> #include <isc/util.h> #include <isccfg/namedconf.h> @@ -159,7 +159,7 @@ options {\n\ " "#\n\ -# Zones in the \"_bind\" view are NOT counted is the count of zones.\n\ +# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\ #\n\ view \"_bind\" chaos {\n\ recursion no;\n\ diff --git a/bin/named/control.c b/bin/named/control.c index c9d17abe02763..c4b5419f71a4f 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,15 +15,15 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.c,v 1.7.2.2.2.14 2005/04/29 01:04:47 marka Exp $ */ +/* $Id: control.c,v 1.7.2.2.2.16 2007/09/13 23:45:58 tbox Exp $ */ #include <config.h> -#include <string.h> #include <isc/app.h> #include <isc/event.h> #include <isc/mem.h> +#include <isc/string.h> #include <isc/timer.h> #include <isc/util.h> diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index b6bcc166200c0..d8a7bcf2fcf93 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2006, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.28.2.9.2.10 2006/02/28 06:32:53 marka Exp $ */ +/* $Id: controlconf.c,v 1.28.2.9.2.13 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> @@ -337,9 +337,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { listener = conn->listener; secret.rstart = NULL; - /* Is the server shutting down? */ - if (listener->controls->shuttingdown) - goto cleanup; + /* Is the server shutting down? */ + if (listener->controls->shuttingdown) + goto cleanup; if (conn->ccmsg.result != ISC_R_SUCCESS) { if (conn->ccmsg.result != ISC_R_CANCELED && @@ -356,9 +356,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { { ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); secret.rstart = isc_mem_get(listener->mctx, key->secret.length); if (secret.rstart == NULL) goto cleanup; @@ -367,7 +364,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_fromwire(&ccregion, &request, &secret); if (result == ISC_R_SUCCESS) break; - else if (result == ISCCC_R_BADAUTH) { + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + if (result == ISCCC_R_BADAUTH) { /* * For some reason, request is non-NULL when * isccc_cc_fromwire returns ISCCC_R_BADAUTH. @@ -388,7 +386,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { /* We shouldn't be getting a reply. */ if (isccc_cc_isreply(request)) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } isc_stdtime_get(&now); @@ -399,17 +397,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { _ctrl = isccc_alist_lookup(request, "_ctrl"); if (_ctrl == NULL) { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); - goto cleanup; + goto cleanup_request; } } else { log_invalid(&conn->ccmsg, ISC_R_FAILURE); - goto cleanup; + goto cleanup_request; } /* @@ -418,7 +416,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && now > exp) { log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); - goto cleanup; + goto cleanup_request; } /* @@ -428,16 +426,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_checkdup(listener->controls->symtab, request, now); if (result != ISC_R_SUCCESS) { if (result == ISC_R_EXISTS) - result = ISCCC_R_DUPLICATE; + result = ISCCC_R_DUPLICATE; log_invalid(&conn->ccmsg, result); - goto cleanup; + goto cleanup_request; } if (conn->nonce != 0 && (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || conn->nonce != nonce)) { log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); - goto cleanup; + goto cleanup_request; } /* @@ -451,7 +449,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isccc_cc_createresponse(request, now, now + 60, &response); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_request; if (eresult != ISC_R_SUCCESS) { isccc_sexpr_t *data; @@ -459,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { const char *estr = isc_result_totext(eresult); if (isccc_cc_definestring(data, "err", estr) == NULL) - goto cleanup; + goto cleanup_response; } } @@ -470,20 +468,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (data != NULL) { char *str = (char *)isc_buffer_base(&text); if (isccc_cc_definestring(data, "text", str) == NULL) - goto cleanup; + goto cleanup_response; } } _ctrl = isccc_alist_lookup(response, "_ctrl"); if (_ctrl == NULL || isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) - goto cleanup; + goto cleanup_response; ccregion.rstart = conn->buffer + 4; ccregion.rend = conn->buffer + sizeof(conn->buffer); result = isccc_cc_towire(response, &ccregion, &secret); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; isc_buffer_init(&b, conn->buffer, 4); len = sizeof(conn->buffer) - REGION_SIZE(ccregion); isc_buffer_putuint32(&b, len - 4); @@ -492,31 +490,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { result = isc_socket_send(conn->sock, &r, task, control_senddone, conn); if (result != ISC_R_SUCCESS) - goto cleanup; + goto cleanup_response; conn->sending = ISC_TRUE; - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + isccc_sexpr_free(&request); + isccc_sexpr_free(&response); return; + cleanup_response: + isccc_sexpr_free(&response); + + cleanup_request: + isccc_sexpr_free(&request); + isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); + cleanup: - if (secret.rstart != NULL) - isc_mem_put(listener->mctx, secret.rstart, - REGION_SIZE(secret)); isc_socket_detach(&conn->sock); isccc_ccmsg_invalidate(&conn->ccmsg); conn->ccmsg_valid = ISC_FALSE; maybe_free_connection(conn); maybe_free_listener(listener); - if (request != NULL) - isccc_sexpr_free(&request); - if (response != NULL) - isccc_sexpr_free(&response); } static void @@ -540,7 +534,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) { conn = isc_mem_get(listener->mctx, sizeof(*conn)); if (conn == NULL) return (ISC_R_NOMEMORY); - + conn->sock = sock; isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg); conn->ccmsg_valid = ISC_TRUE; @@ -651,7 +645,7 @@ ns_controls_shutdown(ns_controls_t *controls) { static isc_result_t cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, - const cfg_obj_t **objp) + const cfg_obj_t **objp) { const cfg_listelt_t *element; const char *str; @@ -681,7 +675,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, char *newstr = NULL; const char *str; const cfg_obj_t *obj; - controlkey_t *key = NULL; + controlkey_t *key; for (element = cfg_list_first(keylist); element != NULL; @@ -700,7 +694,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, key->secret.length = 0; ISC_LINK_INIT(key, link); ISC_LIST_APPEND(*keyids, key, link); - key = NULL; newstr = NULL; } return (ISC_R_SUCCESS); @@ -708,8 +701,6 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, cleanup: if (newstr != NULL) isc_mem_free(mctx, newstr); - if (key != NULL) - isc_mem_put(mctx, key, sizeof(*key)); free_controlkeylist(keyids, mctx); return (ISC_R_NOMEMORY); } @@ -802,7 +793,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, if (result != ISC_R_SUCCESS) \ goto cleanup; \ } while (0) - + static isc_result_t get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { isc_result_t result; @@ -822,14 +813,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { CHECK(cfg_map_get(config, "key", &key)); keyid = isc_mem_get(mctx, sizeof(*keyid)); - if (keyid == NULL) + if (keyid == NULL) CHECK(ISC_R_NOMEMORY); keyid->keyname = isc_mem_strdup(mctx, cfg_obj_asstring(cfg_map_getname(key))); keyid->secret.base = NULL; keyid->secret.length = 0; ISC_LINK_INIT(keyid, link); - if (keyid->keyname == NULL) + if (keyid->keyname == NULL) CHECK(ISC_R_NOMEMORY); CHECK(bind9_check_key(key, ns_g_lctx)); @@ -885,7 +876,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { cfg_parser_destroy(&pctx); return (result); } - + /* * Ensures that both '*global_keylistp' and '*control_keylistp' are * valid or both are NULL. @@ -939,7 +930,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp, *listenerp = NULL; return; } - + /* * There is already a listener for this sockaddr. * Update the access list and key information. @@ -1267,7 +1258,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config, isc_sockaddr_setport(&addr, NS_CONTROL_PORT); isc_sockaddr_format(&addr, socktext, sizeof(socktext)); - + update_listener(cp, &listener, NULL, NULL, &addr, NULL, socktext); diff --git a/bin/named/include/named/builtin.h b/bin/named/include/named/builtin.h index 15564bf3fb0d6..257a9aa3300d4 100644 --- a/bin/named/include/named/builtin.h +++ b/bin/named/include/named/builtin.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2001 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.h,v 1.1.204.3 2004/03/08 04:04:20 marka Exp $ */ +/* $Id: builtin.h,v 1.1.204.6 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_BUILTIN_H #define NAMED_BUILTIN_H 1 diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h index 8e5b94a7fc35a..0e9a378f17e11 100644 --- a/bin/named/include/named/config.h +++ b/bin/named/include/named/config.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2001, 2002 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h,v 1.4.12.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: config.h,v 1.4.12.9 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_CONFIG_H #define NAMED_CONFIG_H 1 diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h index 54bd91cbd4c59..96e54a31df0f1 100644 --- a/bin/named/include/named/interfacemgr.h +++ b/bin/named/include/named/interfacemgr.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.h,v 1.23.24.7 2004/04/29 01:31:22 marka Exp $ */ +/* $Id: interfacemgr.h,v 1.23.24.10 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_INTERFACEMGR_H #define NAMED_INTERFACEMGR_H 1 diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h index e8ad1ca15ff15..35b6837d78a92 100644 --- a/bin/named/include/named/log.h +++ b/bin/named/include/named/log.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.19.12.3 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: log.h,v 1.19.12.6 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_LOG_H #define NAMED_LOG_H 1 diff --git a/bin/named/include/named/main.h b/bin/named/include/named/main.h index e37b5198fd03c..9514616c2d30c 100644 --- a/bin/named/include/named/main.h +++ b/bin/named/include/named/main.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.h,v 1.8.2.2.8.4 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: main.h,v 1.8.2.2.8.7 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_MAIN_H #define NAMED_MAIN_H 1 diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 6f348d530e7cb..4c7f4e74f9dfa 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.28.2.3.8.6 2004/03/08 04:04:21 marka Exp $ */ +/* $Id: query.h,v 1.28.2.3.8.9 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 diff --git a/bin/named/include/named/zoneconf.h b/bin/named/include/named/zoneconf.h index 3e63053f38989..032bad7b36a2e 100644 --- a/bin/named/include/named/zoneconf.h +++ b/bin/named/include/named/zoneconf.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.h,v 1.16.2.2.8.3 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: zoneconf.h,v 1.16.2.2.8.6 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NS_ZONECONF_H #define NS_ZONECONF_H 1 diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index a3410567e6311..f3d1d0b88c34d 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.59.2.5.8.18 2006/07/19 00:16:28 marka Exp $ */ +/* $Id: interfacemgr.c,v 1.59.2.5.8.21 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/log.c b/bin/named/log.c index 9032af795d4f2..9f6893a0cc532 100644 --- a/bin/named/log.c +++ b/bin/named/log.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.33.2.1.10.6 2005/05/24 23:58:17 marka Exp $ */ +/* $Id: log.c,v 1.33.2.1.10.9 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/logconf.c b/bin/named/logconf.c index 1bf3b5589e23a..200c031d57a31 100644 --- a/bin/named/logconf.c +++ b/bin/named/logconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.30.2.3.10.4 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: logconf.c,v 1.30.2.3.10.7 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c index 1bd8d82875e74..724216b2ed000 100644 --- a/bin/named/lwaddr.c +++ b/bin/named/lwaddr.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.c,v 1.3.208.1 2004/03/06 10:21:18 marka Exp $ */ +/* $Id: lwaddr.c,v 1.3.208.3 2008/01/11 23:45:30 tbox Exp $ */ #include <config.h> @@ -79,7 +79,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) { } else { la->family = LWRES_ADDRTYPE_V6; la->length = 16; - memcpy(la->address, &na->type.in, 16); + memcpy(la->address, &na->type.in6, 16); } return (ISC_R_SUCCESS); } diff --git a/bin/named/lwdclient.c b/bin/named/lwdclient.c index 7975a4991e13a..a2516503762a6 100644 --- a/bin/named/lwdclient.c +++ b/bin/named/lwdclient.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdclient.c,v 1.13.12.5 2004/03/08 09:04:15 marka Exp $ */ +/* $Id: lwdclient.c,v 1.13.12.8 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/lwdgabn.c b/bin/named/lwdgabn.c index 539c25bf3d15b..f8c0f3bb5f7db 100644 --- a/bin/named/lwdgabn.c +++ b/bin/named/lwdgabn.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgabn.c,v 1.13.12.5 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: lwdgabn.c,v 1.13.12.8 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c index 21ef804ac9335..1770f3933f3b4 100644 --- a/bin/named/lwdgnba.c +++ b/bin/named/lwdgnba.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgnba.c,v 1.13.2.1.2.5 2004/03/08 04:04:19 marka Exp $ */ +/* $Id: lwdgnba.c,v 1.13.2.1.2.10 2008/01/14 23:45:30 tbox Exp $ */ #include <config.h> @@ -218,8 +218,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) { b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) goto out; - if (req->addr.address == NULL) - goto out; client->options = 0; if (req->addr.family == LWRES_ADDRTYPE_V4) { diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c index 3ad9e9e38d5ac..8c4868b1f2620 100644 --- a/bin/named/lwdgrbn.c +++ b/bin/named/lwdgrbn.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.11.208.5 2006/01/04 23:50:19 marka Exp $ */ +/* $Id: lwdgrbn.c,v 1.11.208.6 2006/12/07 04:52:50 marka Exp $ */ #include <config.h> @@ -183,8 +183,6 @@ iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node, isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens)); if (newrdatas != NULL) isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas)); - if (newlens != NULL) - isc_mem_put(mctx, newlens, used * sizeof(*oldlens)); return (result); } diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c index 30d95ee8d8e20..5708f3a9491c7 100644 --- a/bin/named/lwdnoop.c +++ b/bin/named/lwdnoop.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdnoop.c,v 1.6.208.1 2004/03/06 10:21:19 marka Exp $ */ +/* $Id: lwdnoop.c,v 1.6.208.3 2008/01/22 23:26:39 tbox Exp $ */ #include <config.h> @@ -42,7 +42,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { result = lwres_nooprequest_parse(client->clientmgr->lwctx, b, &client->pkt, &req); if (result != LWRES_R_SUCCESS) - goto out; + goto send_error; client->pkt.recvlength = LWRES_RECVLENGTH; client->pkt.authtype = 0; /* XXXMLG */ @@ -55,7 +55,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp, &client->pkt, &lwb); if (lwres != LWRES_R_SUCCESS) - goto out; + goto cleanup_req; r.base = lwb.base; r.length = lwb.used; @@ -63,7 +63,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { client->sendlength = r.length; result = ns_lwdclient_sendreply(client, &r); if (result != ISC_R_SUCCESS) - goto out; + goto cleanup_lwb; /* * We can now destroy request. @@ -74,13 +74,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) { return; - out: - if (req != NULL) - lwres_nooprequest_free(client->clientmgr->lwctx, &req); + cleanup_lwb: + lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length); - if (lwb.base != NULL) - lwres_context_freemem(client->clientmgr->lwctx, - lwb.base, lwb.length); + cleanup_req: + lwres_nooprequest_free(client->clientmgr->lwctx, &req); + send_error: ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE); } diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 1333a5d5092eb..91d0e8a791670 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.13.208.6 2006/06/29 13:02:30 marka Exp $ +.\" $Id: lwresd.8,v 1.13.208.10 2007/05/16 06:10:54 marka Exp $ .\" .hy 0 .ad l .\" Title: lwresd .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ lwresd \- lightweight resolver daemon .SH "SYNOPSIS" .HP 7 -\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] +\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR] .SH "DESCRIPTION" .PP \fBlwresd\fR @@ -60,42 +60,106 @@ entries are present, or if forwarding fails, \fBlwresd\fR resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints. .SH "OPTIONS" -.TP 3n +.PP +\-4 +.RS 4 +Use IPv4 only even if the host machine is capable of IPv6. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. +.RE +.PP +\-6 +.RS 4 +Use IPv6 only even if the host machine is capable of IPv4. +\fB\-4\fR +and +\fB\-6\fR +are mutually exclusive. +.RE +.PP +\-c \fIconfig\-file\fR +.RS 4 +Use +\fIconfig\-file\fR +as the configuration file instead of the default, +\fI/etc/lwresd.conf\fR. +<term>\-c</term> +can not be used with +<term>\-C</term>. +.RE +.PP \-C \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/resolv.conf\fR. -.TP 3n +<term>\-C</term> +can not be used with +<term>\-c</term>. +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBlwresd\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP +\-i \fIpid\-file\fR +.RS 4 +Use +\fIpid\-file\fR +as the PID file instead of the default, +\fI/var/run/lwresd.pid\fR. +.RE +.PP +\-m \fIflag\fR +.RS 4 +Turn on memory usage debugging flags. Possible flags are +\fIusage\fR, +\fItrace\fR, and +\fIrecord\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in +\fI<isc/mem.h>\fR. +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBlwresd\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-P \fIport\fR +.RS 4 Listen for lightweight resolver queries on port \fIport\fR. If not specified, the default is port 921. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Send DNS lookups to port \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -103,9 +167,11 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR +.RS 4 +\fBChroot\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. @@ -114,25 +180,34 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR +.RS 4 +\fBSetuid\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. -.TP 3n +.RE +.PP \-v +.RS 4 Report the version number and exit. +.RE .SH "FILES" -.TP 3n +.PP \fI/etc/resolv.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/lwresd.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP \fBnamed\fR(8), @@ -142,4 +217,7 @@ The default process\-id file. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index c1f500bb83002..354a4ab85d58a 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.6.208.4 2005/05/13 01:22:33 marka Exp $ --> +<!-- $Id: lwresd.docbook,v 1.6.208.9 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -52,11 +53,13 @@ <refsynopsisdiv> <cmdsynopsis> <command>lwresd</command> + <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg> <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> <arg><option>-f</option></arg> <arg><option>-g</option></arg> <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg> + <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg> <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> @@ -64,6 +67,8 @@ <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> <arg><option>-v</option></arg> + <arg><option>-4</option></arg> + <arg><option>-6</option></arg> </cmdsynopsis> </refsynopsisdiv> @@ -107,15 +112,51 @@ <title>OPTIONS</title> <variablelist> + + <varlistentry> + <term>-4</term> + <listitem> + <para> + Use IPv4 only even if the host machine is capable of IPv6. + <option>-4</option> and <option>-6</option> are mutually + exclusive. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-6</term> + <listitem> + <para> + Use IPv6 only even if the host machine is capable of IPv4. + <option>-4</option> and <option>-6</option> are mutually + exclusive. + </para> + </listitem> + </varlistentry> + + <!-- this is in source but not mentioned? does this matter? --> + <varlistentry> + <term>-c <replaceable class="parameter">config-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">config-file</replaceable> as the + configuration file instead of the default, + <filename>/etc/lwresd.conf</filename>. + <term>-c</term> can not be used with <term>-C</term>. + </para> + </listitem> + </varlistentry> + <varlistentry> <term>-C <replaceable class="parameter">config-file</replaceable></term> <listitem> <para> - Use <replaceable - class="parameter">config-file</replaceable> as the - configuration file instead of the default, - <filename>/etc/resolv.conf</filename>. - </para> + Use <replaceable class="parameter">config-file</replaceable> as the + configuration file instead of the default, + <filename>/etc/resolv.conf</filename>. + <term>-C</term> can not be used with <term>-c</term>. + </para> </listitem> </varlistentry> @@ -127,7 +168,7 @@ class="parameter">debug-level</replaceable>. Debugging traces from <command>lwresd</command> become more verbose as the debug level increases. - </para> + </para> </listitem> </varlistentry> @@ -136,7 +177,7 @@ <listitem> <para> Run the server in the foreground (i.e. do not daemonize). - </para> + </para> </listitem> </varlistentry> @@ -146,7 +187,32 @@ <para> Run the server in the foreground and force all logging to <filename>stderr</filename>. - </para> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-i <replaceable class="parameter">pid-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">pid-file</replaceable> as the + PID file instead of the default, + <filename>/var/run/lwresd.pid</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-m <replaceable class="parameter">flag</replaceable></term> + <listitem> + <para> + Turn on memory usage debugging flags. Possible flags are + <replaceable class="parameter">usage</replaceable>, + <replaceable class="parameter">trace</replaceable>, and + <replaceable class="parameter">record</replaceable>. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <filename><isc/mem.h></filename>. + </para> </listitem> </varlistentry> @@ -161,7 +227,7 @@ number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. - </para> + </para> </listitem> </varlistentry> @@ -172,7 +238,7 @@ Listen for lightweight resolver queries on port <replaceable class="parameter">port</replaceable>. If not specified, the default is port 921. - </para> + </para> </listitem> </varlistentry> @@ -186,7 +252,7 @@ way of testing the lightweight resolver daemon with a name server that listens for queries on a non-standard port number. - </para> + </para> </listitem> </varlistentry> @@ -196,7 +262,7 @@ <para> Write memory usage statistics to <filename>stdout</filename> on exit. - </para> + </para> <note> <para> This option is mainly of interest to BIND 9 developers @@ -210,17 +276,17 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - <function>chroot()</function> to <replaceable + <function>Chroot</function> to <replaceable class="parameter">directory</replaceable> after processing the command line arguments, but before reading the configuration file. - </para> + </para> <warning> <para> This option should be used in conjunction with the <option>-u</option> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <function>chroot()</function> is + systems; the way <function>chroot(2)</function> is defined allows a process with root privileges to escape a chroot jail. </para> @@ -232,11 +298,11 @@ <term>-u <replaceable class="parameter">user</replaceable></term> <listitem> <para> - <function>setuid()</function> to <replaceable + <function>Setuid</function> to <replaceable class="parameter">user</replaceable> after completing privileged operations, such as creating sockets that listen on privileged ports. - </para> + </para> </listitem> </varlistentry> @@ -245,7 +311,7 @@ <listitem> <para> Report the version number and exit. - </para> + </para> </listitem> </varlistentry> @@ -263,7 +329,7 @@ <listitem> <para> The default configuration file. - </para> + </para> </listitem> </varlistentry> @@ -272,7 +338,7 @@ <listitem> <para> The default process-id file. - </para> + </para> </listitem> </varlistentry> @@ -286,15 +352,15 @@ <citerefentry> <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> - </citerefentry>, + </citerefentry>, <citerefentry> <refentrytitle>lwres</refentrytitle> <manvolnum>3</manvolnum> - </citerefentry>, + </citerefentry>, <citerefentry> <refentrytitle>resolver</refentrytitle> <manvolnum>5</manvolnum> - </citerefentry>. + </citerefentry>. </para> </refsect1> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 6ab78242e73f5..45837e8ed4a19 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,25 +14,25 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.4.2.1.4.10 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: lwresd.html,v 1.4.2.1.4.15 2007/05/16 06:10:55 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>lwresd</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549484"></a><h2>DESCRIPTION</h2> +<a name="id2543451"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,29 +67,64 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549533"></a><h2>OPTIONS</h2> +<a name="id2543500"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> +<dt><span class="term">-4</span></dt> +<dd><p> + Use IPv4 only even if the host machine is capable of IPv6. + <code class="option">-4</code> and <code class="option">-6</code> are mutually + exclusive. + </p></dd> +<dt><span class="term">-6</span></dt> +<dd><p> + Use IPv6 only even if the host machine is capable of IPv4. + <code class="option">-4</code> and <code class="option">-6</code> are mutually + exclusive. + </p></dd> +<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>config-file</code></em> as the + configuration file instead of the default, + <code class="filename">/etc/lwresd.conf</code>. + <font color="red"><term>-c</term></font> can not be used with <font color="red"><term>-C</term></font>. + </p></dd> <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> - Use <em class="replaceable"><code>config-file</code></em> as the - configuration file instead of the default, - <code class="filename">/etc/resolv.conf</code>. - </p></dd> + Use <em class="replaceable"><code>config-file</code></em> as the + configuration file instead of the default, + <code class="filename">/etc/resolv.conf</code>. + <font color="red"><term>-C</term></font> can not be used with <font color="red"><term>-c</term></font>. + </p></dd> <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt> <dd><p> Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>. Debugging traces from <span><strong class="command">lwresd</strong></span> become more verbose as the debug level increases. - </p></dd> + </p></dd> <dt><span class="term">-f</span></dt> <dd><p> Run the server in the foreground (i.e. do not daemonize). - </p></dd> + </p></dd> <dt><span class="term">-g</span></dt> <dd><p> Run the server in the foreground and force all logging to <code class="filename">stderr</code>. - </p></dd> + </p></dd> +<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt> +<dd><p> + Use <em class="replaceable"><code>pid-file</code></em> as the + PID file instead of the default, + <code class="filename">/var/run/lwresd.pid</code>. + </p></dd> +<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt> +<dd><p> + Turn on memory usage debugging flags. Possible flags are + <em class="replaceable"><code>usage</code></em>, + <em class="replaceable"><code>trace</code></em>, and + <em class="replaceable"><code>record</code></em>. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <code class="filename"><isc/mem.h></code>. + </p></dd> <dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt> <dd><p> Create <em class="replaceable"><code>#cpus</code></em> worker threads @@ -98,13 +133,13 @@ number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. - </p></dd> + </p></dd> <dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt> <dd><p> Listen for lightweight resolver queries on port <em class="replaceable"><code>port</code></em>. If not specified, the default is port 921. - </p></dd> + </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> Send DNS lookups to port <em class="replaceable"><code>port</code></em>. If not @@ -112,13 +147,13 @@ way of testing the lightweight resolver daemon with a name server that listens for queries on a non-standard port number. - </p></dd> + </p></dd> <dt><span class="term">-s</span></dt> <dd> <p> Write memory usage statistics to <code class="filename">stdout</code> on exit. - </p> + </p> <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Note</h3> <p> @@ -130,17 +165,17 @@ <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p> - <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after + <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after processing the command line arguments, but before reading the configuration file. - </p> + </p> <div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"> <h3 class="title">Warning</h3> <p> This option should be used in conjunction with the <code class="option">-u</code> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <code class="function">chroot()</code> is + systems; the way <code class="function">chroot(2)</code> is defined allows a process with root privileges to escape a chroot jail. </p> @@ -148,31 +183,31 @@ </dd> <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd><p> - <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing + <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing privileged operations, such as creating sockets that listen on privileged ports. - </p></dd> + </p></dd> <dt><span class="term">-v</span></dt> <dd><p> Report the version number and exit. - </p></dd> + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549939"></a><h2>FILES</h2> +<a name="id2543915"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> The default configuration file. - </p></dd> + </p></dd> <dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt> <dd><p> The default process-id file. - </p></dd> + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549978"></a><h2>SEE ALSO</h2> +<a name="id2543955"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, @@ -180,7 +215,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550017"></a><h2>AUTHOR</h2> +<a name="id2543993"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/named.8 b/bin/named/named.8 index 7172393534dec..a8d49747fe685 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.17.208.9 2006/06/29 13:02:30 marka Exp $ +.\" $Id: named.8,v 1.17.208.14 2007/06/20 02:26:23 marka Exp $ .\" .hy 0 .ad l .\" Title: named .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -33,7 +33,7 @@ named \- Internet domain name server .SH "SYNOPSIS" .HP 6 -\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] +\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR] .SH "DESCRIPTION" .PP \fBnamed\fR @@ -44,22 +44,27 @@ When invoked without arguments, will read the default configuration file \fI/etc/named.conf\fR, read any initial data, and listen for queries. .SH "OPTIONS" -.TP 3n +.PP \-4 +.RS 4 Use IPv4 only even if the host machine is capable of IPv6. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP 3n +.RE +.PP \-6 +.RS 4 Use IPv6 only even if the host machine is capable of IPv4. \fB\-4\fR and \fB\-6\fR are mutually exclusive. -.TP 3n +.RE +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, @@ -68,32 +73,53 @@ as the configuration file instead of the default, option in the configuration file, \fIconfig\-file\fR should be an absolute pathname. -.TP 3n +.RE +.PP \-d \fIdebug\-level\fR +.RS 4 Set the daemon's debug level to \fIdebug\-level\fR. Debugging traces from \fBnamed\fR become more verbose as the debug level increases. -.TP 3n +.RE +.PP \-f +.RS 4 Run the server in the foreground (i.e. do not daemonize). -.TP 3n +.RE +.PP \-g +.RS 4 Run the server in the foreground and force all logging to \fIstderr\fR. -.TP 3n +.RE +.PP +\-m \fIflag\fR +.RS 4 +Turn on memory usage debugging flags. Possible flags are +\fIusage\fR, +\fItrace\fR, and +\fIrecord\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in +\fI<isc/mem.h>\fR. +.RE +.PP \-n \fI#cpus\fR +.RS 4 Create \fI#cpus\fR worker threads to take advantage of multiple CPUs. If not specified, \fBnamed\fR will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Listen for queries on port \fIport\fR. If not specified, the default is port 53. -.TP 3n +.RE +.PP \-s +.RS 4 Write memory usage statistics to \fIstdout\fR on exit. @@ -101,9 +127,11 @@ on exit. .B "Note:" This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release. .RE -.TP 3n +.RE +.PP \-t \fIdirectory\fR -\fBchroot()\fR +.RS 4 +\fBChroot\fR to \fIdirectory\fR after processing the command line arguments, but before reading the configuration file. @@ -112,12 +140,14 @@ after processing the command line arguments, but before reading the configuratio This option should be used in conjunction with the \fB\-u\fR option, as chrooting a process running as root doesn't enhance security on most systems; the way -\fBchroot()\fR +\fBchroot(2)\fR is defined allows a process with root privileges to escape a chroot jail. .RE -.TP 3n +.RE +.PP \-u \fIuser\fR -\fBsetuid()\fR +.RS 4 +\fBSetuid\fR to \fIuser\fR after completing privileged operations, such as creating sockets that listen on privileged ports. @@ -126,19 +156,23 @@ after completing privileged operations, such as creating sockets that listen on On Linux, \fBnamed\fR uses the kernel's capability mechanism to drop all root privileges except the ability to -\fBbind()\fR +\fBbind(2)\fR to a privileged port and set process resource limits. Unfortunately, this means that the \fB\-u\fR option only works when \fBnamed\fR is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after -\fBsetuid()\fR. +\fBsetuid(2)\fR. .RE -.TP 3n +.RE +.PP \-v +.RS 4 Report the version number and exit. -.TP 3n +.RE +.PP \-x \fIcache\-file\fR +.RS 4 Load data from \fIcache\-file\fR into the cache of the default view. @@ -146,17 +180,22 @@ into the cache of the default view. .B "Warning:" This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release. .RE +.RE .SH "SIGNALS" .PP In routine operation, signals should not be used to control the nameserver; \fBrndc\fR should be used instead. -.TP 3n +.PP SIGHUP +.RS 4 Force a reload of the server. -.TP 3n +.RE +.PP SIGINT, SIGTERM +.RS 4 Shut down the server. +.RE .PP The result of sending any other signals to the server is undefined. .SH "CONFIGURATION" @@ -166,17 +205,23 @@ The configuration file is too complex to describe in detail here. A complete description is provided in the BIND 9 Administrator Reference Manual. .SH "FILES" -.TP 3n +.PP \fI/etc/named.conf\fR +.RS 4 The default configuration file. -.TP 3n +.RE +.PP \fI/var/run/named.pid\fR +.RS 4 The default process\-id file. +.RE .SH "SEE ALSO" .PP RFC 1033, RFC 1034, RFC 1035, +\fBnamed\-checkconf\fR(8), +\fBnamed\-checkzone\fR(8), \fBrndc\fR(8), \fBlwresd\fR(8), \fBnamed.conf\fR(5), @@ -185,4 +230,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 1ace4da31cd1e..15a8cf723c45c 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,13 +12,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.1.4.10 2006/09/13 02:56:20 marka Exp $ +.\" $Id: named.conf.5,v 1.1.4.14 2007/06/20 02:26:23 marka Exp $ .\" .hy 0 .ad l .\" Title: \fInamed.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Aug 13, 2004 .\" Manual: BIND9 .\" Source: BIND9 @@ -46,14 +46,14 @@ C++ style: // to end of line Unix style: # to end of line .SH "ACL" .sp -.RS 3n +.RS 4 .nf acl \fIstring\fR { \fIaddress_match_element\fR; ... }; .fi .RE .SH "KEY" .sp -.RS 3n +.RS 4 .nf key \fIdomain_name\fR { algorithm \fIstring\fR; @@ -63,7 +63,7 @@ key \fIdomain_name\fR { .RE .SH "MASTERS" .sp -.RS 3n +.RS 4 .nf masters \fIstring\fR [ port \fIinteger\fR ] { ( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] | @@ -73,7 +73,7 @@ masters \fIstring\fR [ port \fIinteger\fR ] { .RE .SH "SERVER" .sp -.RS 3n +.RS 4 .nf server ( \fIipv4_address\fR | \fIipv6_address\fR ) { bogus \fIboolean\fR; @@ -93,7 +93,7 @@ server ( \fIipv4_address\fR | \fIipv6_address\fR ) { .RE .SH "TRUSTED\-KEYS" .sp -.RS 3n +.RS 4 .nf trusted\-keys { \fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... @@ -102,7 +102,7 @@ trusted\-keys { .RE .SH "CONTROLS" .sp -.RS 3n +.RS 4 .nf controls { inet ( \fIipv4_address\fR | \fIipv6_address\fR | * ) @@ -115,7 +115,7 @@ controls { .RE .SH "LOGGING" .sp -.RS 3n +.RS 4 .nf logging { channel \fIstring\fR { @@ -134,7 +134,7 @@ logging { .RE .SH "LWRES" .sp -.RS 3n +.RS 4 .nf lwres { listen\-on [ port \fIinteger\fR ] { @@ -148,7 +148,7 @@ lwres { .RE .SH "OPTIONS" .sp -.RS 3n +.RS 4 .nf options { avoid\-v4\-udp\-ports { \fIport\fR; ... }; @@ -284,7 +284,7 @@ options { .RE .SH "VIEW" .sp -.RS 3n +.RS 4 .nf view \fIstring\fR \fIoptional_class\fR { match\-clients { \fIaddress_match_element\fR; ... }; @@ -389,7 +389,7 @@ view \fIstring\fR \fIoptional_class\fR { .RE .SH "ZONE" .sp -.RS 3n +.RS 4 .nf zone \fIstring\fR \fIoptional_class\fR { type ( master | slave | stub | hint | @@ -460,7 +460,9 @@ zone \fIstring\fR \fIoptional_class\fR { .SH "SEE ALSO" .PP \fBnamed\fR(8), +\fBnamed\-checkconf\fR(8), \fBrndc\fR(8), -\fBBIND 9 Administrator Reference Manual\fR(). +BIND 9 Administrator Reference Manual .SH "COPYRIGHT" -Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index fb8a5ef61a162..ff9ae4bce1a6f 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -1,10 +1,10 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.1.4.8 2006/09/13 00:26:41 marka Exp $ --> +<!-- $Id: named.conf.docbook,v 1.1.4.13 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -522,20 +523,21 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> </para> </refsect1> -<refsect1> -<title>SEE ALSO</title> -<para> -<citerefentry> -<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> -</citerefentry>, -<citerefentry> -<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> -</citerefentry>, -<citerefentry> -<refentrytitle>BIND 9 Administrator Reference Manual</refentrytitle> -</citerefentry>. -</para> -</refsect1> + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle> + </para> + </refsect1> </refentry> <!-- diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index b43ee7f83c6e8..54f20fbf731cd 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,15 +13,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.1.4.15 2006/09/13 02:56:21 marka Exp $ --> +<!-- $Id: named.conf.html,v 1.1.4.20 2007/06/20 02:26:23 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">named.conf</code> — configuration file for named</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549388"></a><h2>DESCRIPTION</h2> +<a name="id2543330"></a><h2>DESCRIPTION</h2> <p> <code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549417"></a><h2>ACL</h2> +<a name="id2543358"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549433"></a><h2>KEY</h2> +<a name="id2543374"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549452"></a><h2>MASTERS</h2> +<a name="id2543394"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549498"></a><h2>SERVER</h2> +<a name="id2543440"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -95,7 +95,7 @@ server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="rep </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549556"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543497"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -103,7 +103,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549581"></a><h2>CONTROLS</h2> +<a name="id2543523"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -115,7 +115,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549617"></a><h2>LOGGING</h2> +<a name="id2543558"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -133,7 +133,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549655"></a><h2>LWRES</h2> +<a name="id2543596"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -146,7 +146,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549697"></a><h2>OPTIONS</h2> +<a name="id2543638"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -290,7 +290,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2550312"></a><h2>VIEW</h2> +<a name="id2544322"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -408,7 +408,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2550878"></a><h2>ZONE</h2> +<a name="id2544820"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -484,18 +484,19 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2551216"></a><h2>FILES</h2> +<a name="id2545089"></a><h2>FILES</h2> <p> <code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2551228"></a><h2>SEE ALSO</h2> +<a name="id2545101"></a><h2>SEE ALSO</h2> <p> -<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, -<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, -<span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>. -</p> + <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, + <em class="citetitle">BIND 9 Administrator Reference Manual</em> + </p> </div> </div></body> </html> diff --git a/bin/named/named.docbook b/bin/named/named.docbook index f7cae12b13575..43401d0274474 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.5.98.7 2006/01/17 23:49:30 marka Exp $ --> +<!-- $Id: named.docbook,v 1.5.98.13 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -36,6 +36,7 @@ <year>2004</year> <year>2005</year> <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -60,6 +61,7 @@ <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg> <arg><option>-f</option></arg> <arg><option>-g</option></arg> + <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg> <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg> <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> <arg><option>-s</option></arg> @@ -161,6 +163,20 @@ </varlistentry> <varlistentry> + <term>-m <replaceable class="parameter">flag</replaceable></term> + <listitem> + <para> + Turn on memory usage debugging flags. Possible flags are + <replaceable class="parameter">usage</replaceable>, + <replaceable class="parameter">trace</replaceable>, and + <replaceable class="parameter">record</replaceable>. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <filename><isc/mem.h></filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>-n <replaceable class="parameter">#cpus</replaceable></term> <listitem> <para> @@ -205,7 +221,7 @@ <term>-t <replaceable class="parameter">directory</replaceable></term> <listitem> <para> - <function>chroot()</function> to <replaceable + <function>Chroot</function> to <replaceable class="parameter">directory</replaceable> after processing the command line arguments, but before reading the configuration file. @@ -215,7 +231,7 @@ This option should be used in conjunction with the <option>-u</option> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <function>chroot()</function> is + systems; the way <function>chroot(2)</function> is defined allows a process with root privileges to escape a chroot jail. </para> @@ -227,7 +243,7 @@ <term>-u <replaceable class="parameter">user</replaceable></term> <listitem> <para> - <function>setuid()</function> to <replaceable + <function>Setuid</function> to <replaceable class="parameter">user</replaceable> after completing privileged operations, such as creating sockets that listen on privileged ports. @@ -236,13 +252,13 @@ <para> On Linux, <command>named</command> uses the kernel's capability mechanism to drop all root privileges - except the ability to <function>bind()</function> to a + except the ability to <function>bind(2)</function> to a privileged port and set process resource limits. Unfortunately, this means that the <option>-u</option> option only works when <command>named</command> is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges - to be retained after <function>setuid()</function>. + to be retained after <function>setuid(2)</function>. </para> </note> </listitem> @@ -359,6 +375,14 @@ <citetitle>RFC 1034</citetitle>, <citetitle>RFC 1035</citetitle>, <citerefentry> + <refentrytitle>named-checkconf</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named-checkzone</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>rndc</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, diff --git a/bin/named/named.html b/bin/named/named.html index 6e77e5b9c3b67..f90b087b25c32 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,25 +14,25 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.4.2.1.4.13 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: named.html,v 1.4.2.1.4.19 2007/06/20 02:26:23 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>named</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">named</span> — Internet domain name server</p> </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> +<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549491"></a><h2>DESCRIPTION</h2> +<a name="id2543441"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549516"></a><h2>OPTIONS</h2> +<a name="id2543466"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -87,6 +87,15 @@ Run the server in the foreground and force all logging to <code class="filename">stderr</code>. </p></dd> +<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt> +<dd><p> + Turn on memory usage debugging flags. Possible flags are + <em class="replaceable"><code>usage</code></em>, + <em class="replaceable"><code>trace</code></em>, and + <em class="replaceable"><code>record</code></em>. + These correspond to the ISC_MEM_DEBUGXXXX flags described in + <code class="filename"><isc/mem.h></code>. + </p></dd> <dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt> <dd><p> Create <em class="replaceable"><code>#cpus</code></em> worker threads @@ -117,7 +126,7 @@ <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt> <dd> <p> - <code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after + <code class="function">Chroot</code> to <em class="replaceable"><code>directory</code></em> after processing the command line arguments, but before reading the configuration file. </p> @@ -127,7 +136,7 @@ This option should be used in conjunction with the <code class="option">-u</code> option, as chrooting a process running as root doesn't enhance security on most - systems; the way <code class="function">chroot()</code> is + systems; the way <code class="function">chroot(2)</code> is defined allows a process with root privileges to escape a chroot jail. </p> @@ -136,7 +145,7 @@ <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt> <dd> <p> - <code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing + <code class="function">Setuid</code> to <em class="replaceable"><code>user</code></em> after completing privileged operations, such as creating sockets that listen on privileged ports. </p> @@ -145,13 +154,13 @@ <p> On Linux, <span><strong class="command">named</strong></span> uses the kernel's capability mechanism to drop all root privileges - except the ability to <code class="function">bind()</code> to a + except the ability to <code class="function">bind(2)</code> to a privileged port and set process resource limits. Unfortunately, this means that the <code class="option">-u</code> option only works when <span><strong class="command">named</strong></span> is run on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or later, since previous kernels did not allow privileges - to be retained after <code class="function">setuid()</code>. + to be retained after <code class="function">setuid(2)</code>. </p> </div> </dd> @@ -177,7 +186,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2550002"></a><h2>SIGNALS</h2> +<a name="id2543851"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -198,7 +207,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550049"></a><h2>CONFIGURATION</h2> +<a name="id2543898"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is @@ -207,7 +216,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550066"></a><h2>FILES</h2> +<a name="id2543915"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -220,11 +229,13 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2550105"></a><h2>SEE ALSO</h2> +<a name="id2543955"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, + <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, + <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwresd</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, @@ -232,7 +243,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550157"></a><h2>AUTHOR</h2> +<a name="id2544026"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/named/query.c b/bin/named/query.c index c0a76a8bdd11b..858df8cd975b6 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */ +/* $Id: query.c,v 1.198.2.13.4.53 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> @@ -479,7 +479,7 @@ ns_query_init(ns_client_t *client) { client->query.authdb = NULL; client->query.authzone = NULL; client->query.authdbset = ISC_FALSE; - client->query.isreferral = ISC_FALSE; + client->query.isreferral = ISC_FALSE; query_reset(client, ISC_FALSE); result = query_newdbversion(client, 3); if (result != ISC_R_SUCCESS) { @@ -561,13 +561,13 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) result = dns_zone_getdb(zone, &db); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) goto fail; /* * This limits our searching to the zone where the first name * (the query target) was looked for. This prevents following - * CNAMES or DNAMES into other zones and prevents returning + * CNAMES or DNAMES into other zones and prevents returning * additional data from other zones. */ if (!client->view->additionalfromauth && @@ -644,7 +644,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, ISC_LOG_DEBUG(3), "%s approved", msg); } - } else { + } else { ns_client_aclmsg("query", name, qtype, client->view->rdclass, msg, sizeof(msg)); @@ -745,7 +745,7 @@ query_getcachedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, if (check_acl) { isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0); char msg[NS_CLIENT_ACLMSGSIZE("query (cache)")]; - + result = ns_client_checkaclsilent(client, client->view->queryacl, ISC_TRUE); @@ -1192,7 +1192,7 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { * recursing to add address records, which in turn can cause * recursion to add KEYs. */ - if (type == dns_rdatatype_srv && trdataset != NULL) { + if (type == dns_rdatatype_srv && trdataset != NULL) { /* * If we're adding SRV records to the additional data * section, it's helpful if we add the SRV additional data @@ -1735,7 +1735,9 @@ query_addbestns(ns_client_t *client) { } static void -query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { +query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node, + dns_dbversion_t *version) +{ dns_name_t *rname; dns_rdataset_t *rdataset, *sigrdataset; isc_result_t result; @@ -1756,12 +1758,12 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { /* * Look for the DS record, which may or may not be present. */ - result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, 0, + result = dns_db_findrdataset(db, node, version, dns_rdatatype_ds, 0, client->now, rdataset, sigrdataset); /* * If we didn't find it, look for an NSEC. */ if (result == ISC_R_NOTFOUND) - result = dns_db_findrdataset(db, node, NULL, + result = dns_db_findrdataset(db, node, version, dns_rdatatype_nsec, 0, client->now, rdataset, sigrdataset); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) @@ -1800,7 +1802,8 @@ query_addds(ns_client_t *client, dns_db_t *db, dns_dbnode_t *node) { static void query_addwildcardproof(ns_client_t *client, dns_db_t *db, - dns_name_t *name, isc_boolean_t ispositive) + dns_dbversion_t *version, dns_name_t *name, + isc_boolean_t ispositive) { isc_buffer_t *dbuf, b; dns_name_t *fname; @@ -1881,7 +1884,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, if (fname == NULL || rdataset == NULL || sigrdataset == NULL) goto cleanup; - result = dns_db_find(db, name, NULL, dns_rdatatype_nsec, options, + result = dns_db_find(db, name, version, dns_rdatatype_nsec, options, 0, &node, fname, rdataset, sigrdataset); if (node != NULL) dns_db_detachnode(db, &node); @@ -1922,7 +1925,7 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, name = wname; goto again; } - } + } cleanup: if (rdataset != NULL) query_putrdataset(client, &rdataset); @@ -1933,8 +1936,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, } static void -query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep, - dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp) +query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, + dns_dbversion_t *version, dns_name_t **namep, + dns_rdataset_t **rdatasetp, dns_rdataset_t **sigrdatasetp) { dns_name_t *name; dns_rdataset_t *sigrdataset; @@ -1971,8 +1975,7 @@ query_addnxrrsetnsec(ns_client_t *client, dns_db_t *db, dns_name_t **namep, return; /* XXX */ - query_addwildcardproof(client, db, - client->query.qname, + query_addwildcardproof(client, db, version, client->query.qname, ISC_TRUE); /* @@ -2193,7 +2196,7 @@ static isc_result_t rdata_tonetaddr(const dns_rdata_t *rdata, isc_netaddr_t *netaddr) { struct in_addr ina; struct in6_addr in6a; - + switch (rdata->type) { case dns_rdatatype_a: INSIST(rdata->length == 4); @@ -2246,7 +2249,7 @@ setup_query_sortlist(ns_client_t *client) { isc_netaddr_t netaddr; dns_rdatasetorderfunc_t order = NULL; const void *order_arg = NULL; - + isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); switch (ns_sortlist_setup(client->view->sortlist, &netaddr, &order_arg)) { @@ -2296,11 +2299,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) { cleanup: if (nsec != NULL) - query_putrdataset(client, &nsec); - if (nsecsig != NULL) - query_putrdataset(client, &nsecsig); - if (fname != NULL) - query_releasename(client, &fname); + query_putrdataset(client, &nsec); + if (nsecsig != NULL) + query_putrdataset(client, &nsecsig); + if (fname != NULL) + query_releasename(client, &fname); } static inline void @@ -2434,7 +2437,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) goto resume; } - + /* * Not returning from recursion. */ @@ -2527,7 +2530,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) if (is_zone) authoritative = ISC_TRUE; - + if (event == NULL && client->query.restarts == 0) { if (is_zone) { dns_zone_attach(zone, &client->query.authzone); @@ -2723,7 +2726,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dbuf, DNS_SECTION_AUTHORITY); client->query.gluedb = NULL; if (WANTDNSSEC(client) && dns_db_issecure(db)) - query_addds(client, db, node); + query_addds(client, db, node, version); } else { /* * We might have a better answer or delegation @@ -2824,7 +2827,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) client->query.attributes &= ~NS_QUERYATTR_CACHEGLUEOK; if (WANTDNSSEC(client)) - query_addds(client, db, node); + query_addds(client, db, node, version); } } goto cleanup; @@ -2861,8 +2864,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ if (WANTDNSSEC(client)) { if (dns_rdataset_isassociated(rdataset)) - query_addnxrrsetnsec(client, db, &fname, - &rdataset, &sigrdataset); + query_addnxrrsetnsec(client, db, version, + &fname, &rdataset, + &sigrdataset); } goto cleanup; case DNS_R_EMPTYWILD: @@ -2907,7 +2911,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) query_addrrset(client, &fname, &rdataset, &sigrdataset, NULL, DNS_SECTION_AUTHORITY); - query_addwildcardproof(client, db, + query_addwildcardproof(client, db, version, client->query.qname, ISC_FALSE); } @@ -3212,6 +3216,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * an error unless we were searching for * glue. Ugh. */ + if (!is_zone) { + authoritative = ISC_FALSE; + dns_rdatasetiter_destroy(&rdsiter); + if (RECURSIONOK(client)) { + result = query_recurse(client, + qtype, + NULL, + NULL); + if (result == ISC_R_SUCCESS) + client->query.attributes |= + NS_QUERYATTR_RECURSING; + else + QUERY_ERROR(DNS_R_SERVFAIL); } + goto addauth; + } /* * We were searching for SIG records in * a nonsecure zone. Send a "no error, @@ -3249,6 +3268,13 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) noqname = rdataset; else noqname = NULL; + /* + * BIND 8 priming queries need the additional section. + */ + if (is_zone && qtype == dns_rdatatype_ns && + dns_name_equal(client->query.qname, dns_rootname)) + client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL; + query_addrrset(client, &fname, &rdataset, sigrdatasetp, dbuf, DNS_SECTION_ANSWER); if (noqname != NULL) @@ -3285,7 +3311,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * DNSSEC wildcard proofs. */ if (need_wildcardproof && dns_db_issecure(db)) - query_addwildcardproof(client, db, + query_addwildcardproof(client, db, version, dns_fixedname_name(&wildcardname), ISC_TRUE); cleanup: @@ -3404,6 +3430,7 @@ ns_query_start(ns_client_t *client) { dns_rdataset_t *rdataset; ns_client_t *qclient; dns_rdatatype_t qtype; + isc_boolean_t want_ad; CTRACE("ns_query_start"); @@ -3422,10 +3449,10 @@ ns_query_start(ns_client_t *client) { if ((message->flags & DNS_MESSAGEFLAG_RD) != 0) client->query.attributes |= NS_QUERYATTR_WANTRECURSION; - + if ((client->extflags & DNS_MESSAGEEXTFLAG_DO) != 0) client->attributes |= NS_CLIENTATTR_WANTDNSSEC; - + if (client->view->minimalresponses) client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY | NS_QUERYATTR_NOADDITIONAL); @@ -3537,6 +3564,15 @@ ns_query_start(ns_client_t *client) { client->query.attributes &= ~NS_QUERYATTR_SECURE; /* + * Set 'want_ad' if the client has set AD in the query. + * This allows AD to be returned on queries without DO set. + */ + if ((message->flags & DNS_MESSAGEFLAG_AD) != 0) + want_ad = ISC_TRUE; + else + want_ad = ISC_FALSE; + + /* * This is an ordinary query. */ result = dns_message_reply(message, ISC_TRUE); @@ -3555,7 +3591,7 @@ ns_query_start(ns_client_t *client) { * Set AD. We must clear it if we add non-validated data to a * response. */ - if (client->view->enablednssec) + if (WANTDNSSEC(client) || want_ad) message->flags |= DNS_MESSAGEFLAG_AD; qclient = NULL; diff --git a/bin/named/server.c b/bin/named/server.c index f29321e510601..a01e5e79cfe3a 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,11 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.339.2.15.2.70 2006/05/24 04:30:24 marka Exp $ */ +/* $Id: server.c,v 1.339.2.15.2.78 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> #include <stdlib.h> +#include <unistd.h> #include <isc/app.h> #include <isc/base64.h> @@ -290,6 +291,13 @@ configure_view_dnsseckey(const cfg_obj_t *vconfig, const cfg_obj_t *key, keystruct.datalen = r.length; keystruct.data = r.base; + if ((keystruct.algorithm == DST_ALG_RSASHA1 || + keystruct.algorithm == DST_ALG_RSAMD5) && + r.length > 1 && r.base[0] == 1 && r.base[1] == 3) + cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING, + "trusted key '%s' has a weak exponent", + keynamestr); + CHECK(dns_rdata_fromstruct(NULL, keystruct.common.rdclass, keystruct.common.rdtype, @@ -375,7 +383,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config, *target = keytable; /* Transfer ownership. */ keytable = NULL; result = ISC_R_SUCCESS; - + cleanup: return (result); } @@ -391,7 +399,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) isc_boolean_t value; isc_result_t result; isc_buffer_t b; - + dns_fixedname_init(&fixed); name = dns_fixedname_name(&fixed); for (element = cfg_list_first(mbs); @@ -409,7 +417,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver) } result = ISC_R_SUCCESS; - + cleanup: return (result); } @@ -538,7 +546,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) { return (result); obj = cfg_tuple_get(ent, "name"); - if (cfg_obj_isstring(obj)) + if (cfg_obj_isstring(obj)) str = cfg_obj_asstring(obj); else str = "*"; @@ -931,7 +939,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (lame_ttl > 1800) lame_ttl = 1800; dns_resolver_setlamettl(view->resolver, lame_ttl); - + /* * Set the resolver's EDNS UDP size. */ @@ -944,7 +952,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, if (udpsize > 4096) udpsize = 4096; dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize); - + /* * Set supported DNSSEC algorithms. */ @@ -968,7 +976,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, (void)ns_config_get(maps, "forward", &forwardtype); (void)ns_config_get(maps, "forwarders", &forwarders); if (forwarders != NULL) - CHECK(configure_forward(config, view, dns_rootname, + CHECK(configure_forward(config, view, dns_rootname, forwarders, forwardtype)); /* @@ -988,7 +996,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, /* * If we still have no hints, this is a non-IN view with no * "hints zone" configured. Issue a warning, except if this - * is a root server. Root servers never need to consult + * is a root server. Root servers never need to consult * their hints, so it's no point requiring users to configure * them. */ @@ -1111,7 +1119,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, view->transfer_format = dns_one_answer; else INSIST(0); - + /* * Set sources where additional data and CNAME/DNAME * targets for authoritative answers may be found. @@ -1179,7 +1187,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, result = ns_config_get(maps, "provide-ixfr", &obj); INSIST(result == ISC_R_SUCCESS); view->provideixfr = cfg_obj_asboolean(obj); - + obj = NULL; result = ns_config_get(maps, "dnssec-enable", &obj); INSIST(result == ISC_R_SUCCESS); @@ -1608,7 +1616,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, "name")); else vname = "<default view>"; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_ERROR, "zone '%s': wrong class for view '%s'", @@ -1968,7 +1976,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) { } ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE); - + clean: ns_listenlist_detach(&list); return; @@ -2042,7 +2050,7 @@ setstring(ns_server_t *server, char **field, const char *value) { *field = copy; return (ISC_R_SUCCESS); -} +} /* * Replace the current value of '*field', a dynamically allocated @@ -2084,7 +2092,7 @@ set_limit(const cfg_obj_t **maps, const char *configname, result = isc_resource_setlimit(resourceid, value); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, result == ISC_R_SUCCESS ? - ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, + ISC_LOG_DEBUG(3) : ISC_LOG_WARNING, "set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s", description, value, isc_result_totext(result)); } @@ -2113,7 +2121,7 @@ portlist_fromconf(dns_portlist_t *portlist, unsigned int family, element = cfg_list_next(element)) { const cfg_obj_t *obj = cfg_listelt_value(element); in_port_t port = (in_port_t)cfg_obj_asuint32(obj); - + result = dns_portlist_add(portlist, family, port); if (result != ISC_R_SUCCESS) break; @@ -2151,7 +2159,7 @@ load_configuration(const char *filename, ns_server_t *server, /* Ensure exclusive access to configuration data. */ result = isc_task_beginexclusive(server->task); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + RUNTIME_CHECK(result == ISC_R_SUCCESS); /* * Parse the global default pseudo-config file. @@ -2204,6 +2212,15 @@ load_configuration(const char *filename, ns_server_t *server, CHECK(result); /* + * Check that the working directory is writable. + */ + if (access(".", W_OK) != 0) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "the working directory is not writable"); + } + + /* * Check the validity of the configuration. */ CHECK(bind9_check_namedconf(config, ns_g_lctx, ns_g_mctx)); @@ -2664,7 +2681,7 @@ load_configuration(const char *filename, ns_server_t *server, ns_os_writepidfile(lwresd_g_defaultpidfile, first_time); else ns_os_writepidfile(ns_g_defaultpidfile, first_time); - + obj = NULL; if (options != NULL && cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS) @@ -2798,7 +2815,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) { */ CHECK(dns_zonemgr_forcemaint(server->zonemgr)); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -2826,7 +2843,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) { */ dns_zonemgr_resumexfrs(server->zonemgr); cleanup: - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -2880,7 +2897,7 @@ run_server(isc_task_t *task, isc_event_t *event) { ISC_LOG_NOTICE, "running"); } -void +void ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) { REQUIRE(NS_SERVER_VALID(server)); @@ -3012,7 +3029,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->interface_timer = NULL; server->heartbeat_timer = NULL; - + server->interface_interval = 0; server->heartbeat_interval = 0; @@ -3035,7 +3052,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { server->hostname_set = ISC_FALSE; server->hostname = NULL; - server->version_set = ISC_FALSE; + server->version_set = ISC_FALSE; server->version = NULL; server->server_usehostname = ISC_FALSE; server->server_id = NULL; @@ -3191,7 +3208,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) { result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr, ns_g_taskmgr, &dispatch->addr, 4096, 1000, 32768, 16411, 16433, - attrs, attrmask, &dispatch->dispatch); + attrs, attrmask, &dispatch->dispatch); if (result != ISC_R_SUCCESS) goto cleanup; @@ -3294,7 +3311,7 @@ next_token(char **stringp, const char *delim) { break; } while (*res == '\0'); return (res); -} +} /* * Find the zone specified in the control channel command 'args', @@ -3352,14 +3369,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) { } else { rdclass = dns_rdataclass_in; } - + if (viewtxt == NULL) viewtxt = "_default"; result = dns_viewlist_find(&server->viewlist, viewtxt, rdclass, &view); if (result != ISC_R_SUCCESS) goto fail1; - + result = dns_zt_find(view->zonetable, dns_fixedname_name(&name), 0, NULL, zonep); /* Partial match? */ @@ -3378,7 +3395,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { isc_result_t result; dns_zone_t *zone = NULL; dns_zonetype_t type; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -3391,7 +3408,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) { result = ISC_R_NOTFOUND; dns_zone_detach(&zone); return (result); -} +} /* * Act on a "reload" command from the command channel. @@ -3402,7 +3419,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { dns_zone_t *zone = NULL; dns_zonetype_t type; const char *msg = NULL; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); @@ -3414,11 +3431,12 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { type = dns_zone_gettype(zone); if (type == dns_zone_slave || type == dns_zone_stub) { dns_zone_refresh(zone); + dns_zone_detach(&zone); msg = "zone refresh queued"; } else { result = dns_zone_load(zone); dns_zone_detach(&zone); - switch (result) { + switch (result) { case ISC_R_SUCCESS: msg = "zone reload successful"; break; @@ -3440,7 +3458,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, (const unsigned char *)msg, strlen(msg) + 1); return (result); -} +} /* * Act on a "reconfig" command from the command channel. @@ -3478,17 +3496,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) { isc_buffer_putmem(text, msg1, sizeof(msg1)); return (ISC_R_SUCCESS); } - + dns_zone_detach(&zone); if (sizeof(msg2) <= isc_buffer_availablelength(text)) isc_buffer_putmem(text, msg2, sizeof(msg2)); return (ISC_R_FAILURE); -} +} isc_result_t ns_server_togglequerylog(ns_server_t *server) { server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE; - + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_INFO, "query logging is now %s", @@ -3592,15 +3610,15 @@ ns_server_dumpstats(ns_server_t *server) { CHECKMF(isc_stdio_open(server->statsfile, "a", &fp), "could not open statistics dump file", server->statsfile); - + ncounters = DNS_STATS_NCOUNTERS; fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now); - + for (i = 0; i < ncounters; i++) fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n", dns_statscounter_names[i], server->querystats[i]); - + zone = NULL; for (result = dns_zone_first(server->zonemgr, &zone); result == ISC_R_SUCCESS; @@ -3611,7 +3629,7 @@ ns_server_dumpstats(ns_server_t *server) { char zonename[DNS_NAME_FORMATSIZE]; dns_view_t *view; char *viewname; - + dns_name_format(dns_zone_getorigin(zone), zonename, sizeof(zonename)); view = dns_zone_getview(zone); @@ -3631,7 +3649,7 @@ ns_server_dumpstats(ns_server_t *server) { if (result == ISC_R_NOMORE) result = ISC_R_SUCCESS; CHECK(result); - + fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now); cleanup: @@ -3659,7 +3677,7 @@ static isc_result_t add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) { struct viewlistentry *vle; isc_result_t result = ISC_R_SUCCESS; - + /* * Prevent duplicate views. */ @@ -3722,7 +3740,7 @@ dumpdone(void *arg, isc_result_t result) { struct dumpcontext *dctx = arg; char buf[1024+32]; const dns_master_style_t *style; - + if (result != ISC_R_SUCCESS) goto cleanup; if (dctx->mdctx != NULL) @@ -3879,7 +3897,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) { dctx->dumpzones = ISC_TRUE; dctx->dumpcache = ISC_FALSE; ptr = next_token(&args, " \t"); - } + } nextview: for (view = ISC_LIST_HEAD(server->viewlist); @@ -3954,7 +3972,8 @@ isc_result_t ns_server_flushcache(ns_server_t *server, char *args) { char *ptr, *viewname; dns_view_t *view; - isc_boolean_t flushed = ISC_FALSE; + isc_boolean_t flushed; + isc_boolean_t found; isc_result_t result; /* Skip the command name. */ @@ -3967,23 +3986,28 @@ ns_server_flushcache(ns_server_t *server, char *args) { result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); + flushed = ISC_TRUE; + found = ISC_FALSE; for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { if (viewname != NULL && strcasecmp(viewname, view->name) != 0) continue; + found = ISC_TRUE; result = dns_view_flushcache(view); if (result != ISC_R_SUCCESS) - goto out; - flushed = ISC_TRUE; + flushed = ISC_FALSE; } - if (flushed) + if (flushed && found) { result = ISC_R_SUCCESS; - else - result = ISC_R_FAILURE; - out: - isc_task_endexclusive(server->task); + } else { + if (!found) + result = ISC_R_NOTFOUND; + else + result = ISC_R_FAILURE; + } + isc_task_endexclusive(server->task); return (result); } @@ -3991,7 +4015,8 @@ isc_result_t ns_server_flushname(ns_server_t *server, char *args) { char *ptr, *target, *viewname; dns_view_t *view; - isc_boolean_t flushed = ISC_FALSE; + isc_boolean_t flushed; + isc_boolean_t found; isc_result_t result; isc_buffer_t b; dns_fixedname_t fixed; @@ -4021,21 +4046,25 @@ ns_server_flushname(ns_server_t *server, char *args) { result = isc_task_beginexclusive(server->task); RUNTIME_CHECK(result == ISC_R_SUCCESS); flushed = ISC_TRUE; + found = ISC_FALSE; for (view = ISC_LIST_HEAD(server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { if (viewname != NULL && strcasecmp(viewname, view->name) != 0) continue; + found = ISC_TRUE; result = dns_view_flushname(view, name); if (result != ISC_R_SUCCESS) flushed = ISC_FALSE; } - if (flushed) + if (flushed && found) result = ISC_R_SUCCESS; + else if (!found) + result = ISC_R_NOTFOUND; else result = ISC_R_FAILURE; - isc_task_endexclusive(server->task); + isc_task_endexclusive(server->task); return (result); } @@ -4086,7 +4115,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) { char *journal; const char *vname, *sep; isc_boolean_t frozen; - + result = zone_from_args(server, args, &zone); if (result != ISC_R_SUCCESS) return (result); diff --git a/bin/named/sortlist.c b/bin/named/sortlist.c index 0feba3bbee82a..d6691c89a991e 100644 --- a/bin/named/sortlist.c +++ b/bin/named/sortlist.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 2000, 2001 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.c,v 1.5.12.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: sortlist.c,v 1.5.12.9 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c index a90438d85efe0..a9005e25bd3f0 100644 --- a/bin/named/tsigconf.c +++ b/bin/named/tsigconf.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2001 Internet Software Consortium. + * Copyright (C) 2004, 2006, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2001, 2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.21.208.6 2006/03/02 00:37:20 marka Exp $ */ +/* $Id: tsigconf.c,v 1.21.208.9 2007/08/28 07:19:08 tbox Exp $ */ #include <config.h> diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in index 60ce968865dcb..fc68927a3ba1e 100644 --- a/bin/named/unix/Makefile.in +++ b/bin/named/unix/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 1999-2001 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 1999-2001, 2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.6.12.3 2004/03/08 09:04:15 marka Exp $ +# $Id: Makefile.in,v 1.6.12.6 2007/08/28 07:19:08 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h index 03baee57ea484..1c4bec0707272 100644 --- a/bin/named/unix/include/named/os.h +++ b/bin/named/unix/include/named/os.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.14.2.2.8.9 2004/09/29 06:36:44 marka Exp $ */ +/* $Id: os.h,v 1.14.2.2.8.12 2007/08/28 07:19:08 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 361d1b63639f7..f8026660391ea 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") - * Copyright (C) 1999-2002 Internet Software Consortium. + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.46.2.4.8.24 2006/02/03 23:51:37 marka Exp $ */ +/* $Id: os.c,v 1.46.2.4.8.30 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> #include <stdarg.h> @@ -324,7 +324,7 @@ ns_os_daemonize(void) { /* * Wait for the child to finish loading for the first time. * This would be so much simpler if fork() worked once we - * were multi-threaded. + * were multi-threaded. */ (void)close(dfd[1]); do { @@ -494,15 +494,19 @@ ns_os_changeuser(void) { ns_main_earlyfatal("setuid(): %s", strbuf); } -#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) - linux_minprivs(); -#endif #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE) /* * Restore the ability of named to drop core after the setuid() * call has disabled it. */ - prctl(PR_SET_DUMPABLE,1,0,0,0); + if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) { + isc__strerror(errno, strbuf, sizeof(strbuf)); + ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s", + strbuf); + } +#endif +#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS) + linux_minprivs(); #endif } @@ -663,7 +667,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) { ptr = next_token(&input, " \t"); if (ptr == NULL) return; - + if (strcmp(ptr, "-p") != 0) return; diff --git a/bin/named/update.c b/bin/named/update.c index fa0ddb01049ac..6733d76902b1c 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.88.2.5.2.29 2006/01/06 00:01:42 marka Exp $ */ +/* $Id: update.c,v 1.88.2.5.2.35 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> @@ -112,7 +112,7 @@ } \ update_log(client, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s (%s)", _what, \ - msg, isc_result_totext(result)); \ + msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0) @@ -401,7 +401,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) { result = dns_rdataset_next(rdataset)) { rr_t rr = { 0, DNS_RDATA_INIT }; - + dns_rdataset_current(rdataset, &rr.rdata); rr.ttl = rdataset->ttl; result = (*ctx->rr_action)(ctx->rr_action_data, &rr); @@ -841,10 +841,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, /* A new unique name begins here. */ node = NULL; result = dns_db_findnode(db, name, ISC_FALSE, &node); - if (result == ISC_R_NOTFOUND) + if (result == ISC_R_NOTFOUND) { + dns_diff_clear(&trash); return (DNS_R_NXRRSET); - if (result != ISC_R_SUCCESS) + } + if (result != ISC_R_SUCCESS) { + dns_diff_clear(&trash); return (result); + } /* A new unique type begins here. */ while (t != NULL && dns_name_equal(&t->name, name)) { @@ -852,7 +856,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, dns_rdataset_t rdataset; dns_diff_t d_rrs; /* Database RRs with this name and type */ - dns_diff_t u_rrs; /* Update RRs with + dns_diff_t u_rrs; /* Update RRs with this name and type */ *typep = type = t->rdata.type; @@ -872,6 +876,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db, &rdataset, NULL); if (result != ISC_R_SUCCESS) { dns_db_detachnode(db, &node); + dns_diff_clear(&trash); return (DNS_R_NXRRSET); } @@ -1117,7 +1122,7 @@ typedef struct { static isc_result_t add_rr_prepare_action(void *data, rr_t *rr) { - isc_result_t result = ISC_R_SUCCESS; + isc_result_t result = ISC_R_SUCCESS; add_rr_prepare_ctx_t *ctx = data; dns_difftuple_t *tuple = NULL; isc_boolean_t equal; @@ -1631,6 +1636,8 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_db_detachnode(db, &node); for (i = 0; i < nkeys; i++) { + if (!dst_key_isprivate(keys[i])) + continue; /* Calculate the signature, creating a RRSIG RDATA. */ CHECK(dns_dnssec_sign(name, &rdataset, keys[i], &inception, &expire, @@ -1710,7 +1717,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node)); dns_rdataset_init(&rdataset); CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0, - (isc_stdtime_t) 0, &rdataset, NULL)); + (isc_stdtime_t) 0, &rdataset, NULL)); CHECK(dns_rdataset_first(&rdataset)); dns_rdataset_current(&rdataset, &rdata); CHECK(dns_rdata_tostruct(&rdata, &soa, NULL)); @@ -2306,7 +2313,7 @@ update_action(isc_task_t *task, isc_event_t *event) { else if (client->signer == NULL) CHECK(checkupdateacl(client, NULL, "update", zonename, ISC_FALSE)); - + if (dns_zone_getupdatedisabled(zone)) FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled"); @@ -2701,7 +2708,7 @@ update_action(isc_task_t *task, isc_event_t *event) { * The reason for failure should have been logged at this point. */ if (ver != NULL) { - update_log(client, zone, LOGLEVEL_DEBUG, + update_log(client, zone, LOGLEVEL_DEBUG, "rolling back"); dns_db_closeversion(db, &ver, ISC_FALSE); } @@ -2753,7 +2760,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) { static void forward_fail(isc_task_t *task, isc_event_t *event) { - ns_client_t *client = (ns_client_t *)event->ev_arg; + ns_client_t *client = (ns_client_t *)event->ev_arg; UNUSED(task); diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index 2652628768da8..3474f7cfa06c0 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2000-2002 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.15.12.10 2004/07/20 07:01:49 marka Exp $ +# $Id: Makefile.in,v 1.15.12.13 2007/08/28 07:19:08 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8 index 7e254e0e2eaeb..5d608e3565afd 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000-2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.8,v 1.24.2.2.2.9 2006/06/29 13:02:30 marka Exp $ +.\" $Id: nsupdate.8,v 1.24.2.2.2.13 2007/05/09 03:32:36 marka Exp $ .\" .hy 0 .ad l .\" Title: nsupdate .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Jun 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -55,7 +55,7 @@ operate in debug mode. This provides tracing information about the update reques .PP Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to \fBnsupdate\fR -and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance suitable +and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable \fBkey\fR and \fBserver\fR @@ -106,15 +106,15 @@ use a TCP connection. This may be preferable when a batch of update requests is .PP The \fB\-t\fR -option sets the maximum time a update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. +option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. .PP The \fB\-u\fR -option sets the UDP retry interval. The default is 3 seconds. If zero the interval will be computed from the timeout interval and number of UDP retries. +option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries. .PP The \fB\-r\fR -option sets the number of UDP retries. The default is 3. If zero only one update request will be made. +option sets the number of UDP retries. The default is 3. If zero, only one update request will be made. .SH "INPUT FORMAT" .PP \fBnsupdate\fR @@ -127,8 +127,9 @@ Every update request consists of zero or more prerequisites and zero or more upd command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server. .PP The command formats and their meaning are as follows: -.TP 3n -.HP 7 \fBserver\fR {servername} [port] +.PP +\fBserver\fR {servername} [port] +.RS 4 Sends all dynamic update requests to the name server \fIservername\fR. When no server statement is provided, \fBnsupdate\fR @@ -137,31 +138,39 @@ will send updates to the master server of the correct zone. The MNAME field of t is the port number on \fIservername\fR where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used. -.TP 3n -.HP 6 \fBlocal\fR {address} [port] +.RE +.PP +\fBlocal\fR {address} [port] +.RS 4 Sends all dynamic update requests using the local \fIaddress\fR. When no local statement is provided, \fBnsupdate\fR will send updates using an address and port chosen by the system. \fIport\fR can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. -.TP 3n -.HP 5 \fBzone\fR {zonename} +.RE +.PP +\fBzone\fR {zonename} +.RS 4 Specifies that all updates are to be made to the zone \fIzonename\fR. If no \fIzone\fR statement is provided, \fBnsupdate\fR will attempt determine the correct zone to update based on the rest of the input. -.TP 3n -.HP 6 \fBclass\fR {classname} +.RE +.PP +\fBclass\fR {classname} +.RS 4 Specify the default class. If no \fIclass\fR -is specified the default class is +is specified, the default class is \fIIN\fR. -.TP 3n -.HP 4 \fBkey\fR {name} {secret} -Specifies that all updates are to be TSIG signed using the +.RE +.PP +\fBkey\fR {name} {secret} +.RS 4 +Specifies that all updates are to be TSIG\-signed using the \fIkeyname\fR \fIkeysecret\fR pair. The @@ -170,17 +179,23 @@ command overrides any key specified on the command line via \fB\-y\fR or \fB\-k\fR. -.TP 3n -.HP 16 \fBprereq nxdomain\fR {domain\-name} +.RE +.PP +\fBprereq nxdomain\fR {domain\-name} +.RS 4 Requires that no resource record of any type exists with name \fIdomain\-name\fR. -.TP 3n -.HP 16 \fBprereq yxdomain\fR {domain\-name} +.RE +.PP +\fBprereq yxdomain\fR {domain\-name} +.RS 4 Requires that \fIdomain\-name\fR exists (has as at least one resource record, of any type). -.TP 3n -.HP 15 \fBprereq nxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq nxrrset\fR {domain\-name} [class] {type} +.RS 4 Requires that no resource record exists of the specified \fItype\fR, \fIclass\fR @@ -188,8 +203,10 @@ and \fIdomain\-name\fR. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} +.RS 4 This requires that a resource record of the specified \fItype\fR, \fIclass\fR @@ -198,8 +215,10 @@ and must exist. If \fIclass\fR is omitted, IN (internet) is assumed. -.TP 3n -.HP 15 \fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RE +.PP +\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...} +.RS 4 The \fIdata\fR from each set of prerequisites of this form sharing a common @@ -212,8 +231,10 @@ are combined to form a set of RRs. This set of RRs must exactly match the set of \fIdomain\-name\fR. The \fIdata\fR are written in the standard text representation of the resource record's RDATA. -.TP 3n -.HP 14 \fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RE +.PP +\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]] +.RS 4 Deletes any resource records named \fIdomain\-name\fR. If \fItype\fR @@ -224,22 +245,31 @@ is provided, only matching resource records will be removed. The internet class is not supplied. The \fIttl\fR is ignored, and is only allowed for compatibility. -.TP 3n -.HP 11 \fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RE +.PP +\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...} +.RS 4 Adds a new resource record with the specified \fIttl\fR, \fIclass\fR and \fIdata\fR. -.TP 3n -.HP 5 \fBshow\fR +.RE +.PP +\fBshow\fR +.RS 4 Displays the current message, containing all of the prerequisites and updates specified since the last send. -.TP 3n -.HP 5 \fBsend\fR +.RE +.PP +\fBsend\fR +.RS 4 Sends the current message. This is equivalent to entering a blank line. -.TP 3n -.HP 7 \fBanswer\fR +.RE +.PP +\fBanswer\fR +.RS 4 Displays the answer. +.RE .PP Lines beginning with a semicolon are comments and are ignored. .SH "EXAMPLES" @@ -251,7 +281,7 @@ could be used to insert and delete resource records from the zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for \fBexample.com\fR. .sp -.RS 3n +.RS 4 .nf # nsupdate > update delete oldhost.example.com A @@ -263,11 +293,11 @@ zone. Notice that the input in each example contains a trailing blank line so th .PP Any A records for \fBoldhost.example.com\fR -are deleted. and an A record for +are deleted. And an A record for \fBnewhost.example.com\fR -it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds). .sp -.RS 3n +.RS 4 .nf # nsupdate > prereq nxdomain nickname.example.com @@ -280,17 +310,23 @@ it IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (8640 The prerequisite condition gets the name server to check that there are no resource records of any type for \fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.) .SH "FILES" -.TP 3n +.PP \fB/etc/resolv.conf\fR +.RS 4 used to identify default name server -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.key\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). -.TP 3n +.RE +.PP \fBK{name}.+157.+{random}.private\fR +.RS 4 base\-64 encoding of HMAC\-MD5 key created by \fBdnssec\-keygen\fR(8). +.RE .SH "SEE ALSO" .PP \fBRFC2136\fR(), @@ -306,4 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by .PP The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases. .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000\-2003 Internet Software Consortium. +.br diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 107d85f980399..6c9fdc15e8fba 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000-2003 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.103.2.15.2.23 2006/06/09 07:29:24 marka Exp $ */ +/* $Id: nsupdate.c,v 1.103.2.15.2.30 2008/01/17 23:45:27 tbox Exp $ */ #include <config.h> @@ -159,6 +159,9 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); static void ddebug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); +static void +error(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); + #define STATUS_MORE (isc_uint16_t)0 #define STATUS_SEND (isc_uint16_t)1 #define STATUS_QUIT (isc_uint16_t)2 @@ -193,6 +196,16 @@ fatal(const char *format, ...) { } static void +error(const char *format, ...) { + va_list args; + + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); +} + +static void debug(const char *format, ...) { va_list args; @@ -1025,7 +1038,7 @@ evaluate_key(char *cmdline) { secret = isc_mem_allocate(mctx, secretlen); if (secret == NULL) fatal("out of memory"); - + isc_buffer_init(&secretbuf, secret, secretlen); result = isc_base64_decodestring(secretstr, &secretbuf); if (result != ISC_R_SUCCESS) { @@ -1091,8 +1104,8 @@ evaluate_class(char *cmdline) { } r.base = word; - r.length = strlen(word); - result = dns_rdataclass_fromtext(&rdclass, &r); + r.length = strlen(word); + result = dns_rdataclass_fromtext(&rdclass, &r); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not parse class name: %s\n", word); return (STATUS_SYNTAX); @@ -1276,8 +1289,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) { failure: if (name != NULL) dns_message_puttempname(updatemsg, &name); - if (rdata != NULL) - dns_message_puttemprdata(updatemsg, &rdata); + dns_message_puttemprdata(updatemsg, &rdata); return (STATUS_SYNTAX); } @@ -1311,7 +1323,7 @@ show_message(dns_message_t *msg) { ddebug("show_message()"); bufsz = INITTEXT; - do { + do { if (bufsz > MAXTEXT) { fprintf(stderr, "could not allocate large enough " "buffer to display message\n"); @@ -1396,8 +1408,11 @@ user_interaction(void) { isc_uint16_t result = STATUS_MORE; ddebug("user_interaction()"); - while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) + while ((result == STATUS_MORE) || (result == STATUS_SYNTAX)) { result = get_next_command(); + if (!interactive && result == STATUS_SYNTAX) + fatal("syntax error"); + } if (result == STATUS_SEND) return (ISC_TRUE); return (ISC_FALSE); @@ -1490,7 +1505,7 @@ update_completed(isc_task_t *task, isc_event_t *event) { char buf[64]; isc_buffer_t b; dns_rdataset_t *rds; - + isc_buffer_init(&b, buf, sizeof(buf) - 1); result = dns_rcode_totext(answer->rcode, &b); check_result(result, "dns_rcode_totext"); @@ -1506,7 +1521,7 @@ update_completed(isc_task_t *task, isc_event_t *event) { int bufsz; bufsz = INITTEXT; - do { + do { if (bufsz > MAXTEXT) { fprintf(stderr, "could not allocate large " "enough buffer to display message\n"); @@ -1605,7 +1620,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { ddebug("recvsoa()"); requests--; - + REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE); reqev = (dns_requestevent_t *)event; request = reqev->request; @@ -1643,8 +1658,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) { setzoneclass(dns_rdataclass_none); return; } - isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + isc_mem_put(mctx, reqinfo, sizeof(nsu_requestinfo_t)); + reqinfo = NULL; isc_event_free(&event); reqev = NULL; @@ -1703,12 +1719,25 @@ recvsoa(isc_task_t *task, isc_event_t *event) { rcvmsg->rcode != dns_rcode_nxdomain) fatal("response to SOA query was unsuccessful"); + if (userzone != NULL && rcvmsg->rcode == dns_rcode_nxdomain) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(userzone, namebuf, sizeof(namebuf)); + error("specified zone '%s' does not exist (NXDOMAIN)", + namebuf); + dns_message_destroy(&rcvmsg); + dns_request_destroy(&request); + dns_message_destroy(&soaquery); + ddebug("Out of recvsoa"); + done_update(); + return; + } + lookforsoa: if (pass == 0) section = DNS_SECTION_ANSWER; else if (pass == 1) section = DNS_SECTION_AUTHORITY; - else + else goto droplabel; result = dns_message_firstname(rcvmsg, section); @@ -1737,7 +1766,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { break; } } - + result = dns_message_nextname(rcvmsg, section); } @@ -1802,7 +1831,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_message_destroy(&rcvmsg); ddebug("Out of recvsoa"); return; - + droplabel: result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION); INSIST(result == ISC_R_SUCCESS); @@ -1859,15 +1888,6 @@ start_update(void) { if (answer != NULL) dns_message_destroy(&answer); - result = dns_message_firstname(updatemsg, section); - if (result == ISC_R_NOMORE) { - section = DNS_SECTION_PREREQUISITE; - result = dns_message_firstname(updatemsg, section); - } - if (result != ISC_R_SUCCESS) { - done_update(); - return; - } if (userzone != NULL && userserver != NULL) { send_update(userzone, userserver, localaddr); @@ -1879,7 +1899,8 @@ start_update(void) { &soaquery); check_result(result, "dns_message_create"); - soaquery->flags |= DNS_MESSAGEFLAG_RD; + if (userserver == NULL) + soaquery->flags |= DNS_MESSAGEFLAG_RD; result = dns_message_gettempname(soaquery, &name); check_result(result, "dns_message_gettempname"); @@ -1889,10 +1910,24 @@ start_update(void) { dns_rdataset_makequestion(rdataset, getzoneclass(), dns_rdatatype_soa); - firstname = NULL; - dns_message_currentname(updatemsg, section, &firstname); - dns_name_init(name, NULL); - dns_name_clone(firstname, name); + if (userzone != NULL) { + dns_name_init(name, NULL); + dns_name_clone(userzone, name); + } else { + result = dns_message_firstname(updatemsg, section); + if (result == ISC_R_NOMORE) { + section = DNS_SECTION_PREREQUISITE; + result = dns_message_firstname(updatemsg, section); + } + if (result != ISC_R_SUCCESS) { + done_update(); + return; + } + firstname = NULL; + dns_message_currentname(updatemsg, section, &firstname); + dns_name_init(name, NULL); + dns_name_clone(firstname, name); + } ISC_LIST_INIT(name->list); ISC_LIST_APPEND(name->list, rdataset, link); diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index 7a2b4cfb7dd75..f45ec143bbd55 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.10 2005/05/12 21:36:03 sra Exp $ --> +<!-- $Id: nsupdate.docbook,v 1.8.2.3.2.16 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -34,6 +34,8 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2006</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -111,7 +113,7 @@ HMAC-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. -For instance suitable +For instance, suitable <type>key</type> and <type>server</type> @@ -183,16 +185,16 @@ option makes use a TCP connection. This may be preferable when a batch of update requests is made. </para> -<para>The <option>-t</option> option sets the maximum time a update request can +<para>The <option>-t</option> option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. </para> <para>The <option>-u</option> option sets the UDP retry interval. The default is -3 seconds. If zero the interval will be computed from the timeout interval +3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries. </para> <para>The <option>-r</option> option sets the number of UDP retries. The default is -3. If zero only one update request will be made. +3. If zero, only one update request will be made. </para> </refsect1> @@ -225,11 +227,9 @@ name server. The command formats and their meaning are as follows: <variablelist> <varlistentry><term> -<cmdsynopsis> <command>server</command> <arg choice="req">servername</arg> <arg choice="opt">port</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -251,11 +251,9 @@ used. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>local</command> <arg choice="req">address</arg> <arg choice="opt">port</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -273,10 +271,8 @@ If no port number is specified, the system will assign one. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>zone</command> <arg choice="req">zonename</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -292,30 +288,26 @@ will attempt determine the correct zone to update based on the rest of the input </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>class</command> <arg choice="req">classname</arg> -</cmdsynopsis> </term> <listitem> <para> Specify the default class. -If no <parameter>class</parameter> is specified the default class is +If no <parameter>class</parameter> is specified, the default class is <parameter>IN</parameter>. </para> </listitem> </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>key</command> <arg choice="req">name</arg> <arg choice="req">secret</arg> -</cmdsynopsis> </term> <listitem> <para> -Specifies that all updates are to be TSIG signed using the +Specifies that all updates are to be TSIG-signed using the <parameter>keyname</parameter> <parameter>keysecret</parameter> pair. The <command>key</command> command overrides any key specified on the command line via @@ -325,10 +317,8 @@ overrides any key specified on the command line via </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq nxdomain</command> <arg choice="req">domain-name</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -340,10 +330,8 @@ Requires that no resource record of any type exists with name <varlistentry><term> -<cmdsynopsis> <command>prereq yxdomain</command> <arg choice="req">domain-name</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -355,12 +343,10 @@ exists (has as at least one resource record, of any type). </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq nxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -378,12 +364,10 @@ is omitted, IN (internet) is assumed. <varlistentry><term> -<cmdsynopsis> <command>prereq yxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -401,13 +385,11 @@ is omitted, IN (internet) is assumed. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>prereq yxrrset</command> <arg choice="req">domain-name</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> <arg choice="req" rep="repeat">data</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -435,13 +417,11 @@ RDATA. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>update delete</command> <arg choice="req">domain-name</arg> <arg choice="opt">ttl</arg> <arg choice="opt">class</arg> <arg choice="opt">type <arg choice="opt" rep="repeat">data</arg></arg> -</cmdsynopsis> </term> <listitem> <para> @@ -462,14 +442,12 @@ is ignored, and is only allowed for compatibility. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>update add</command> <arg choice="req">domain-name</arg> <arg choice="req">ttl</arg> <arg choice="opt">class</arg> <arg choice="req">type</arg> <arg choice="req" rep="repeat">data</arg> -</cmdsynopsis> </term> <listitem> <para> @@ -483,9 +461,7 @@ and </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>show</command> -</cmdsynopsis> </term> <listitem> <para> @@ -496,9 +472,7 @@ updates specified since the last send. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>send</command> -</cmdsynopsis> </term> <listitem> <para> @@ -508,9 +482,7 @@ Sends the current message. This is equivalent to entering a blank line. </varlistentry> <varlistentry><term> -<cmdsynopsis> <command>answer</command> -</cmdsynopsis> </term> <listitem> <para> @@ -552,10 +524,10 @@ master name server for Any A records for <type>oldhost.example.com</type> are deleted. -and an A record for +And an A record for <type>newhost.example.com</type> -it IP address 172.16.1.1 is added. -The newly-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. +The newly-added record has a 1 day TTL (86400 seconds). <programlisting> # nsupdate > prereq nxdomain nickname.example.com diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index 4df8280ce8634..009942d11b4e2 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000-2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.9.2.3.2.15 2006/06/29 13:02:30 marka Exp $ --> +<!-- $Id: nsupdate.html,v 1.9.2.3.2.20 2007/05/09 03:32:36 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>nsupdate</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nsupdate — Dynamic DNS update utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549461"></a><h2>DESCRIPTION</h2> +<a name="id2543405"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC2136 @@ -77,7 +77,7 @@ HMAC-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. -For instance suitable +For instance, suitable <span class="type">key</span> and <span class="type">server</span> @@ -147,20 +147,20 @@ option makes use a TCP connection. This may be preferable when a batch of update requests is made. </p> -<p>The <code class="option">-t</code> option sets the maximum time a update request can +<p>The <code class="option">-t</code> option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout. </p> <p>The <code class="option">-u</code> option sets the UDP retry interval. The default is -3 seconds. If zero the interval will be computed from the timeout interval +3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries. </p> <p>The <code class="option">-r</code> option sets the number of UDP retries. The default is -3. If zero only one update request will be made. +3. If zero, only one update request will be made. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549686"></a><h2>INPUT FORMAT</h2> +<a name="id2543562"></a><h2>INPUT FORMAT</h2> <p> <span><strong class="command">nsupdate</strong></span> reads input from @@ -189,7 +189,9 @@ The command formats and their meaning are as follows: </p> <div class="variablelist"><dl> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">server</code> {servername} [port]</p></div> +<span><strong class="command">server</strong></span> + {servername} + [port] </span></dt> <dd><p> Sends all dynamic update requests to the name server @@ -207,7 +209,9 @@ If no port number is specified, the default DNS port number of 53 is used. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">local</code> {address} [port]</p></div> +<span><strong class="command">local</strong></span> + {address} + [port] </span></dt> <dd><p> Sends all dynamic update requests using the local @@ -221,7 +225,8 @@ can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">zone</code> {zonename}</p></div> +<span><strong class="command">zone</strong></span> + {zonename} </span></dt> <dd><p> Specifies that all updates are to be made to the zone @@ -233,32 +238,37 @@ statement is provided, will attempt determine the correct zone to update based on the rest of the input. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">class</code> {classname}</p></div> +<span><strong class="command">class</strong></span> + {classname} </span></dt> <dd><p> Specify the default class. -If no <em class="parameter"><code>class</code></em> is specified the default class is +If no <em class="parameter"><code>class</code></em> is specified, the default class is <em class="parameter"><code>IN</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">key</code> {name} {secret}</p></div> +<span><strong class="command">key</strong></span> + {name} + {secret} </span></dt> <dd><p> -Specifies that all updates are to be TSIG signed using the +Specifies that all updates are to be TSIG-signed using the <em class="parameter"><code>keyname</code></em> <em class="parameter"><code>keysecret</code></em> pair. The <span><strong class="command">key</strong></span> command overrides any key specified on the command line via <code class="option">-y</code> or <code class="option">-k</code>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq nxdomain</code> {domain-name}</p></div> +<span><strong class="command">prereq nxdomain</strong></span> + {domain-name} </span></dt> <dd><p> Requires that no resource record of any type exists with name <em class="parameter"><code>domain-name</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxdomain</code> {domain-name}</p></div> +<span><strong class="command">prereq yxdomain</strong></span> + {domain-name} </span></dt> <dd><p> Requires that @@ -266,7 +276,10 @@ Requires that exists (has as at least one resource record, of any type). </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq nxrrset</code> {domain-name} [class] {type}</p></div> +<span><strong class="command">prereq nxrrset</strong></span> + {domain-name} + [class] + {type} </span></dt> <dd><p> Requires that no resource record exists of the specified @@ -279,7 +292,10 @@ If is omitted, IN (internet) is assumed. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type}</p></div> +<span><strong class="command">prereq yxrrset</strong></span> + {domain-name} + [class] + {type} </span></dt> <dd><p> This requires that a resource record of the specified @@ -293,7 +309,11 @@ If is omitted, IN (internet) is assumed. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">prereq yxrrset</code> {domain-name} [class] {type} {data...}</p></div> +<span><strong class="command">prereq yxrrset</strong></span> + {domain-name} + [class] + {type} + {data...} </span></dt> <dd><p> The @@ -317,7 +337,11 @@ are written in the standard text representation of the resource record's RDATA. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">update delete</code> {domain-name} [ttl] [class] [type [data...]]</p></div> +<span><strong class="command">update delete</strong></span> + {domain-name} + [ttl] + [class] + [type [data...]] </span></dt> <dd><p> Deletes any resource records named @@ -334,7 +358,12 @@ is not supplied. The is ignored, and is only allowed for compatibility. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">update add</code> {domain-name} {ttl} [class] {type} {data...}</p></div> +<span><strong class="command">update add</strong></span> + {domain-name} + {ttl} + [class] + {type} + {data...} </span></dt> <dd><p> Adds a new resource record with the specified @@ -344,20 +373,20 @@ and <em class="parameter"><code>data</code></em>. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">show</code> </p></div> +<span><strong class="command">show</strong></span> </span></dt> <dd><p> Displays the current message, containing all of the prerequisites and updates specified since the last send. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">send</code> </p></div> +<span><strong class="command">send</strong></span> </span></dt> <dd><p> Sends the current message. This is equivalent to entering a blank line. </p></dd> <dt><span class="term"> -<div class="cmdsynopsis"><p><code class="command">answer</code> </p></div> +<span><strong class="command">answer</strong></span> </span></dt> <dd><p> Displays the answer. @@ -370,7 +399,7 @@ Lines beginning with a semicolon are comments and are ignored. </p> </div> <div class="refsect1" lang="en"> -<a name="id2550382"></a><h2>EXAMPLES</h2> +<a name="id2544279"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -395,10 +424,10 @@ master name server for Any A records for <span class="type">oldhost.example.com</span> are deleted. -and an A record for +And an A record for <span class="type">newhost.example.com</span> -it IP address 172.16.1.1 is added. -The newly-added record has a 1 day TTL (86400 seconds) +with IP address 172.16.1.1 is added. +The newly-added record has a 1 day TTL (86400 seconds). </p> <pre class="programlisting"> # nsupdate @@ -423,7 +452,7 @@ RRSIG, DNSKEY and NSEC records.) </p> </div> <div class="refsect1" lang="en"> -<a name="id2550426"></a><h2>FILES</h2> +<a name="id2544323"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -442,7 +471,7 @@ base-64 encoding of HMAC-MD5 key created by </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549061"></a><h2>SEE ALSO</h2> +<a name="id2544459"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>, <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>, @@ -456,7 +485,7 @@ base-64 encoding of HMAC-MD5 key created by </p> </div> <div class="refsect1" lang="en"> -<a name="id2549132"></a><h2>BUGS</h2> +<a name="id2544531"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in index e6773151126b8..ffa0e8fb508da 100644 --- a/bin/rndc/Makefile.in +++ b/bin/rndc/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2000-2002 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.32.2.3.8.8 2004/07/20 07:01:50 marka Exp $ +# $Id: Makefile.in,v 1.32.2.3.8.12 2007/08/28 07:19:08 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -47,6 +47,8 @@ RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${I CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} +SRCS= rndc.c rndc-confgen.c + SUBDIRS = unix TARGETS = rndc@EXEEXT@ rndc-confgen@EXEEXT@ diff --git a/bin/rndc/rndc-confgen.8 b/bin/rndc/rndc-confgen.8 index c6a421879b4be..fc69c3f0b0376 100644 --- a/bin/rndc/rndc-confgen.8 +++ b/bin/rndc/rndc-confgen.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2001, 2003 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.3.2.5.2.8 2006/06/29 13:02:31 marka Exp $ +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.10 2007/01/30 00:11:48 marka Exp $ .\" .hy 0 .ad l .\" Title: rndc\-confgen .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: Aug 27, 2001 .\" Manual: BIND9 .\" Source: BIND9 @@ -56,8 +56,9 @@ file and a \fBcontrols\fR statement altogether. .SH "OPTIONS" -.TP 3n +.PP \-a +.RS 4 Do automatic \fBrndc\fR configuration. This creates a file @@ -100,31 +101,43 @@ option and set up a and \fInamed.conf\fR as directed. -.TP 3n +.RE +.PP \-b \fIkeysize\fR +.RS 4 Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is 128. -.TP 3n +.RE +.PP \-c \fIkeyfile\fR +.RS 4 Used with the \fB\-a\fR option to specify an alternate location for \fIrndc.key\fR. -.TP 3n +.RE +.PP \-h +.RS 4 Prints a short summary of the options and arguments to \fBrndc\-confgen\fR. -.TP 3n +.RE +.PP \-k \fIkeyname\fR +.RS 4 Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is \fBrndc\-key\fR. -.TP 3n +.RE +.PP \-p \fIport\fR +.RS 4 Specifies the command channel port where \fBnamed\fR listens for connections from \fBrndc\fR. The default is 953. -.TP 3n +.RE +.PP \-r \fIrandomfile\fR +.RS 4 Specifies a source of random data for generating the authorization. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input. @@ -132,14 +145,18 @@ or equivalent device, the default source of randomness is keyboard input. specifies the name of a character device or file containing random data to be used instead of the default. The special value \fIkeyboard\fR indicates that keyboard input should be used. -.TP 3n +.RE +.PP \-s \fIaddress\fR +.RS 4 Specifies the IP address where \fBnamed\fR listens for command channel connections from \fBrndc\fR. The default is the loopback address 127.0.0.1. -.TP 3n +.RE +.PP \-t \fIchrootdir\fR +.RS 4 Used with the \fB\-a\fR option to specify a directory where @@ -148,8 +165,10 @@ will run chrooted. An additional copy of the \fIrndc.key\fR will be written relative to this directory so that it will be found by the chrooted \fBnamed\fR. -.TP 3n +.RE +.PP \-u \fIuser\fR +.RS 4 Used with the \fB\-a\fR option to set the owner of the @@ -157,6 +176,7 @@ option to set the owner of the file generated. If \fB\-t\fR is also specified only the file in the chroot area has its owner changed. +.RE .SH "EXAMPLES" .PP To allow @@ -185,4 +205,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2001, 2003 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc-confgen.docbook b/bin/rndc/rndc-confgen.docbook index e0c5a68cf6f65..6b49fd7ca0734 100644 --- a/bin/rndc/rndc-confgen.docbook +++ b/bin/rndc/rndc-confgen.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.5 2005/05/13 01:22:34 marka Exp $ --> +<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.8 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> diff --git a/bin/rndc/rndc-confgen.html b/bin/rndc/rndc-confgen.html index 058cd56d1637f..cc04b7843b649 100644 --- a/bin/rndc/rndc-confgen.html +++ b/bin/rndc/rndc-confgen.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2001, 2003 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.13 2006/06/29 13:02:31 marka Exp $ --> +<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.16 2007/01/30 00:11:48 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc-confgen</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc-confgen</span> — rndc key generation tool</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549476"></a><h2>DESCRIPTION</h2> +<a name="id2543417"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc-confgen</strong></span> generates configuration files for <span><strong class="command">rndc</strong></span>. It can be used as a @@ -48,7 +48,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549522"></a><h2>OPTIONS</h2> +<a name="id2543463"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> @@ -148,7 +148,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2549972"></a><h2>EXAMPLES</h2> +<a name="id2543777"></a><h2>EXAMPLES</h2> <p> To allow <span><strong class="command">rndc</strong></span> to be used with no manual configuration, run @@ -167,7 +167,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550016"></a><h2>SEE ALSO</h2> +<a name="id2543820"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, @@ -176,7 +176,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2550058"></a><h2>AUTHOR</h2> +<a name="id2543863"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index 04bd133f376f5..9b7a4e13793d9 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.24.206.6 2006/06/29 13:02:30 marka Exp $ +.\" $Id: rndc.8,v 1.24.206.12 2007/12/14 22:37:11 marka Exp $ .\" .hy 0 .ad l .\" Title: rndc .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -47,20 +47,22 @@ is invoked with no command line options or arguments, it prints a short summary communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of \fBrndc\fR and -\fBnamed\fR -named the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. +\fBnamed\fR, the only supported authentication algorithm is HMAC\-MD5, which uses a shared secret on each end of the connection. This provides TSIG\-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server. .PP \fBrndc\fR reads a configuration file to determine how to contact the name server and decide what algorithm and key it should use. .SH "OPTIONS" -.TP 3n +.PP \-c \fIconfig\-file\fR +.RS 4 Use \fIconfig\-file\fR as the configuration file instead of the default, \fI/etc/rndc.conf\fR. -.TP 3n +.RE +.PP \-k \fIkey\-file\fR +.RS 4 Use \fIkey\-file\fR as the key file instead of the default, @@ -69,30 +71,41 @@ as the key file instead of the default, will be used to authenticate commands sent to the server if the \fIconfig\-file\fR does not exist. -.TP 3n +.RE +.PP \-s \fIserver\fR +.RS 4 \fIserver\fR is the name or address of the server which matches a server statement in the configuration file for -\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the option statement of the configuration file will be used. -.TP 3n +\fBrndc\fR. If no server is supplied on the command line, the host named by the default\-server clause in the options statement of the +\fBrndc\fR +configuration file will be used. +.RE +.PP \-p \fIport\fR +.RS 4 Send commands to TCP port \fIport\fR instead of BIND 9's default control channel port, 953. -.TP 3n +.RE +.PP \-V +.RS 4 Enable verbose logging. -.TP 3n -\-y \fIkeyid\fR +.RE +.PP +\-y \fIkey_id\fR +.RS 4 Use the key -\fIkeyid\fR +\fIkey_id\fR from the configuration file. -\fIkeyid\fR +\fIkey_id\fR must be known by named with the same algorithm and secret string in order for control message validation to succeed. If no -\fIkeyid\fR +\fIkey_id\fR is specified, \fBrndc\fR will first look for a key clause in the server statement of the server being used, or if no server statement is present for that host, then the default\-key clause of the options statement. Note that the configuration file contains shared secrets which are used to send authenticated control commands to name servers. It should therefore not have general read or write access. +.RE .PP For the complete set of commands supported by \fBrndc\fR, see the BIND 9 Administrator Reference Manual or run @@ -113,12 +126,16 @@ Several error messages could be clearer. .SH "SEE ALSO" .PP \fBrndc.conf\fR(5), +\fBrndc\-confgen\fR(8), \fBnamed\fR(8), -\fBnamed.conf\fR(5) +\fBnamed.conf\fR(5), \fBndc\fR(8), BIND 9 Administrator Reference Manual. .SH "AUTHOR" .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 3a06a44cd0b82..d71cc50395c34 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -13,13 +13,13 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.21.206.6 2006/06/29 13:02:31 marka Exp $ +.\" $Id: rndc.conf.5,v 1.21.206.9 2007/05/09 03:32:36 marka Exp $ .\" .hy 0 .ad l .\" Title: \fIrndc.conf\fR .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> .\" Date: June 30, 2000 .\" Manual: BIND9 .\" Source: BIND9 @@ -101,7 +101,7 @@ program, also known as does not ship with BIND 9 but is available on many systems. See the EXAMPLE section for sample command lines for each. .SH "EXAMPLE" .sp -.RS 3n +.RS 4 .nf options { default\-server localhost; @@ -128,7 +128,7 @@ To generate a random secret with .PP A complete \fIrndc.conf\fR -file, including the randomly generated key, will be written to the standard output. Commented out +file, including the randomly generated key, will be written to the standard output. Commented\-out \fBkey\fR and \fBcontrols\fR @@ -158,4 +158,7 @@ BIND 9 Administrator Reference Manual. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") +.br +Copyright \(co 2000, 2001 Internet Software Consortium. +.br diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook index 16b9caf43cbe7..a1cc80a0f6c80 100644 --- a/bin/rndc/rndc.conf.docbook +++ b/bin/rndc/rndc.conf.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.docbook,v 1.4.206.4 2005/05/12 21:36:04 sra Exp $ --> +<!-- $Id: rndc.conf.docbook,v 1.4.206.8 2007/08/28 07:19:08 tbox Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -166,7 +167,7 @@ <para> A complete <filename>rndc.conf</filename> file, including the randomly generated key, will be written to the standard - output. Commented out <option>key</option> and + output. Commented-out <option>key</option> and <option>controls</option> statements for <filename>named.conf</filename> are also printed. </para> diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index fefe616d8dc23..2bf728e106c6b 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.html,v 1.5.2.1.4.13 2006/06/29 13:02:31 marka Exp $ --> +<!-- $Id: rndc.conf.html,v 1.5.2.1.4.17 2007/05/09 03:32:36 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc.conf</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><code class="filename">rndc.conf</code> — rndc configuration file</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549398"></a><h2>DESCRIPTION</h2> +<a name="id2543339"></a><h2>DESCRIPTION</h2> <p> <code class="filename">rndc.conf</code> is the configuration file for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control @@ -105,7 +105,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549601"></a><h2>EXAMPLE</h2> +<a name="id2543474"></a><h2>EXAMPLE</h2> <pre class="programlisting"> options { default-server localhost; @@ -139,7 +139,7 @@ <p> A complete <code class="filename">rndc.conf</code> file, including the randomly generated key, will be written to the standard - output. Commented out <code class="option">key</code> and + output. Commented-out <code class="option">key</code> and <code class="option">controls</code> statements for <code class="filename">named.conf</code> are also printed. </p> @@ -151,7 +151,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549730"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2543534"></a><h2>NAME SERVER CONFIGURATION</h2> <p> The name server must be configured to accept rndc connections and to recognize the key specified in the <code class="filename">rndc.conf</code> @@ -161,7 +161,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549750"></a><h2>SEE ALSO</h2> +<a name="id2543555"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, @@ -170,7 +170,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549793"></a><h2>AUTHOR</h2> +<a name="id2543597"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index afb88f5f6ea22..66658a9c02bbe 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -1,11 +1,11 @@ -<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN" - "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd" +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - - Permission to use, copy, modify, and distribute this software for any + - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.docbook,v 1.7.206.4 2005/05/12 21:36:05 sra Exp $ --> +<!-- $Id: rndc.docbook,v 1.7.206.11 2007/12/14 20:56:36 marka Exp $ --> <refentry> <refentryinfo> @@ -35,6 +35,7 @@ <copyright> <year>2004</year> <year>2005</year> + <year>2007</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> <copyright> @@ -77,7 +78,7 @@ <command>rndc</command> communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - <command>rndc</command> and <command>named</command> named + <command>rndc</command> and <command>named</command>, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -124,14 +125,13 @@ <varlistentry> <term>-s <replaceable class="parameter">server</replaceable></term> <listitem> - <para> - <replaceable class="parameter">server</replaceable> is - the name or address of the server which matches a - server statement in the configuration file for - <command>rndc</command>. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. + <para><replaceable class="parameter">server</replaceable> is + the name or address of the server which matches a + server statement in the configuration file for + <command>rndc</command>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <command>rndc</command> + configuration file will be used. </para> </listitem> </varlistentry> @@ -157,15 +157,15 @@ </varlistentry> <varlistentry> - <term>-y <replaceable class="parameter">keyid</replaceable></term> + <term>-y <replaceable class="parameter">key_id</replaceable></term> <listitem> <para> - Use the key <replaceable class="parameter">keyid</replaceable> + Use the key <replaceable class="parameter">key_id</replaceable> from the configuration file. - <replaceable class="parameter">keyid</replaceable> must be + <replaceable class="parameter">key_id</replaceable> must be known by named with the same algorithm and secret string in order for control message validation to succeed. - If no <replaceable class="parameter">keyid</replaceable> + If no <replaceable class="parameter">key_id</replaceable> is specified, <command>rndc</command> will first look for a key clause in the server statement of the server being used, or if no server statement is present for that @@ -211,13 +211,17 @@ <manvolnum>5</manvolnum> </citerefentry>, <citerefentry> + <refentrytitle>rndc-confgen</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> <refentrytitle>named</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> <refentrytitle>named.conf</refentrytitle> <manvolnum>5</manvolnum> - </citerefentry> + </citerefentry>, <citerefentry> <refentrytitle>ndc</refentrytitle> <manvolnum>8</manvolnum> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index 4dfd3188142d2..36a5eea5acfec 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") - Copyright (C) 2000, 2001 Internet Software Consortium. - - Permission to use, copy, modify, and distribute this software for any @@ -14,15 +14,15 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.html,v 1.7.2.1.4.12 2006/06/29 13:02:31 marka Exp $ --> +<!-- $Id: rndc.html,v 1.7.2.1.4.19 2007/12/14 22:37:11 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>rndc</title> -<meta name="generator" content="DocBook XSL Stylesheets V1.70.1"> +<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2482688"></a><div class="titlepage"></div> +<a name="id2476275"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">rndc</span> — name server control utility</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2549451"></a><h2>DESCRIPTION</h2> +<a name="id2543393"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -46,7 +46,7 @@ <span><strong class="command">rndc</strong></span> communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of - <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span> named + <span><strong class="command">rndc</strong></span> and <span><strong class="command">named</strong></span>, the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549492"></a><h2>OPTIONS</h2> +<a name="id2543433"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt> <dd><p> @@ -79,14 +79,13 @@ does not exist. </p></dd> <dt><span class="term">-s <em class="replaceable"><code>server</code></em></span></dt> -<dd><p> - <em class="replaceable"><code>server</code></em> is - the name or address of the server which matches a - server statement in the configuration file for - <span><strong class="command">rndc</strong></span>. If no server is supplied on the - command line, the host named by the default-server clause - in the option statement of the configuration file will be - used. +<dd><p><em class="replaceable"><code>server</code></em> is + the name or address of the server which matches a + server statement in the configuration file for + <span><strong class="command">rndc</strong></span>. If no server is supplied on the + command line, the host named by the default-server clause + in the options statement of the <span><strong class="command">rndc</strong></span> + configuration file will be used. </p></dd> <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt> <dd><p> @@ -98,14 +97,14 @@ <dd><p> Enable verbose logging. </p></dd> -<dt><span class="term">-y <em class="replaceable"><code>keyid</code></em></span></dt> +<dt><span class="term">-y <em class="replaceable"><code>key_id</code></em></span></dt> <dd><p> - Use the key <em class="replaceable"><code>keyid</code></em> + Use the key <em class="replaceable"><code>key_id</code></em> from the configuration file. - <em class="replaceable"><code>keyid</code></em> must be + <em class="replaceable"><code>key_id</code></em> must be known by named with the same algorithm and secret string in order for control message validation to succeed. - If no <em class="replaceable"><code>keyid</code></em> + If no <em class="replaceable"><code>key_id</code></em> is specified, <span><strong class="command">rndc</strong></span> will first look for a key clause in the server statement of the server being used, or if no server statement is present for that @@ -123,7 +122,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549811"></a><h2>LIMITATIONS</h2> +<a name="id2543619"></a><h2>LIMITATIONS</h2> <p> <span><strong class="command">rndc</strong></span> does not yet support all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> utility. @@ -137,17 +136,18 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2549840"></a><h2>SEE ALSO</h2> +<a name="id2543648"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, + <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, - <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span> + <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2549892"></a><h2>AUTHOR</h2> +<a name="id2543709"></a><h2>AUTHOR</h2> <p> <span class="corpauthor">Internet Systems Consortium</span> </p> diff --git a/bin/rndc/unix/Makefile.in b/bin/rndc/unix/Makefile.in index 0409a188838f3..c233e3812db16 100644 --- a/bin/rndc/unix/Makefile.in +++ b/bin/rndc/unix/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") -# Copyright (C) 2001 Internet Software Consortium. +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2001, 2003 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.1.12.3 2004/03/08 04:04:24 marka Exp $ +# $Id: Makefile.in,v 1.1.12.6 2007/08/28 07:19:08 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ |