diff options
Diffstat (limited to 'bin')
182 files changed, 1210 insertions, 892 deletions
diff --git a/bin/Makefile.in b/bin/Makefile.in index d263d795eb029..e4805520e7e6d 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.29 2009-10-05 12:07:08 fdupont Exp $ +# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/check/Makefile.in b/bin/check/Makefile.in index d5827dcce11e2..403933b2ed7d4 100644 --- a/bin/check/Makefile.in +++ b/bin/check/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.36 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c index 4d2ca5c45ab5d..422d9b1cde98f 100644 --- a/bin/check/check-tool.c +++ b/bin/check/check-tool.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.c,v 1.41 2010-09-07 23:46:59 tbox Exp $ */ +/* $Id: check-tool.c,v 1.41 2010/09/07 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/check/check-tool.h b/bin/check/check-tool.h index 4371ae29ec207..e988597a740d0 100644 --- a/bin/check/check-tool.h +++ b/bin/check/check-tool.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check-tool.h,v 1.16 2010-09-07 23:46:59 tbox Exp $ */ +/* $Id: check-tool.h,v 1.16 2010/09/07 23:46:59 tbox Exp $ */ #ifndef CHECK_TOOL_H #define CHECK_TOOL_H diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8 index fabcfa916eb75..67a8f4a3da6a5 100644 --- a/bin/check/named-checkconf.8 +++ b/bin/check/named-checkconf.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkconf.8,v 1.33 2009-12-29 01:14:03 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 11a429c649cd4..a342dd9fbd9aa 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkconf.c,v 1.54.62.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: named-checkconf.c,v 1.54.62.2 2011/03/12 04:59:13 tbox Exp $ */ /*! \file */ diff --git a/bin/check/named-checkconf.docbook b/bin/check/named-checkconf.docbook index fe12cb3ea278d..9535e28430cfd 100644 --- a/bin/check/named-checkconf.docbook +++ b/bin/check/named-checkconf.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.docbook,v 1.22 2009-12-28 23:21:16 each Exp $ --> +<!-- $Id: named-checkconf.docbook,v 1.22 2009/12/28 23:21:16 each Exp $ --> <refentry id="man.named-checkconf"> <refentryinfo> <date>June 14, 2000</date> diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html index f5e4cd3851142..aa80c7cbe8883 100644 --- a/bin/check/named-checkconf.html +++ b/bin/check/named-checkconf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkconf.html,v 1.33 2009-12-29 01:14:03 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named-checkconf</code> [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543395"></a><h2>DESCRIPTION</h2> +<a name="id2543396"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkconf</strong></span> checks the syntax, but not the semantics, of a <span><strong class="command">named</strong></span> configuration file. The file is parsed @@ -52,7 +52,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543444"></a><h2>OPTIONS</h2> +<a name="id2543445"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-h</span></dt> <dd><p> @@ -91,21 +91,21 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543568"></a><h2>RETURN VALUES</h2> +<a name="id2543569"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543579"></a><h2>SEE ALSO</h2> +<a name="id2543580"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543609"></a><h2>AUTHOR</h2> +<a name="id2543610"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8 index 1bb784606d8dd..92c8bdcffcf1b 100644 --- a/bin/check/named-checkzone.8 +++ b/bin/check/named-checkzone.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-checkzone.8,v 1.47 2010-01-17 01:14:02 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c index 100e809867d11..11491b580862e 100644 --- a/bin/check/named-checkzone.c +++ b/bin/check/named-checkzone.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-checkzone.c,v 1.61 2010-09-07 23:46:59 tbox Exp $ */ +/* $Id: named-checkzone.c,v 1.61.62.2 2011/12/22 23:45:54 tbox Exp $ */ /*! \file */ @@ -112,6 +112,7 @@ main(int argc, char **argv) { const char *outputformatstr = NULL; dns_masterformat_t inputformat = dns_masterformat_text; dns_masterformat_t outputformat = dns_masterformat_text; + isc_boolean_t logdump = ISC_FALSE; FILE *errout = stdout; outputstyle = &dns_master_style_full; @@ -418,6 +419,7 @@ main(int argc, char **argv) { if (progmode == progmode_compile) { dumpzone = 1; /* always dump */ + logdump = !quiet; if (output_filename == NULL) { fprintf(stderr, "output file required, but not specified\n"); @@ -436,8 +438,10 @@ main(int argc, char **argv) { (output_filename == NULL || strcmp(output_filename, "-") == 0 || strcmp(output_filename, "/dev/fd/1") == 0 || - strcmp(output_filename, "/dev/stdout") == 0)) + strcmp(output_filename, "/dev/stdout") == 0)) { errout = stderr; + logdump = ISC_FALSE; + } if (isc_commandline_index + 2 != argc) usage(); @@ -462,13 +466,13 @@ main(int argc, char **argv) { &zone); if (result == ISC_R_SUCCESS && dumpzone) { - if (!quiet && progmode == progmode_compile) { + if (logdump) { fprintf(errout, "dump zone to %s...", output_filename); fflush(errout); } result = dump_zone(origin, zone, output_filename, outputformat, outputstyle); - if (!quiet && progmode == progmode_compile) + if (logdump) fprintf(errout, "done\n"); } diff --git a/bin/check/named-checkzone.docbook b/bin/check/named-checkzone.docbook index 415ee1c34499d..33dc15e47095c 100644 --- a/bin/check/named-checkzone.docbook +++ b/bin/check/named-checkzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.docbook,v 1.40 2010-01-16 23:48:15 tbox Exp $ --> +<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ --> <refentry id="man.named-checkzone"> <refentryinfo> <date>June 13, 2000</date> diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html index e0532af0f590e..2be53a7b34987 100644 --- a/bin/check/named-checkzone.html +++ b/bin/check/named-checkzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-checkzone.html,v 1.47 2010-01-17 01:14:02 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -33,7 +33,7 @@ <div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543694"></a><h2>DESCRIPTION</h2> +<a name="id2543696"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of a zone file. It performs the same checks as <span><strong class="command">named</strong></span> does when loading a @@ -53,7 +53,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543730"></a><h2>OPTIONS</h2> +<a name="id2543731"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-d</span></dt> <dd><p> @@ -247,14 +247,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544377"></a><h2>RETURN VALUES</h2> +<a name="id2544446"></a><h2>RETURN VALUES</h2> <p><span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if errors were detected and 0 otherwise. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544389"></a><h2>SEE ALSO</h2> +<a name="id2544458"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <em class="citetitle">RFC 1035</em>, @@ -262,7 +262,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544422"></a><h2>AUTHOR</h2> +<a name="id2544491"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/Makefile.in b/bin/confgen/Makefile.in index da3587982cd3d..64ddf760a067b 100644 --- a/bin/confgen/Makefile.in +++ b/bin/confgen/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.8 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/confgen/ddns-confgen.8 b/bin/confgen/ddns-confgen.8 index d69af398e614f..fd2670e5ff4e7 100644 --- a/bin/confgen/ddns-confgen.8 +++ b/bin/confgen/ddns-confgen.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: ddns-confgen.8,v 1.10 2009-09-19 01:14:52 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c index 3fdf4d47417ff..826b500d950c0 100644 --- a/bin/confgen/ddns-confgen.c +++ b/bin/confgen/ddns-confgen.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ddns-confgen.c,v 1.9.308.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: ddns-confgen.c,v 1.9.308.2 2011/03/12 04:59:13 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/ddns-confgen.docbook b/bin/confgen/ddns-confgen.docbook index 2b3e1c0556a58..cedfbf5726c8d 100644 --- a/bin/confgen/ddns-confgen.docbook +++ b/bin/confgen/ddns-confgen.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: ddns-confgen.docbook,v 1.6 2009-09-18 22:08:55 fdupont Exp $ --> +<!-- $Id: ddns-confgen.docbook,v 1.6 2009/09/18 22:08:55 fdupont Exp $ --> <refentry id="man.ddns-confgen"> <refentryinfo> <date>Jan 29, 2009</date> diff --git a/bin/confgen/ddns-confgen.html b/bin/confgen/ddns-confgen.html index 17c3f26dccae3..6b2f7dc5d5633 100644 --- a/bin/confgen/ddns-confgen.html +++ b/bin/confgen/ddns-confgen.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: ddns-confgen.html,v 1.10 2009-09-19 01:14:52 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543395"></a><h2>DESCRIPTION</h2> +<a name="id2543396"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">ddns-confgen</strong></span> generates a key for use by <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named</strong></span>. It simplifies configuration @@ -58,7 +58,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543454"></a><h2>OPTIONS</h2> +<a name="id2543456"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd><p> @@ -125,7 +125,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543642"></a><h2>SEE ALSO</h2> +<a name="id2543643"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -133,7 +133,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543681"></a><h2>AUTHOR</h2> +<a name="id2543682"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/include/confgen/os.h b/bin/confgen/include/confgen/os.h index bf80f00ef4177..2019701fa62d2 100644 --- a/bin/confgen/include/confgen/os.h +++ b/bin/confgen/include/confgen/os.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.3 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c index c259e7e6a721e..a5db317700d8a 100644 --- a/bin/confgen/keygen.c +++ b/bin/confgen/keygen.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keygen.c,v 1.4 2009-11-12 14:02:38 marka Exp $ */ +/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */ /*! \file */ diff --git a/bin/confgen/keygen.h b/bin/confgen/keygen.h index cea25dd4f92a3..a9ded4092f544 100644 --- a/bin/confgen/keygen.h +++ b/bin/confgen/keygen.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: keygen.h,v 1.3 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */ #ifndef RNDC_KEYGEN_H #define RNDC_KEYGEN_H 1 diff --git a/bin/confgen/rndc-confgen.8 b/bin/confgen/rndc-confgen.8 index a1b3ae86b735c..faffdac4b5e32 100644 --- a/bin/confgen/rndc-confgen.8 +++ b/bin/confgen/rndc-confgen.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc-confgen.8,v 1.7 2009-07-11 01:12:45 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c index 0eac35fefac61..1ad14a99aa158 100644 --- a/bin/confgen/rndc-confgen.c +++ b/bin/confgen/rndc-confgen.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc-confgen.c,v 1.5.308.2 2011-03-12 04:59:13 tbox Exp $ */ +/* $Id: rndc-confgen.c,v 1.5.308.2 2011/03/12 04:59:13 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/rndc-confgen.docbook b/bin/confgen/rndc-confgen.docbook index d43fcfbe8aa4b..af2cc4321dda4 100644 --- a/bin/confgen/rndc-confgen.docbook +++ b/bin/confgen/rndc-confgen.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.docbook,v 1.4 2009-06-15 23:47:59 tbox Exp $ --> +<!-- $Id: rndc-confgen.docbook,v 1.4 2009/06/15 23:47:59 tbox Exp $ --> <refentry id="man.rndc-confgen"> <refentryinfo> <date>Aug 27, 2001</date> diff --git a/bin/confgen/rndc-confgen.html b/bin/confgen/rndc-confgen.html index 82a712091614c..03ee5199a116e 100644 --- a/bin/confgen/rndc-confgen.html +++ b/bin/confgen/rndc-confgen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc-confgen.html,v 1.7 2009-07-11 01:12:45 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543432"></a><h2>DESCRIPTION</h2> +<a name="id2543433"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">rndc-confgen</strong></span> generates configuration files for <span><strong class="command">rndc</strong></span>. It can be used as a @@ -48,7 +48,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543477"></a><h2>OPTIONS</h2> +<a name="id2543478"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd> @@ -155,7 +155,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543790"></a><h2>EXAMPLES</h2> +<a name="id2543792"></a><h2>EXAMPLES</h2> <p> To allow <span><strong class="command">rndc</strong></span> to be used with no manual configuration, run @@ -172,7 +172,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543832"></a><h2>SEE ALSO</h2> +<a name="id2543833"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -180,7 +180,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543870"></a><h2>AUTHOR</h2> +<a name="id2543872"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/confgen/unix/Makefile.in b/bin/confgen/unix/Makefile.in index 1785e0d0f4dec..924701e61ff2e 100644 --- a/bin/confgen/unix/Makefile.in +++ b/bin/confgen/unix/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.3 2009-06-11 23:47:55 tbox Exp $ +# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/confgen/unix/os.c b/bin/confgen/unix/os.c index e439a51826481..3901350d7705d 100644 --- a/bin/confgen/unix/os.c +++ b/bin/confgen/unix/os.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.3 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/util.c b/bin/confgen/util.c index 158a8d355818d..5f5f817a5d3d9 100644 --- a/bin/confgen/util.c +++ b/bin/confgen/util.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.c,v 1.3 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */ /*! \file */ diff --git a/bin/confgen/util.h b/bin/confgen/util.h index 651b6e558cf22..f3b2ec9dee18d 100644 --- a/bin/confgen/util.h +++ b/bin/confgen/util.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.4 2009-09-29 15:06:05 fdupont Exp $ */ +/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */ #ifndef RNDC_UTIL_H #define RNDC_UTIL_H 1 diff --git a/bin/dig/Makefile.in b/bin/dig/Makefile.in index bebef6f45d341..19dc61c4353f8 100644 --- a/bin/dig/Makefile.in +++ b/bin/dig/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.47 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.47 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/dig/dig.1 b/bin/dig/dig.1 index 87d5045701cec..6e3bfb6c0c6ee 100644 --- a/bin/dig/dig.1 +++ b/bin/dig/dig.1 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dig.1,v 1.54 2010-03-05 01:14:15 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 728838721275c..5e5ec0fa48d41 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.c,v 1.237.124.3 2011-03-11 06:46:58 marka Exp $ */ +/* $Id: dig.c,v 1.237.124.4 2011/12/07 17:23:55 each Exp $ */ /*! \file */ @@ -1527,7 +1527,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only, if (strncmp(rv[0], "%", 1) == 0) break; if (strncmp(rv[0], "@", 1) == 0) { - addresscount = getaddresses(lookup, &rv[0][1]); + addresscount = getaddresses(lookup, &rv[0][1], NULL); } else if (rv[0][0] == '+') { plus_option(&rv[0][1], is_batchfile, lookup); diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook index 19e2ca2afbf35..d64d038b500dd 100644 --- a/bin/dig/dig.docbook +++ b/bin/dig/dig.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.docbook,v 1.47 2010-03-04 23:50:34 tbox Exp $ --> +<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ --> <refentry id="man.dig"> <refentryinfo> diff --git a/bin/dig/dig.html b/bin/dig/dig.html index c9ce8f0e254cd..ceef3fa8d9885 100644 --- a/bin/dig/dig.html +++ b/bin/dig/dig.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dig.html,v 1.49 2010-03-05 01:14:15 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -34,7 +34,7 @@ <div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543522"></a><h2>DESCRIPTION</h2> +<a name="id2543524"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and @@ -80,7 +80,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543595"></a><h2>SIMPLE USAGE</h2> +<a name="id2543597"></a><h2>SIMPLE USAGE</h2> <p> A typical invocation of <span><strong class="command">dig</strong></span> looks like: </p> @@ -126,7 +126,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543686"></a><h2>OPTIONS</h2> +<a name="id2543688"></a><h2>OPTIONS</h2> <p> The <code class="option">-b</code> option sets the source IP address of the query to <em class="parameter"><code>address</code></em>. This must be a valid @@ -230,7 +230,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544035"></a><h2>QUERY OPTIONS</h2> +<a name="id2544037"></a><h2>QUERY OPTIONS</h2> <p><span><strong class="command">dig</strong></span> provides a number of query options which affect the way in which lookups are made and the results displayed. Some of @@ -561,7 +561,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2545184"></a><h2>MULTIPLE QUERIES</h2> +<a name="id2545186"></a><h2>MULTIPLE QUERIES</h2> <p> The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports @@ -607,7 +607,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545245"></a><h2>IDN SUPPORT</h2> +<a name="id2545248"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -621,14 +621,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545336"></a><h2>FILES</h2> +<a name="id2545338"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> <p><code class="filename">${HOME}/.digrc</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545353"></a><h2>SEE ALSO</h2> +<a name="id2545355"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, @@ -636,7 +636,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr </p> </div> <div class="refsect1" lang="en"> -<a name="id2545390"></a><h2>BUGS</h2> +<a name="id2545393"></a><h2>BUGS</h2> <p> There are probably too many query options. </p> diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index 319ba3e747277..9695de0dbc4cb 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dighost.c,v 1.336.22.4 2011-03-11 06:46:58 marka Exp $ */ +/* $Id: dighost.c,v 1.336.22.9 2011/12/07 17:23:55 each Exp $ */ /*! \file * \note @@ -66,6 +66,7 @@ #include <dns/tsig.h> #include <dst/dst.h> +#include <dst/result.h> #include <isc/app.h> #include <isc/base64.h> @@ -81,6 +82,7 @@ #include <isc/print.h> #include <isc/random.h> #include <isc/result.h> +#include <isc/serial.h> #include <isc/string.h> #include <isc/task.h> #include <isc/timer.h> @@ -360,6 +362,8 @@ connect_timeout(isc_task_t *task, isc_event_t *event); static void launch_next_query(dig_query_t *query, isc_boolean_t include_question); +static void +send_tcp_connect(dig_query_t *query); static void * mem_alloc(void *arg, size_t size) { @@ -742,7 +746,7 @@ make_empty_lookup(void) { looknew->xfr_q = NULL; looknew->current_query = NULL; looknew->doing_xfr = ISC_FALSE; - looknew->ixfr_serial = ISC_FALSE; + looknew->ixfr_serial = 0; looknew->trace = ISC_FALSE; looknew->trace_root = ISC_FALSE; looknew->identify = ISC_FALSE; @@ -787,6 +791,7 @@ make_empty_lookup(void) { looknew->new_search = ISC_FALSE; looknew->done_as_is = ISC_FALSE; looknew->need_search = ISC_FALSE; + dns_fixedname_init(&looknew->fdomain); ISC_LINK_INIT(looknew, link); ISC_LIST_INIT(looknew->q); ISC_LIST_INIT(looknew->my_server_list); @@ -862,6 +867,8 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) { looknew->tsigctx = NULL; looknew->need_search = lookold->need_search; looknew->done_as_is = lookold->done_as_is; + dns_name_copy(dns_fixedname_name(&lookold->fdomain), + dns_fixedname_name(&looknew->fdomain), NULL); if (servers) clone_server_list(lookold->my_server_list, @@ -925,6 +932,11 @@ setup_text_key(void) { secretsize = isc_buffer_usedlength(&secretbuf); + if (hmacname == NULL) { + result = DST_R_UNSUPPORTEDALG; + goto failure; + } + result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf); if (result != ISC_R_SUCCESS) goto failure; @@ -1698,6 +1710,9 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) isc_result_t result; isc_boolean_t success = ISC_FALSE; int numLookups = 0; + int num; + isc_result_t lresult, addresses_result; + char bad_namestr[DNS_NAME_FORMATSIZE]; dns_name_t *domain; isc_boolean_t horizontal = ISC_FALSE, bad = ISC_FALSE; @@ -1705,6 +1720,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) debug("following up %s", query->lookup->textname); + addresses_result = ISC_R_SUCCESS; + bad_namestr[0] = '\0'; for (result = dns_message_firstname(msg, section); result == ISC_R_SUCCESS; result = dns_message_nextname(msg, section)) { @@ -1783,15 +1800,27 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) lookup->trace_root = ISC_FALSE; if (lookup->ns_search_only) lookup->recurse = ISC_FALSE; - dns_fixedname_init(&lookup->fdomain); domain = dns_fixedname_name(&lookup->fdomain); dns_name_copy(name, domain, NULL); } debug("adding server %s", namestr); - numLookups += getaddresses(lookup, namestr); + num = getaddresses(lookup, namestr, &lresult); + if (lresult != ISC_R_SUCCESS) { + debug("couldn't get address for '%s': %s", + namestr, isc_result_totext(lresult)); + if (addresses_result == ISC_R_SUCCESS) { + addresses_result = lresult; + strcpy(bad_namestr, namestr); + } + } + numLookups += num; dns_rdata_reset(&rdata); } } + if (numLookups == 0 && addresses_result != ISC_R_SUCCESS) { + fatal("couldn't get address for '%s': %s", + bad_namestr, isc_result_totext(result)); + } if (lookup == NULL && section == DNS_SECTION_ANSWER && @@ -1838,12 +1867,10 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) * Return ISC_TRUE iff there was another searchlist entry. */ static isc_boolean_t -next_origin(dns_message_t *msg, dig_query_t *query) { +next_origin(dig_query_t *query) { dig_lookup_t *lookup; dig_searchlist_t *search; - UNUSED(msg); - INSIST(!free_now); debug("next_origin()"); @@ -2318,7 +2345,7 @@ send_done(isc_task_t *_task, isc_event_t *event) { query->waiting_senddone = ISC_FALSE; l = query->lookup; - if (l->ns_search_only && !l->trace_root) { + if (l->ns_search_only && !l->trace_root && !l->tcp_mode) { debug("sending next, since searching"); next = ISC_LIST_NEXT(query, link); if (next != NULL) @@ -2865,8 +2892,10 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, dns_rdataset_t *rdataset = NULL; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_soa_t soa; - isc_uint32_t serial; + isc_uint32_t ixfr_serial = query->lookup->ixfr_serial, serial; isc_result_t result; + isc_boolean_t ixfr = query->lookup->rdtype == dns_rdatatype_ixfr; + isc_boolean_t axfr = query->lookup->rdtype == dns_rdatatype_axfr; debug("check_for_more_data()"); @@ -2916,6 +2945,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, query->second_rr_rcvd = ISC_TRUE; query->second_rr_serial = 0; debug("got the second rr as nonsoa"); + axfr = ISC_TRUE; goto next_rdata; } @@ -2925,6 +2955,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, */ if (rdata.type != dns_rdatatype_soa) goto next_rdata; + /* Now we have an SOA. Work with it. */ debug("got an SOA"); result = dns_rdata_tostruct(&rdata, &soa, NULL); @@ -2934,15 +2965,17 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, if (!query->first_soa_rcvd) { query->first_soa_rcvd = ISC_TRUE; query->first_rr_serial = serial; - debug("this is the first %d", - query->lookup->ixfr_serial); - if (query->lookup->ixfr_serial >= - serial) + debug("this is the first serial %u", + serial); + if (ixfr && isc_serial_ge(ixfr_serial, + serial)) { + debug("got up to date " + "response"); goto doexit; + } goto next_rdata; } - if (query->lookup->rdtype == - dns_rdatatype_axfr) { + if (axfr) { debug("doing axfr, got second SOA"); goto doexit; } @@ -2952,22 +2985,12 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, "empty zone"); goto doexit; } - debug("this is the second %d", - query->lookup->ixfr_serial); + debug("this is the second serial %u", + serial); query->second_rr_rcvd = ISC_TRUE; query->second_rr_serial = serial; goto next_rdata; } - if (query->second_rr_serial == 0) { - /* - * If the second RR was a non-SOA - * record, and we're getting any - * other SOA, then this is an - * AXFR, and we're done. - */ - debug("done, since axfr"); - goto doexit; - } /* * If we get to this point, we're doing an * IXFR and have to start really looking @@ -2983,7 +3006,7 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg, debug("done with ixfr"); goto doexit; } - debug("meaningless soa %d", serial); + debug("meaningless soa %u", serial); next_rdata: result = dns_rdataset_next(rdataset); } while (result == ISC_R_SUCCESS); @@ -3360,7 +3383,7 @@ recv_done(isc_task_t *task, isc_event_t *event) { if (!l->doing_xfr || l->xfr_q == query) { if (msg->rcode != dns_rcode_noerror && (l->origin != NULL || l->need_search)) { - if (!next_origin(msg, query) || showsearch) { + if (!next_origin(query) || showsearch) { printmessage(query, msg, ISC_TRUE); received(b->used, &sevent->address, query); } @@ -3546,7 +3569,7 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) { } int -getaddresses(dig_lookup_t *lookup, const char *host) { +getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) { isc_result_t result; isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES]; isc_netaddr_t netaddr; @@ -3556,9 +3579,14 @@ getaddresses(dig_lookup_t *lookup, const char *host) { result = bind9_getaddresses(host, 0, sockaddrs, DIG_MAX_ADDRESSES, &count); - if (result != ISC_R_SUCCESS) - fatal("couldn't get address for '%s': %s", - host, isc_result_totext(result)); + if (resultp != NULL) + *resultp = result; + if (result != ISC_R_SUCCESS) { + if (resultp == NULL) + fatal("couldn't get address for '%s': %s", + host, isc_result_totext(result)); + return 0; + } for (i = 0; i < count; i++) { isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]); @@ -4208,7 +4236,6 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) { return (result); } - isc_result_t get_trusted_key(isc_mem_t *mctx) { @@ -4270,6 +4297,7 @@ get_trusted_key(isc_mem_t *mctx) if (key != NULL) dst_key_free(&key); } + fclose(fp); return (ISC_R_SUCCESS); } diff --git a/bin/dig/host.1 b/bin/dig/host.1 index 464d517a0b3d1..b6eb81ba40f6a 100644 --- a/bin/dig/host.1 +++ b/bin/dig/host.1 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: host.1,v 1.31 2009-07-11 01:12:45 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dig/host.c b/bin/dig/host.c index c7a8e0eb575fe..82eea056c0d1d 100644 --- a/bin/dig/host.c +++ b/bin/dig/host.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: host.c,v 1.124.40.3 2011-03-11 06:46:59 marka Exp $ */ +/* $Id: host.c,v 1.124.40.3 2011/03/11 06:46:59 marka Exp $ */ /*! \file */ diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook index 9ffd8e6ffb111..bc435f92f11c6 100644 --- a/bin/dig/host.docbook +++ b/bin/dig/host.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.docbook,v 1.20 2009-01-20 23:47:56 tbox Exp $ --> +<!-- $Id: host.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ --> <refentry id="man.host"> <refentryinfo> diff --git a/bin/dig/host.html b/bin/dig/host.html index 531fc1d789688..d5fb6e735fb19 100644 --- a/bin/dig/host.html +++ b/bin/dig/host.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: host.html,v 1.30 2009-07-11 01:12:45 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543434"></a><h2>DESCRIPTION</h2> +<a name="id2543436"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">host</strong></span> is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. @@ -184,7 +184,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543800"></a><h2>IDN SUPPORT</h2> +<a name="id2543802"></a><h2>IDN SUPPORT</h2> <p> If <span><strong class="command">host</strong></span> has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. @@ -198,12 +198,12 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543822"></a><h2>FILES</h2> +<a name="id2543825"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543834"></a><h2>SEE ALSO</h2> +<a name="id2543836"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index 2db5de552fc34..6c186dec5e4b0 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dig.h,v 1.111.306.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: dig.h,v 1.111.306.3 2011/12/07 17:23:55 each Exp $ */ #ifndef DIG_H #define DIG_H @@ -289,7 +289,7 @@ isc_result_t get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr); int -getaddresses(dig_lookup_t *lookup, const char *host); +getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp); isc_result_t get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int, diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1 index e97ee1f9ba395..f988995ba86e6 100644 --- a/bin/dig/nslookup.1 +++ b/bin/dig/nslookup.1 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nslookup.1,v 1.16 2010-02-23 01:14:31 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c index e327c0f7fce4a..48c390b8ae0ef 100644 --- a/bin/dig/nslookup.c +++ b/bin/dig/nslookup.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nslookup.c,v 1.127.38.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: nslookup.c,v 1.127.38.2 2011/02/28 01:19:58 tbox Exp $ */ #include <config.h> diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook index 9c4789d4cb18e..f4d497b3998bf 100644 --- a/bin/dig/nslookup.docbook +++ b/bin/dig/nslookup.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.docbook,v 1.18 2010-02-22 23:49:11 tbox Exp $ --> +<!-- $Id: nslookup.docbook,v 1.18 2010/02/22 23:49:11 tbox Exp $ --> <!-- - Copyright (c) 1985, 1989 - The Regents of the University of California. All rights reserved. diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html index bae63bd0fd3d0..4bf6aab5c43c0 100644 --- a/bin/dig/nslookup.html +++ b/bin/dig/nslookup.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nslookup.html,v 1.23 2010-02-23 01:14:31 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -21,7 +21,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476276"></a><div class="titlepage"></div> +<a name="id2476277"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p>nslookup — query Internet name servers interactively</p> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nslookup</code> [<code class="option">-option</code>] [name | -] [server]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543358"></a><h2>DESCRIPTION</h2> +<a name="id2543361"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">Nslookup</strong></span> is a program to query Internet domain name servers. <span><strong class="command">Nslookup</strong></span> has two modes: interactive and non-interactive. Interactive mode allows @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543374"></a><h2>ARGUMENTS</h2> +<a name="id2543377"></a><h2>ARGUMENTS</h2> <p> Interactive mode is entered in the following cases: </p> @@ -78,7 +78,7 @@ nslookup -query=hinfo -timeout=10 </p> </div> <div class="refsect1" lang="en"> -<a name="id2543418"></a><h2>INTERACTIVE COMMANDS</h2> +<a name="id2543420"></a><h2>INTERACTIVE COMMANDS</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt> <dd> @@ -288,19 +288,19 @@ nslookup -query=hinfo -timeout=10 </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2546284"></a><h2>FILES</h2> +<a name="id2546286"></a><h2>FILES</h2> <p><code class="filename">/etc/resolv.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2546296"></a><h2>SEE ALSO</h2> +<a name="id2546298"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2546330"></a><h2>Author</h2> +<a name="id2546332"></a><h2>Author</h2> <p> Andrew Cherenson </p> diff --git a/bin/dnssec/Makefile.in b/bin/dnssec/Makefile.in index 0f5e4e842c205..6bfd162d8d358 100644 --- a/bin/dnssec/Makefile.in +++ b/bin/dnssec/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.42 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8 index 25aa2bf831fcf..437aa371cff4f 100644 --- a/bin/dnssec/dnssec-dsfromkey.8 +++ b/bin/dnssec/dnssec-dsfromkey.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-dsfromkey.8,v 1.13 2010-12-24 01:14:20 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dnssec/dnssec-dsfromkey.c b/bin/dnssec/dnssec-dsfromkey.c index b7f84a0411104..c4b157cd9b1a7 100644 --- a/bin/dnssec/dnssec-dsfromkey.c +++ b/bin/dnssec/dnssec-dsfromkey.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-dsfromkey.c,v 1.19 2010-12-23 04:07:59 marka Exp $ */ +/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */ /*! \file */ @@ -265,12 +265,10 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside, fatal("can't print class"); isc_buffer_usedregion(&nameb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); - - putchar(' '); + printf("%.*s ", (int)r.length, r.base); isc_buffer_usedregion(&classb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); + printf("%.*s", (int)r.length, r.base); if (lookaside == NULL) printf(" DS "); @@ -278,8 +276,7 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside, printf(" DLV "); isc_buffer_usedregion(&textb, &r); - isc_util_fwrite(r.base, 1, r.length, stdout); - putchar('\n'); + printf("%.*s\n", (int)r.length, r.base); } ISC_PLATFORM_NORETURN_PRE static void diff --git a/bin/dnssec/dnssec-dsfromkey.docbook b/bin/dnssec/dnssec-dsfromkey.docbook index 36410d5f35c15..d139ba5ec7c8e 100644 --- a/bin/dnssec/dnssec-dsfromkey.docbook +++ b/bin/dnssec/dnssec-dsfromkey.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010-12-23 23:47:08 tbox Exp $ --> +<!-- $Id: dnssec-dsfromkey.docbook,v 1.12 2010/12/23 23:47:08 tbox Exp $ --> <refentry id="man.dnssec-dsfromkey"> <refentryinfo> <date>August 26, 2009</date> diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html index 54cc1ab61ca2d..3031c391afa83 100644 --- a/bin/dnssec/dnssec-dsfromkey.html +++ b/bin/dnssec/dnssec-dsfromkey.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-dsfromkey.html,v 1.13 2010-12-24 01:14:19 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,14 +32,14 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code> {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543464"></a><h2>DESCRIPTION</h2> +<a name="id2543465"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-dsfromkey</strong></span> outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s). </p> </div> <div class="refsect1" lang="en"> -<a name="id2543476"></a><h2>OPTIONS</h2> +<a name="id2543477"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-1</span></dt> <dd><p> @@ -100,7 +100,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543662"></a><h2>EXAMPLE</h2> +<a name="id2543664"></a><h2>EXAMPLE</h2> <p> To build the SHA-256 DS RR from the <strong class="userinput"><code>Kexample.com.+003+26160</code></strong> @@ -115,7 +115,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543692"></a><h2>FILES</h2> +<a name="id2543693"></a><h2>FILES</h2> <p> The keyfile can be designed by the key identification <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name @@ -129,13 +129,13 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543728"></a><h2>CAVEAT</h2> +<a name="id2543729"></a><h2>CAVEAT</h2> <p> A keyfile error can give a "file not found" even if the file exists. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543737"></a><h2>SEE ALSO</h2> +<a name="id2543738"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -145,7 +145,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543777"></a><h2>AUTHOR</h2> +<a name="id2543778"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8 index a0fd69351bdc5..e3bb48f14006e 100644 --- a/bin/dnssec/dnssec-keyfromlabel.8 +++ b/bin/dnssec/dnssec-keyfromlabel.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.2 2011-02-28 02:37:42 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index 1323ed7186919..6a07146763821 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keyfromlabel.c,v 1.32.14.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: dnssec-keyfromlabel.c,v 1.32.14.4 2011/11/30 00:51:38 marka Exp $ */ /*! \file */ @@ -110,7 +110,8 @@ usage(void) { int main(int argc, char **argv) { - char *algname = NULL, *nametype = NULL, *type = NULL; + char *algname = NULL, *freeit = NULL; + char *nametype = NULL, *type = NULL; const char *directory = NULL; #ifdef USE_PKCS11 const char *engine = "pkcs11"; @@ -342,6 +343,9 @@ main(int argc, char **argv) { algname = strdup(DEFAULT_NSEC3_ALGORITHM); else algname = strdup(DEFAULT_ALGORITHM); + if (algname == NULL) + fatal("strdup failed"); + freeit = algname; if (verbose > 0) fprintf(stderr, "no algorithm specified; " "defaulting to %s\n", algname); @@ -514,8 +518,7 @@ main(int argc, char **argv) { * is a risk of ID collision due to this key or another key * being revoked. */ - if (key_collision(dst_key_id(key), name, directory, alg, mctx, &exact)) - { + if (key_collision(key, name, directory, mctx, &exact)) { isc_buffer_clear(&buf); ret = dst_key_buildfilename(key, 0, directory, &buf); if (ret != ISC_R_SUCCESS) @@ -560,5 +563,8 @@ main(int argc, char **argv) { isc_mem_free(mctx, label); isc_mem_destroy(&mctx); + if (freeit != NULL) + free(freeit); + return (0); } diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook index c731e6eab6060..5f3e0e681f972 100644 --- a/bin/dnssec/dnssec-keyfromlabel.docbook +++ b/bin/dnssec/dnssec-keyfromlabel.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011-02-28 01:19:58 tbox Exp $ --> +<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011/02/28 01:19:58 tbox Exp $ --> <refentry id="man.dnssec-keyfromlabel"> <refentryinfo> <date>February 8, 2008</date> diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html index c939ed68d75c0..f2c72c57afe04 100644 --- a/bin/dnssec/dnssec-keyfromlabel.html +++ b/bin/dnssec/dnssec-keyfromlabel.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.2 2011-02-28 02:37:42 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543494"></a><h2>DESCRIPTION</h2> +<a name="id2543495"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keyfromlabel</strong></span> gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 @@ -44,7 +44,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543512"></a><h2>OPTIONS</h2> +<a name="id2543513"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -163,7 +163,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543876"></a><h2>TIMING OPTIONS</h2> +<a name="id2543877"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -210,7 +210,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544042"></a><h2>GENERATED KEY FILES</h2> +<a name="id2544043"></a><h2>GENERATED KEY FILES</h2> <p> When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes successfully, @@ -249,7 +249,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544115"></a><h2>SEE ALSO</h2> +<a name="id2544116"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -257,7 +257,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544148"></a><h2>AUTHOR</h2> +<a name="id2544149"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8 index ea4690eb71a17..690abf9325c04 100644 --- a/bin/dnssec/dnssec-keygen.8 +++ b/bin/dnssec/dnssec-keygen.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-keygen.8,v 1.55 2010-12-24 01:14:19 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 9a93ee3c9418f..cc1d9b11fa9f7 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-keygen.c,v 1.115.14.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: dnssec-keygen.c,v 1.115.14.4 2011/11/30 00:51:38 marka Exp $ */ /*! \file */ @@ -197,7 +197,8 @@ progress(int p) int main(int argc, char **argv) { - char *algname = NULL, *nametype = NULL, *type = NULL; + char *algname = NULL, *freeit = NULL; + char *nametype = NULL, *type = NULL; char *classname = NULL; char *endp; dst_key_t *key = NULL; @@ -509,6 +510,9 @@ main(int argc, char **argv) { algname = strdup(DEFAULT_NSEC3_ALGORITHM); else algname = strdup(DEFAULT_ALGORITHM); + if (algname == NULL) + fatal("strdup failed"); + freeit = algname; if (verbose > 0) fprintf(stderr, "no algorithm specified; " "defaulting to %s\n", algname); @@ -965,8 +969,7 @@ main(int argc, char **argv) { * if there is a risk of ID collision due to this key * or another key being revoked. */ - if (key_collision(dst_key_id(key), name, directory, - alg, mctx, NULL)) { + if (key_collision(key, name, directory, mctx, NULL)) { conflict = ISC_TRUE; if (null_key) { dst_key_free(&key); @@ -1020,5 +1023,8 @@ main(int argc, char **argv) { isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); + if (freeit != NULL) + free(freeit); + return (0); } diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index dc140ebfe3868..f0cf7f5f08153 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.docbook,v 1.36 2010-12-23 04:07:59 marka Exp $ --> +<!-- $Id: dnssec-keygen.docbook,v 1.36 2010/12/23 04:07:59 marka Exp $ --> <refentry id="man.dnssec-keygen"> <refentryinfo> <date>June 30, 2000</date> diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html index 2f3a69b9a2fd5..4bf1f6b4a0948 100644 --- a/bin/dnssec/dnssec-keygen.html +++ b/bin/dnssec/dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-keygen.html,v 1.47 2010-12-24 01:14:20 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543578"></a><h2>DESCRIPTION</h2> +<a name="id2543579"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with @@ -46,7 +46,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>OPTIONS</h2> +<a name="id2543597"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -248,7 +248,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544301"></a><h2>TIMING OPTIONS</h2> +<a name="id2544166"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -319,7 +319,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544491"></a><h2>GENERATED KEYS</h2> +<a name="id2544356"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, @@ -365,7 +365,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544642"></a><h2>EXAMPLE</h2> +<a name="id2544506"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -386,7 +386,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544685"></a><h2>SEE ALSO</h2> +<a name="id2544550"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2539</em>, @@ -395,7 +395,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544716"></a><h2>AUTHOR</h2> +<a name="id2544581"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8 index d57b6aa09de2a..2af719e249df7 100644 --- a/bin/dnssec/dnssec-revoke.8 +++ b/bin/dnssec/dnssec-revoke.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-revoke.8,v 1.9 2010-05-19 01:14:14 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l @@ -32,7 +32,7 @@ dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key .SH "SYNOPSIS" .HP 14 -\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] {keyfile} +\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile} .SH "DESCRIPTION" .PP \fBdnssec\-revoke\fR @@ -70,6 +70,11 @@ Force overwrite: Causes \fBdnssec\-revoke\fR to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key. .RE +.PP +\-R +.RS 4 +Print the key tag of the key with the REVOKE bit set but do not revoke the key. +.RE .SH "SEE ALSO" .PP \fBdnssec\-keygen\fR(8), @@ -79,5 +84,5 @@ RFC 5011. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/dnssec/dnssec-revoke.c b/bin/dnssec/dnssec-revoke.c index 90e905c4d0b0e..8346f1c911820 100644 --- a/bin/dnssec/dnssec-revoke.c +++ b/bin/dnssec/dnssec-revoke.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-revoke.c,v 1.22 2010-05-06 23:50:56 tbox Exp $ */ +/* $Id: dnssec-revoke.c,v 1.22.124.2 2011/10/20 23:46:27 tbox Exp $ */ /*! \file */ @@ -92,6 +92,7 @@ main(int argc, char **argv) { isc_buffer_t buf; isc_boolean_t force = ISC_FALSE; isc_boolean_t remove = ISC_FALSE; + isc_boolean_t id = ISC_FALSE; if (argc == 1) usage(); @@ -104,7 +105,7 @@ main(int argc, char **argv) { isc_commandline_errprint = ISC_FALSE; - while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) { + while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:")) != -1) { switch (ch) { case 'E': engine = isc_commandline_argument; @@ -126,6 +127,9 @@ main(int argc, char **argv) { case 'r': remove = ISC_TRUE; break; + case 'R': + id = ISC_TRUE; + break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') @@ -186,6 +190,10 @@ main(int argc, char **argv) { fatal("Invalid keyfile name %s: %s", filename, isc_result_totext(result)); + if (id) { + fprintf(stdout, "%u\n", dst_key_rid(key)); + goto cleanup; + } dst_key_format(key, keystr, sizeof(keystr)); if (verbose > 2) diff --git a/bin/dnssec/dnssec-revoke.docbook b/bin/dnssec/dnssec-revoke.docbook index b7b562021308d..99518bb2f2fab 100644 --- a/bin/dnssec/dnssec-revoke.docbook +++ b/bin/dnssec/dnssec-revoke.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-revoke.docbook,v 1.7 2009-11-03 21:44:46 each Exp $ --> +<!-- $Id: dnssec-revoke.docbook,v 1.7.266.2 2011/10/20 23:46:27 tbox Exp $ --> <refentry id="man.dnssec-revoke"> <refentryinfo> <date>June 1, 2009</date> @@ -37,6 +37,7 @@ <docinfo> <copyright> <year>2009</year> + <year>2011</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> @@ -49,6 +50,7 @@ <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg> <arg><option>-f</option></arg> + <arg><option>-R</option></arg> <arg choice="req">keyfile</arg> </cmdsynopsis> </refsynopsisdiv> @@ -123,6 +125,16 @@ </para> </listitem> </varlistentry> + + <varlistentry> + <term>-R</term> + <listitem> + <para> + Print the key tag of the key with the REVOKE bit set but do + not revoke the key. + </para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html index fad9ac520196a..b3b71b961cf42 100644 --- a/bin/dnssec/dnssec-revoke.html +++ b/bin/dnssec/dnssec-revoke.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-revoke.html,v 1.9 2010-05-19 01:14:14 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -28,10 +28,10 @@ </div> <div class="refsynopsisdiv"> <h2>Synopsis</h2> -<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] {keyfile}</p></div> +<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543373"></a><h2>DESCRIPTION</h2> +<a name="id2543382"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-revoke</strong></span> reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the @@ -39,7 +39,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543385"></a><h2>OPTIONS</h2> +<a name="id2543394"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-h</span></dt> <dd><p> @@ -69,17 +69,22 @@ write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key. </p></dd> +<dt><span class="term">-R</span></dt> +<dd><p> + Print the key tag of the key with the REVOKE bit set but do + not revoke the key. + </p></dd> </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543491"></a><h2>SEE ALSO</h2> +<a name="id2543512"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 5011</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543515"></a><h2>AUTHOR</h2> +<a name="id2543537"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8 index cbe4092e52a14..8a5e2e7890052 100644 --- a/bin/dnssec/dnssec-settime.8 +++ b/bin/dnssec/dnssec-settime.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-settime.8,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l @@ -52,7 +52,7 @@ simply prints the key timing metadata already stored in the key. .PP When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR and -\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. +\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. The private file's permissions are always set to be inaccessible to anyone other than the owner (mode 0600). .SH "OPTIONS" .PP \-f diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c index a1258ef30cdae..7a814904a99a9 100644 --- a/bin/dnssec/dnssec-settime.c +++ b/bin/dnssec/dnssec-settime.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-settime.c,v 1.28.16.3 2011-06-02 20:24:11 each Exp $ */ +/* $Id: dnssec-settime.c,v 1.28.16.3 2011/06/02 20:24:11 each Exp $ */ /*! \file */ diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook index daf720ba9362e..3d89b651b4730 100644 --- a/bin/dnssec/dnssec-settime.docbook +++ b/bin/dnssec/dnssec-settime.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.docbook,v 1.11.70.2 2011-03-21 23:46:58 tbox Exp $ --> +<!-- $Id: dnssec-settime.docbook,v 1.11.70.3 2011/11/03 20:21:30 each Exp $ --> <refentry id="man.dnssec-settime"> <refentryinfo> <date>July 15, 2009</date> @@ -82,7 +82,8 @@ <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated. Metadata fields are stored in the private file. A human-readable description of the metadata is also placed in comments in the key - file. + file. The private file's permissions are always set to be + inaccessible to anyone other than the owner (mode 0600). </para> </refsect1> diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html index baca8f56ece5a..0ac82bcbd3daf 100644 --- a/bin/dnssec/dnssec-settime.html +++ b/bin/dnssec/dnssec-settime.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-settime.html,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543422"></a><h2>DESCRIPTION</h2> +<a name="id2543424"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-settime</strong></span> reads a DNSSEC private key file and sets the key timing metadata as specified by the <code class="option">-P</code>, <code class="option">-A</code>, @@ -52,11 +52,12 @@ <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated. Metadata fields are stored in the private file. A human-readable description of the metadata is also placed in comments in the key - file. + file. The private file's permissions are always set to be + inaccessible to anyone other than the owner (mode 0600). </p> </div> <div class="refsect1" lang="en"> -<a name="id2543470"></a><h2>OPTIONS</h2> +<a name="id2543472"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-f</span></dt> <dd><p> @@ -89,7 +90,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543562"></a><h2>TIMING OPTIONS</h2> +<a name="id2543563"></a><h2>TIMING OPTIONS</h2> <p> Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as @@ -168,7 +169,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543701"></a><h2>PRINTING OPTIONS</h2> +<a name="id2543770"></a><h2>PRINTING OPTIONS</h2> <p> <span><strong class="command">dnssec-settime</strong></span> can also be used to print the timing metadata associated with a key. @@ -194,7 +195,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543915"></a><h2>SEE ALSO</h2> +<a name="id2543848"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, @@ -202,7 +203,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543948"></a><h2>AUTHOR</h2> +<a name="id2543881"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8 index 9822883747b87..028068803cdb6 100644 --- a/bin/dnssec/dnssec-signzone.8 +++ b/bin/dnssec/dnssec-signzone.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: dnssec-signzone.8,v 1.59 2009-12-04 01:13:44 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c index fe02d2e6bcecd..953e2b086fc85 100644 --- a/bin/dnssec/dnssec-signzone.c +++ b/bin/dnssec/dnssec-signzone.c @@ -29,7 +29,7 @@ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssec-signzone.c,v 1.262.110.9 2011-07-19 23:47:12 tbox Exp $ */ +/* $Id: dnssec-signzone.c,v 1.262.110.9 2011/07/19 23:47:12 tbox Exp $ */ /*! \file */ diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook index 51a14968a9c32..128ebe96341bf 100644 --- a/bin/dnssec/dnssec-signzone.docbook +++ b/bin/dnssec/dnssec-signzone.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.docbook,v 1.44 2009-12-03 23:18:16 each Exp $ --> +<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ --> <refentry id="man.dnssec-signzone"> <refentryinfo> <date>June 05, 2009</date> diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html index 28e7158e6e7c3..82185c6477d58 100644 --- a/bin/dnssec/dnssec-signzone.html +++ b/bin/dnssec/dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: dnssec-signzone.html,v 1.45 2009-12-04 01:13:44 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543596"></a><h2>DESCRIPTION</h2> +<a name="id2543597"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -43,7 +43,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543611"></a><h2>OPTIONS</h2> +<a name="id2543612"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -379,7 +379,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544896"></a><h2>EXAMPLE</h2> +<a name="id2544965"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span> @@ -409,14 +409,14 @@ db.example.com.signed %</pre> </div> <div class="refsect1" lang="en"> -<a name="id2545019"></a><h2>SEE ALSO</h2> +<a name="id2545020"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 4033</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2545044"></a><h2>AUTHOR</h2> +<a name="id2545045"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c index da6b0b2a789e0..882b042f1b8ee 100644 --- a/bin/dnssec/dnssectool.c +++ b/bin/dnssec/dnssectool.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssectool.c,v 1.60 2010-01-19 23:48:56 tbox Exp $ */ +/* $Id: dnssectool.c,v 1.60.162.3 2011/10/21 03:56:32 marka Exp $ */ /*! \file */ @@ -406,19 +406,24 @@ set_keyversion(dst_key_t *key) { } isc_boolean_t -key_collision(isc_uint16_t id, dns_name_t *name, const char *dir, - dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact) +key_collision(dst_key_t *dstkey, dns_name_t *name, const char *dir, + isc_mem_t *mctx, isc_boolean_t *exact) { isc_result_t result; isc_boolean_t conflict = ISC_FALSE; dns_dnsseckeylist_t matchkeys; dns_dnsseckey_t *key = NULL; - isc_uint16_t oldid, diff; - isc_uint16_t bits = DNS_KEYFLAG_REVOKE; /* flag bits to look for */ + isc_uint16_t id, oldid; + isc_uint32_t rid, roldid; + dns_secalg_t alg; if (exact != NULL) *exact = ISC_FALSE; + id = dst_key_id(dstkey); + rid = dst_key_rid(dstkey); + alg = dst_key_alg(dstkey); + ISC_LIST_INIT(matchkeys); result = dns_dnssec_findmatchingkeys(name, dir, mctx, &matchkeys); if (result == ISC_R_NOTFOUND) @@ -430,10 +435,11 @@ key_collision(isc_uint16_t id, dns_name_t *name, const char *dir, goto next; oldid = dst_key_id(key->key); - diff = (oldid > id) ? (oldid - id) : (id - oldid); - if ((diff & ~bits) == 0) { + roldid = dst_key_rid(key->key); + + if (oldid == rid || roldid == id || id == oldid) { conflict = ISC_TRUE; - if (diff != 0) { + if (id != oldid) { if (verbose > 1) fprintf(stderr, "Key ID %d could " "collide with %d\n", @@ -461,4 +467,3 @@ key_collision(isc_uint16_t id, dns_name_t *name, const char *dir, return (conflict); } - diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h index b52bc135ea0e5..e6dfe51aeed30 100644 --- a/bin/dnssec/dnssectool.h +++ b/bin/dnssec/dnssectool.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2007-2010 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2007-2011 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001, 2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dnssectool.h,v 1.31 2010-01-19 23:48:56 tbox Exp $ */ +/* $Id: dnssectool.h,v 1.31.162.2 2011/10/20 23:46:27 tbox Exp $ */ #ifndef DNSSECTOOL_H #define DNSSECTOOL_H 1 @@ -78,6 +78,7 @@ void set_keyversion(dst_key_t *key); isc_boolean_t -key_collision(isc_uint16_t id, dns_name_t *name, const char *dir, - dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact); +key_collision(dst_key_t *key, dns_name_t *name, const char *dir, + isc_mem_t *mctx, isc_boolean_t *exact); + #endif /* DNSSEC_DNSSECTOOL_H */ diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in index 86400c47f0261..272cf960b336e 100644 --- a/bin/named/Makefile.in +++ b/bin/named/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.114.14.2 2011-03-10 23:47:25 tbox Exp $ +# $Id: Makefile.in,v 1.114.14.2 2011/03/10 23:47:25 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/bind.keys.h b/bin/named/bind.keys.h index 0177214159e71..61e3f700c6cf0 100644 --- a/bin/named/bind.keys.h +++ b/bin/named/bind.keys.h @@ -1,6 +1,6 @@ /* - * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp - * From bind.keys 1.7 2011-01-03 23:45:07 each Exp + * Generated by bindkeys.pl 1.7 2011/01/04 23:47:13 tbox Exp + * From bind.keys 1.7 2011/01/03 23:45:07 each Exp */ #define TRUSTED_KEYS "\ # The bind.keys file is used to override the built-in DNSSEC trust anchors\n\ diff --git a/bin/named/bind9.xsl b/bin/named/bind9.xsl index 5913c1cc20000..8063cc666a24a 100644 --- a/bin/named/bind9.xsl +++ b/bin/named/bind9.xsl @@ -15,7 +15,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: bind9.xsl,v 1.21 2009-01-27 23:47:54 tbox Exp $ --> +<!-- $Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp $ --> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" diff --git a/bin/named/bind9.xsl.h b/bin/named/bind9.xsl.h index b6f1f5491b95b..19a58ff17c7e4 100644 --- a/bin/named/bind9.xsl.h +++ b/bin/named/bind9.xsl.h @@ -1,6 +1,6 @@ /* - * Generated by convertxsl.pl 1.14 2008-07-17 23:43:26 jinmei Exp - * From bind9.xsl 1.21 2009-01-27 23:47:54 tbox Exp + * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp + * From bind9.xsl 1.21 2009/01/27 23:47:54 tbox Exp */ static char xslmsg[] = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" @@ -20,7 +20,7 @@ static char xslmsg[] = " - PERFORMANCE OF THIS SOFTWARE.\n" "-->\n" "\n" - "<!-- \045Id: bind9.xsl,v 1.21 2009-01-27 23:47:54 tbox Exp \045 -->\n" + "<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n" "\n" "<xsl:stylesheet version=\"1.0\"\n" " xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n" diff --git a/bin/named/builtin.c b/bin/named/builtin.c index d7730e7afed04..86afa5a0370a8 100644 --- a/bin/named/builtin.c +++ b/bin/named/builtin.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007, 2009-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.c,v 1.20 2011-01-07 23:47:07 tbox Exp $ */ +/* $Id: builtin.c,v 1.20.14.3 2012/01/11 20:19:40 ckb Exp $ */ /*! \file * \brief @@ -300,6 +300,7 @@ do_authors_lookup(dns_sdblookup_t *lookup) { const char **p; static const char *authors[] = { "Mark Andrews", + "Curtis Blackburn", "James Brister", "Ben Cottrell", "Michael Graff", @@ -308,6 +309,7 @@ do_authors_lookup(dns_sdblookup_t *lookup) { "Evan Hunt", "JINMEI Tatuya", "David Lawrence", + "Scott Mann", "Danny Mayer", "Damien Neil", "Matt Nelson", diff --git a/bin/named/client.c b/bin/named/client.c index 2115ac101bcf3..606cc2d4dad42 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.c,v 1.271.10.2 2011-07-28 04:30:54 marka Exp $ */ +/* $Id: client.c,v 1.271.10.4 2012/01/31 23:46:39 tbox Exp $ */ #include <config.h> @@ -934,6 +934,15 @@ ns_client_send(ns_client_t *client) { render_opts = 0; else render_opts = DNS_MESSAGERENDER_OMITDNSSEC; + + preferred_glue = 0; + if (client->view != NULL) { + if (client->view->preferred_glue == dns_rdatatype_a) + preferred_glue = DNS_MESSAGERENDER_PREFER_A; + else if (client->view->preferred_glue == dns_rdatatype_aaaa) + preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; + } + #ifdef ALLOW_FILTER_AAAA_ON_V4 /* * filter-aaaa-on-v4 yes or break-dnssec option to suppress @@ -942,17 +951,15 @@ ns_client_send(ns_client_t *client) { * that we have both AAAA and A records, * and that we either have no signatures that the client wants * or we are supposed to break DNSSEC. + * + * Override preferred glue if necessary. */ - if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0) + if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0) { render_opts |= DNS_MESSAGERENDER_FILTER_AAAA; -#endif - preferred_glue = 0; - if (client->view != NULL) { - if (client->view->preferred_glue == dns_rdatatype_a) + if (preferred_glue == DNS_MESSAGERENDER_PREFER_AAAA) preferred_glue = DNS_MESSAGERENDER_PREFER_A; - else if (client->view->preferred_glue == dns_rdatatype_aaaa) - preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA; } +#endif /* * XXXRTH The following doesn't deal with TCP buffer resizing. @@ -2109,6 +2116,9 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { client->recursionquota = NULL; client->interface = NULL; client->peeraddr_valid = ISC_FALSE; +#ifdef ALLOW_FILTER_AAAA_ON_V4 + client->filter_aaaa = dns_v4_aaaa_ok; +#endif ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, NS_EVENT_CLIENTCONTROL, client_start, client, client, NULL, NULL); diff --git a/bin/named/config.c b/bin/named/config.c index e34e5c4e63bfe..f5e93e42a6666 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.c,v 1.113.16.2 2011-02-28 01:19:58 tbox Exp $ */ +/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */ /*! \file */ diff --git a/bin/named/control.c b/bin/named/control.c index 3fc7bd3916f5a..ff084fc7d5a99 100644 --- a/bin/named/control.c +++ b/bin/named/control.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.c,v 1.41 2010-12-03 22:05:19 each Exp $ */ +/* $Id: control.c,v 1.41 2010/12/03 22:05:19 each Exp $ */ /*! \file */ diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index bd269e519b3e7..926c20543d55b 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: controlconf.c,v 1.60.544.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: controlconf.c,v 1.60.544.3 2011/12/22 08:10:09 marka Exp $ */ /*! \file */ @@ -373,17 +373,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) { if (result == ISC_R_SUCCESS) break; isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); - if (result == ISCCC_R_BADAUTH) { - /* - * For some reason, request is non-NULL when - * isccc_cc_fromwire returns ISCCC_R_BADAUTH. - */ - if (request != NULL) - isccc_sexpr_free(&request); - } else { - log_invalid(&conn->ccmsg, result); - goto cleanup; - } + log_invalid(&conn->ccmsg, result); + goto cleanup; } if (key == NULL) { @@ -1148,6 +1139,11 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp, if (result == ISC_R_SUCCESS) isc_socket_setname(listener->sock, "control", NULL); +#ifndef ISC_ALLOW_MAPPED + if (result == ISC_R_SUCCESS) + isc_socket_ipv6only(listener->sock, ISC_TRUE); +#endif + if (result == ISC_R_SUCCESS) result = isc_socket_bind(listener->sock, &listener->address, ISC_SOCKET_REUSEADDRESS); diff --git a/bin/named/convertxsl.pl b/bin/named/convertxsl.pl index a6a56686e2092..87550b3c1a581 100755 --- a/bin/named/convertxsl.pl +++ b/bin/named/convertxsl.pl @@ -14,12 +14,12 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: convertxsl.pl,v 1.14 2008-07-17 23:43:26 jinmei Exp $ +# $Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $ use strict; use warnings; -my $rev = '$Id: convertxsl.pl,v 1.14 2008-07-17 23:43:26 jinmei Exp $'; +my $rev = '$Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $'; $rev =~ s/\$//g; $rev =~ s/,v//g; $rev =~ s/Id: //; diff --git a/bin/named/include/dlz/dlz_dlopen_driver.h b/bin/named/include/dlz/dlz_dlopen_driver.h index fc51c49da7673..7af325a13b301 100644 --- a/bin/named/include/dlz/dlz_dlopen_driver.h +++ b/bin/named/include/dlz/dlz_dlopen_driver.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ +/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011/03/17 09:41:06 fdupont Exp $ */ #ifndef DLZ_DLOPEN_DRIVER_H #define DLZ_DLOPEN_DRIVER_H diff --git a/bin/named/include/named/builtin.h b/bin/named/include/named/builtin.h index ec1a5754e1ae3..a5185ba60f353 100644 --- a/bin/named/include/named/builtin.h +++ b/bin/named/include/named/builtin.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: builtin.h,v 1.6 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: builtin.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_BUILTIN_H #define NAMED_BUILTIN_H 1 diff --git a/bin/named/include/named/client.h b/bin/named/include/named/client.h index 33f124d94c14d..109d160b456b9 100644 --- a/bin/named/include/named/client.h +++ b/bin/named/include/named/client.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009, 2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: client.h,v 1.91 2009-10-26 23:14:53 each Exp $ */ +/* $Id: client.h,v 1.91.278.2 2012/01/31 23:46:39 tbox Exp $ */ #ifndef NAMED_CLIENT_H #define NAMED_CLIENT_H 1 @@ -141,6 +141,9 @@ struct ns_client { isc_netaddr_t destaddr; struct in6_pktinfo pktinfo; isc_event_t ctlevent; +#ifdef ALLOW_FILTER_AAAA_ON_V4 + dns_v4_aaaa_t filter_aaaa; +#endif /*% * Information about recent FORMERR response(s), for * FORMERR loop avoidance. This is separate for each diff --git a/bin/named/include/named/config.h b/bin/named/include/named/config.h index d1570b0e57041..c16c800fe1266 100644 --- a/bin/named/include/named/config.h +++ b/bin/named/include/named/config.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: config.h,v 1.16 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: config.h,v 1.16 2009/06/11 23:47:55 tbox Exp $ */ #ifndef NAMED_CONFIG_H #define NAMED_CONFIG_H 1 diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h index e699892ca4cee..24e59093b4d11 100644 --- a/bin/named/include/named/control.h +++ b/bin/named/include/named/control.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: control.h,v 1.31 2010-08-16 22:21:06 marka Exp $ */ +/* $Id: control.h,v 1.31 2010/08/16 22:21:06 marka Exp $ */ #ifndef NAMED_CONTROL_H #define NAMED_CONTROL_H 1 diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 7bea32d52b553..842931677b552 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.89.54.2 2011-06-17 23:47:10 tbox Exp $ */ +/* $Id: globals.h,v 1.89.54.2 2011/06/17 23:47:10 tbox Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 diff --git a/bin/named/include/named/interfacemgr.h b/bin/named/include/named/interfacemgr.h index 1b1e4638d9957..2724c393cdc58 100644 --- a/bin/named/include/named/interfacemgr.h +++ b/bin/named/include/named/interfacemgr.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.h,v 1.33 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_INTERFACEMGR_H #define NAMED_INTERFACEMGR_H 1 diff --git a/bin/named/include/named/listenlist.h b/bin/named/include/named/listenlist.h index e1c20024f545e..9e65d5df3a937 100644 --- a/bin/named/include/named/listenlist.h +++ b/bin/named/include/named/listenlist.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: listenlist.h,v 1.15 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: listenlist.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LISTENLIST_H #define NAMED_LISTENLIST_H 1 diff --git a/bin/named/include/named/log.h b/bin/named/include/named/log.h index 1ce680f31e027..032743acbfb21 100644 --- a/bin/named/include/named/log.h +++ b/bin/named/include/named/log.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.h,v 1.27 2009-01-07 23:47:46 tbox Exp $ */ +/* $Id: log.h,v 1.27 2009/01/07 23:47:46 tbox Exp $ */ #ifndef NAMED_LOG_H #define NAMED_LOG_H 1 diff --git a/bin/named/include/named/logconf.h b/bin/named/include/named/logconf.h index fc91c10db8152..03543452a9676 100644 --- a/bin/named/include/named/logconf.h +++ b/bin/named/include/named/logconf.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.h,v 1.17 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: logconf.h,v 1.17 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LOGCONF_H #define NAMED_LOGCONF_H 1 diff --git a/bin/named/include/named/lwaddr.h b/bin/named/include/named/lwaddr.h index 3818620614a51..962aa91cd853b 100644 --- a/bin/named/include/named/lwaddr.h +++ b/bin/named/include/named/lwaddr.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.h,v 1.8 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: lwaddr.h,v 1.8 2007/06/19 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/named/include/named/lwdclient.h b/bin/named/include/named/lwdclient.h index 5451b73675ab4..c345176a21271 100644 --- a/bin/named/include/named/lwdclient.h +++ b/bin/named/include/named/lwdclient.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdclient.h,v 1.20 2009-01-17 23:47:42 tbox Exp $ */ +/* $Id: lwdclient.h,v 1.20 2009/01/17 23:47:42 tbox Exp $ */ #ifndef NAMED_LWDCLIENT_H #define NAMED_LWDCLIENT_H 1 diff --git a/bin/named/include/named/lwresd.h b/bin/named/include/named/lwresd.h index 3a540fb84fd8e..565e58d7abf92 100644 --- a/bin/named/include/named/lwresd.h +++ b/bin/named/include/named/lwresd.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.h,v 1.19 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: lwresd.h,v 1.19 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LWRESD_H #define NAMED_LWRESD_H 1 diff --git a/bin/named/include/named/lwsearch.h b/bin/named/include/named/lwsearch.h index b9ced52dc0b27..c1b4f48f62c3a 100644 --- a/bin/named/include/named/lwsearch.h +++ b/bin/named/include/named/lwsearch.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwsearch.h,v 1.9 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: lwsearch.h,v 1.9 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_LWSEARCH_H #define NAMED_LWSEARCH_H 1 diff --git a/bin/named/include/named/main.h b/bin/named/include/named/main.h index 6116add55b853..44251fa825c69 100644 --- a/bin/named/include/named/main.h +++ b/bin/named/include/named/main.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.h,v 1.17 2009-09-29 23:48:03 tbox Exp $ */ +/* $Id: main.h,v 1.17 2009/09/29 23:48:03 tbox Exp $ */ #ifndef NAMED_MAIN_H #define NAMED_MAIN_H 1 diff --git a/bin/named/include/named/notify.h b/bin/named/include/named/notify.h index 34fabcd0620c4..4e0a57e519c81 100644 --- a/bin/named/include/named/notify.h +++ b/bin/named/include/named/notify.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: notify.h,v 1.16 2009-01-17 23:47:42 tbox Exp $ */ +/* $Id: notify.h,v 1.16 2009/01/17 23:47:42 tbox Exp $ */ #ifndef NAMED_NOTIFY_H #define NAMED_NOTIFY_H 1 diff --git a/bin/named/include/named/ns_smf_globals.h b/bin/named/include/named/ns_smf_globals.h index 5c6b9170f6269..3a35743577581 100644 --- a/bin/named/include/named/ns_smf_globals.h +++ b/bin/named/include/named/ns_smf_globals.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ns_smf_globals.h,v 1.7 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: ns_smf_globals.h,v 1.7 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_SMF_GLOBALS_H #define NS_SMF_GLOBALS_H 1 diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index 37f771bd5960d..6dfe96bc9d4db 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.45 2011-01-13 04:59:24 tbox Exp $ */ +/* $Id: query.h,v 1.45 2011/01/13 04:59:24 tbox Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h index 3c6426eecf61b..25aa641ad37ea 100644 --- a/bin/named/include/named/server.h +++ b/bin/named/include/named/server.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.h,v 1.110 2010-08-16 23:46:52 tbox Exp $ */ +/* $Id: server.h,v 1.110 2010/08/16 23:46:52 tbox Exp $ */ #ifndef NAMED_SERVER_H #define NAMED_SERVER_H 1 diff --git a/bin/named/include/named/sortlist.h b/bin/named/include/named/sortlist.h index 5f3b05b6ed8b2..b9f6076114419 100644 --- a/bin/named/include/named/sortlist.h +++ b/bin/named/include/named/sortlist.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.h,v 1.11 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: sortlist.h,v 1.11 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_SORTLIST_H #define NAMED_SORTLIST_H 1 diff --git a/bin/named/include/named/statschannel.h b/bin/named/include/named/statschannel.h index fff7cade4e1c9..0c36d8c706cea 100644 --- a/bin/named/include/named/statschannel.h +++ b/bin/named/include/named/statschannel.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: statschannel.h,v 1.3 2008-04-03 05:55:51 marka Exp $ */ +/* $Id: statschannel.h,v 1.3 2008/04/03 05:55:51 marka Exp $ */ #ifndef NAMED_STATSCHANNEL_H #define NAMED_STATSCHANNEL_H 1 diff --git a/bin/named/include/named/tkeyconf.h b/bin/named/include/named/tkeyconf.h index 89d050c4795b5..02bd71883a0f6 100644 --- a/bin/named/include/named/tkeyconf.h +++ b/bin/named/include/named/tkeyconf.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.h,v 1.16 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: tkeyconf.h,v 1.16 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NS_TKEYCONF_H #define NS_TKEYCONF_H 1 diff --git a/bin/named/include/named/tsigconf.h b/bin/named/include/named/tsigconf.h index 4a59ec2c0ff74..30bdf319d3189 100644 --- a/bin/named/include/named/tsigconf.h +++ b/bin/named/include/named/tsigconf.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.h,v 1.18 2009-06-11 23:47:55 tbox Exp $ */ +/* $Id: tsigconf.h,v 1.18 2009/06/11 23:47:55 tbox Exp $ */ #ifndef NS_TSIGCONF_H #define NS_TSIGCONF_H 1 diff --git a/bin/named/include/named/types.h b/bin/named/include/named/types.h index 96c4c012b71f4..7a7886e2b6344 100644 --- a/bin/named/include/named/types.h +++ b/bin/named/include/named/types.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: types.h,v 1.31 2009-01-09 23:47:45 tbox Exp $ */ +/* $Id: types.h,v 1.31 2009/01/09 23:47:45 tbox Exp $ */ #ifndef NAMED_TYPES_H #define NAMED_TYPES_H 1 diff --git a/bin/named/include/named/update.h b/bin/named/include/named/update.h index ffa55efb8d7b6..a34570c2f5b72 100644 --- a/bin/named/include/named/update.h +++ b/bin/named/include/named/update.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.h,v 1.13 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: update.h,v 1.13 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_UPDATE_H #define NAMED_UPDATE_H 1 diff --git a/bin/named/include/named/xfrout.h b/bin/named/include/named/xfrout.h index 4bea6f156a2f6..4bb79a31e9700 100644 --- a/bin/named/include/named/xfrout.h +++ b/bin/named/include/named/xfrout.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.h,v 1.12 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: xfrout.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */ #ifndef NAMED_XFROUT_H #define NAMED_XFROUT_H 1 diff --git a/bin/named/include/named/zoneconf.h b/bin/named/include/named/zoneconf.h index 65cf72f9f3ace..ebaad684ae7a9 100644 --- a/bin/named/include/named/zoneconf.h +++ b/bin/named/include/named/zoneconf.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.h,v 1.28 2010-12-20 23:47:20 tbox Exp $ */ +/* $Id: zoneconf.h,v 1.28 2010/12/20 23:47:20 tbox Exp $ */ #ifndef NS_ZONECONF_H #define NS_ZONECONF_H 1 diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 513fb2491094d..d194d2b877cf1 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: interfacemgr.c,v 1.95.426.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: interfacemgr.c,v 1.95.426.2 2011/03/12 04:59:14 tbox Exp $ */ /*! \file */ diff --git a/bin/named/listenlist.c b/bin/named/listenlist.c index b1aa4277569a1..513fe9c70b138 100644 --- a/bin/named/listenlist.c +++ b/bin/named/listenlist.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: listenlist.c,v 1.14 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: listenlist.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/named/log.c b/bin/named/log.c index 5d1c942074ca1..5d19dcb205c6e 100644 --- a/bin/named/log.c +++ b/bin/named/log.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: log.c,v 1.49 2009-01-07 01:46:40 jinmei Exp $ */ +/* $Id: log.c,v 1.49 2009/01/07 01:46:40 jinmei Exp $ */ /*! \file */ diff --git a/bin/named/logconf.c b/bin/named/logconf.c index 4fcb4e8dcaed9..5d17ab0e60163 100644 --- a/bin/named/logconf.c +++ b/bin/named/logconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: logconf.c,v 1.42.816.3 2011-03-05 23:52:06 tbox Exp $ */ +/* $Id: logconf.c,v 1.42.816.3 2011/03/05 23:52:06 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c index c7eeb78bc764d..ed7880ac26828 100644 --- a/bin/named/lwaddr.c +++ b/bin/named/lwaddr.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwaddr.c,v 1.10 2008-01-11 23:46:56 tbox Exp $ */ +/* $Id: lwaddr.c,v 1.10 2008/01/11 23:46:56 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwdclient.c b/bin/named/lwdclient.c index 63a2be262155b..a8431340024ce 100644 --- a/bin/named/lwdclient.c +++ b/bin/named/lwdclient.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdclient.c,v 1.22 2007-06-18 23:47:18 tbox Exp $ */ +/* $Id: lwdclient.c,v 1.22 2007/06/18 23:47:18 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwderror.c b/bin/named/lwderror.c index 9594dba543bc9..33f247a458516 100644 --- a/bin/named/lwderror.c +++ b/bin/named/lwderror.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwderror.c,v 1.12 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: lwderror.c,v 1.12 2007/06/19 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwdgabn.c b/bin/named/lwdgabn.c index 6a609c9acc4f3..c4b598beb13ac 100644 --- a/bin/named/lwdgabn.c +++ b/bin/named/lwdgabn.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgabn.c,v 1.24 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: lwdgabn.c,v 1.24 2009/09/02 23:48:01 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c index 64b05d6b9e866..dfc2ad6543997 100644 --- a/bin/named/lwdgnba.c +++ b/bin/named/lwdgnba.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgnba.c,v 1.22 2008-01-14 23:46:56 tbox Exp $ */ +/* $Id: lwdgnba.c,v 1.22 2008/01/14 23:46:56 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwdgrbn.c b/bin/named/lwdgrbn.c index 22b62c625c12b..5c858cbedacd4 100644 --- a/bin/named/lwdgrbn.c +++ b/bin/named/lwdgrbn.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdgrbn.c,v 1.22 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: lwdgrbn.c,v 1.22 2009/09/02 23:48:01 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c index eebe39d064f58..14d8e0c4cfbbc 100644 --- a/bin/named/lwdnoop.c +++ b/bin/named/lwdnoop.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwdnoop.c,v 1.13 2008-01-22 23:28:04 tbox Exp $ */ +/* $Id: lwdnoop.c,v 1.13 2008/01/22 23:28:04 tbox Exp $ */ /*! \file */ diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8 index 30dfbd55e7831..47a6b782b68ad 100644 --- a/bin/named/lwresd.8 +++ b/bin/named/lwresd.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: lwresd.8,v 1.31 2009-07-11 01:12:45 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c index ad3670960cb19..11198a4324f2c 100644 --- a/bin/named/lwresd.c +++ b/bin/named/lwresd.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwresd.c,v 1.60 2009-09-02 23:48:01 tbox Exp $ */ +/* $Id: lwresd.c,v 1.60 2009/09/02 23:48:01 tbox Exp $ */ /*! \file * \brief diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook index 934b5da21dcca..dddfe5e517848 100644 --- a/bin/named/lwresd.docbook +++ b/bin/named/lwresd.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.docbook,v 1.20 2009-01-20 23:47:56 tbox Exp $ --> +<!-- $Id: lwresd.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ --> <refentry> <refentryinfo> <date>June 30, 2000</date> diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html index 223b1c2c52501..5dc01be1dfb7d 100644 --- a/bin/named/lwresd.html +++ b/bin/named/lwresd.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: lwresd.html,v 1.27 2009-07-11 01:12:45 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -22,7 +22,7 @@ <meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> </head> <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> -<a name="id2476275"></a><div class="titlepage"></div> +<a name="id2476274"></a><div class="titlepage"></div> <div class="refnamediv"> <h2>Name</h2> <p><span class="application">lwresd</span> — lightweight resolver daemon</p> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543467"></a><h2>DESCRIPTION</h2> +<a name="id2543469"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">lwresd</strong></span> is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver @@ -67,7 +67,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543514"></a><h2>OPTIONS</h2> +<a name="id2543516"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -197,7 +197,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543931"></a><h2>FILES</h2> +<a name="id2543933"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt> <dd><p> @@ -210,14 +210,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543971"></a><h2>SEE ALSO</h2> +<a name="id2543973"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2544005"></a><h2>AUTHOR</h2> +<a name="id2544007"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/lwsearch.c b/bin/named/lwsearch.c index 8ad6779bf5106..6754c987bc2cd 100644 --- a/bin/named/lwsearch.c +++ b/bin/named/lwsearch.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: lwsearch.c,v 1.13 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: lwsearch.c,v 1.13 2007/06/19 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/named/main.c b/bin/named/main.c index d226113601204..30c6ef9cac569 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.180.14.3 2011-03-11 06:47:00 marka Exp $ */ +/* $Id: main.c,v 1.180.14.4 2011/11/05 00:45:52 each Exp $ */ /*! \file */ @@ -793,6 +793,25 @@ setup(void) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, ISC_LOG_NOTICE, "built with %s", ns_g_configargs); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "----------------------------------------------------"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "BIND 9 is maintained by Internet Systems Consortium,"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "Inc. (ISC), a non-profit 501(c)(3) public-benefit "); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "corporation. Support and training for BIND 9 are "); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "available at https://www.isc.org/support"); + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN, + ISC_LOG_NOTICE, + "----------------------------------------------------"); + dump_symboltable(); /* diff --git a/bin/named/named.8 b/bin/named/named.8 index 23805b04a935b..222ff426cabdb 100644 --- a/bin/named/named.8 +++ b/bin/named/named.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.8,v 1.41 2009-10-06 01:14:41 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5 index 9dc7002b09c9e..4356c192e6b6d 100644 --- a/bin/named/named.conf.5 +++ b/bin/named/named.conf.5 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named.conf.5,v 1.44.12.1 2011-02-03 12:29:12 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l @@ -254,8 +254,7 @@ options { disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; - dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; - dnssec\-lookaside ( \fIauto\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); + dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; @@ -424,7 +423,7 @@ view \fIstring\fR \fIoptional_class\fR { disable\-algorithms \fIstring\fR { \fIstring\fR; ... }; dnssec\-enable \fIboolean\fR; dnssec\-validation \fIboolean\fR; - dnssec\-lookaside \fIstring\fR trust\-anchor \fIstring\fR; + dnssec\-lookaside ( \fIauto\fR | \fIno\fR | \fIdomain\fR trust\-anchor \fIdomain\fR ); dnssec\-must\-be\-secure \fIstring\fR \fIboolean\fR; dnssec\-accept\-expired \fIboolean\fR; dns64\-server \fIstring\fR; diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook index 962eaaa0e2bd0..c6ee1db1ca493 100644 --- a/bin/named/named.conf.docbook +++ b/bin/named/named.conf.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.docbook,v 1.49.14.1 2011-02-03 05:50:05 marka Exp $ --> +<!-- $Id: named.conf.docbook,v 1.49.14.2 2011/11/07 00:31:47 marka Exp $ --> <refentry> <refentryinfo> <date>Aug 13, 2004</date> @@ -285,8 +285,7 @@ options { disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; - dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>; - dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); + dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; @@ -473,7 +472,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... }; dnssec-enable <replaceable>boolean</replaceable>; dnssec-validation <replaceable>boolean</replaceable>; - dnssec-lookaside <replaceable>string</replaceable> trust-anchor <replaceable>string</replaceable>; + dnssec-lookaside ( <replaceable>auto</replaceable> | <replaceable>no</replaceable> | <replaceable>domain</replaceable> trust-anchor <replaceable>domain</replaceable> ); dnssec-must-be-secure <replaceable>string</replaceable> <replaceable>boolean</replaceable>; dnssec-accept-expired <replaceable>boolean</replaceable>; diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html index f20e411f45b0f..71bd946695036 100644 --- a/bin/named/named.conf.html +++ b/bin/named/named.conf.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.conf.html,v 1.53.12.1 2011-02-03 12:29:12 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543352"></a><h2>DESCRIPTION</h2> +<a name="id2543353"></a><h2>DESCRIPTION</h2> <p><code class="filename">named.conf</code> is the configuration file for <span><strong class="command">named</strong></span>. Statements are enclosed @@ -50,14 +50,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543380"></a><h2>ACL</h2> +<a name="id2543381"></a><h2>ACL</h2> <div class="literallayout"><p><br> acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> <br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543396"></a><h2>KEY</h2> +<a name="id2543397"></a><h2>KEY</h2> <div class="literallayout"><p><br> key <em class="replaceable"><code>domain_name</code></em> {<br> algorithm <em class="replaceable"><code>string</code></em>;<br> @@ -66,7 +66,7 @@ key <em class="replaceable"><code>domain_name</code></em> {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543415"></a><h2>MASTERS</h2> +<a name="id2543416"></a><h2>MASTERS</h2> <div class="literallayout"><p><br> masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br> @@ -75,7 +75,7 @@ masters <em class="replaceable"><code>string</code></em> [<span class="optional" </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543461"></a><h2>SERVER</h2> +<a name="id2543462"></a><h2>SERVER</h2> <div class="literallayout"><p><br> server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br> bogus <em class="replaceable"><code>boolean</code></em>;<br> @@ -97,7 +97,7 @@ server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/pref </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543529"></a><h2>TRUSTED-KEYS</h2> +<a name="id2543530"></a><h2>TRUSTED-KEYS</h2> <div class="literallayout"><p><br> trusted-keys {<br> <em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -105,7 +105,7 @@ trusted-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543555"></a><h2>MANAGED-KEYS</h2> +<a name="id2543556"></a><h2>MANAGED-KEYS</h2> <div class="literallayout"><p><br> managed-keys {<br> <em class="replaceable"><code>domain_name</code></em> <code class="constant">initial-key</code> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br> @@ -113,7 +113,7 @@ managed-keys {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543584"></a><h2>CONTROLS</h2> +<a name="id2543585"></a><h2>CONTROLS</h2> <div class="literallayout"><p><br> controls {<br> inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br> @@ -125,7 +125,7 @@ controls {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543619"></a><h2>LOGGING</h2> +<a name="id2543620"></a><h2>LOGGING</h2> <div class="literallayout"><p><br> logging {<br> channel <em class="replaceable"><code>string</code></em> {<br> @@ -143,7 +143,7 @@ logging {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543657"></a><h2>LWRES</h2> +<a name="id2543658"></a><h2>LWRES</h2> <div class="literallayout"><p><br> lwres {<br> listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br> @@ -156,7 +156,7 @@ lwres {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543699"></a><h2>OPTIONS</h2> +<a name="id2543700"></a><h2>OPTIONS</h2> <div class="literallayout"><p><br> options {<br> avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br> @@ -251,8 +251,7 @@ options {<br> disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> - dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br> - dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> + dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> <br> @@ -361,7 +360,7 @@ options {<br> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2544577"></a><h2>VIEW</h2> +<a name="id2544574"></a><h2>VIEW</h2> <div class="literallayout"><p><br> view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br> @@ -438,7 +437,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br> dnssec-enable <em class="replaceable"><code>boolean</code></em>;<br> dnssec-validation <em class="replaceable"><code>boolean</code></em>;<br> - dnssec-lookaside <em class="replaceable"><code>string</code></em> trust-anchor <em class="replaceable"><code>string</code></em>;<br> + dnssec-lookaside ( <em class="replaceable"><code>auto</code></em> | <em class="replaceable"><code>no</code></em> | <em class="replaceable"><code>domain</code></em> trust-anchor <em class="replaceable"><code>domain</code></em> );<br> dnssec-must-be-secure <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>boolean</code></em>;<br> dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br> <br> @@ -524,7 +523,7 @@ view <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545280"></a><h2>ZONE</h2> +<a name="id2545284"></a><h2>ZONE</h2> <div class="literallayout"><p><br> zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br> type ( master | slave | stub | hint |<br> @@ -619,12 +618,12 @@ zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><c </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2545659"></a><h2>FILES</h2> +<a name="id2545664"></a><h2>FILES</h2> <p><code class="filename">/etc/named.conf</code> </p> </div> <div class="refsect1" lang="en"> -<a name="id2545671"></a><h2>SEE ALSO</h2> +<a name="id2545675"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, diff --git a/bin/named/named.docbook b/bin/named/named.docbook index 214f8ac6e9d79..c748911e24a10 100644 --- a/bin/named/named.docbook +++ b/bin/named/named.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.docbook,v 1.26 2009-10-05 17:30:49 fdupont Exp $ --> +<!-- $Id: named.docbook,v 1.26 2009/10/05 17:30:49 fdupont Exp $ --> <refentry id="man.named"> <refentryinfo> <date>May 21, 2009</date> diff --git a/bin/named/named.html b/bin/named/named.html index fa869c4c6d104..cf3cb2678f39f 100644 --- a/bin/named/named.html +++ b/bin/named/named.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named.html,v 1.33 2009-10-06 01:14:41 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543480"></a><h2>DESCRIPTION</h2> +<a name="id2543482"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">named</strong></span> is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more @@ -47,7 +47,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543505"></a><h2>OPTIONS</h2> +<a name="id2543507"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-4</span></dt> <dd><p> @@ -228,7 +228,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543962"></a><h2>SIGNALS</h2> +<a name="id2543964"></a><h2>SIGNALS</h2> <p> In routine operation, signals should not be used to control the nameserver; <span><strong class="command">rndc</strong></span> should be used @@ -249,7 +249,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544010"></a><h2>CONFIGURATION</h2> +<a name="id2544012"></a><h2>CONFIGURATION</h2> <p> The <span><strong class="command">named</strong></span> configuration file is too complex to describe in detail here. A complete description is provided @@ -266,7 +266,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544046"></a><h2>FILES</h2> +<a name="id2544049"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt> <dd><p> @@ -279,7 +279,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544086"></a><h2>SEE ALSO</h2> +<a name="id2544088"></a><h2>SEE ALSO</h2> <p><em class="citetitle">RFC 1033</em>, <em class="citetitle">RFC 1034</em>, <em class="citetitle">RFC 1035</em>, @@ -292,7 +292,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544293"></a><h2>AUTHOR</h2> +<a name="id2544295"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/named/notify.c b/bin/named/notify.c index da5a651b33cb4..de52b8c82bef5 100644 --- a/bin/named/notify.c +++ b/bin/named/notify.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: notify.c,v 1.37 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: notify.c,v 1.37 2007/06/19 23:46:59 tbox Exp $ */ #include <config.h> diff --git a/bin/named/query.c b/bin/named/query.c index 4945f474f73fc..6d2ee445b8bc3 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.353.8.11.4.1 2011-11-16 09:32:08 marka Exp $ */ +/* $Id: query.c,v 1.353.8.24 2012/02/07 01:14:39 marka Exp $ */ /*! \file */ @@ -830,57 +830,41 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype, } static void -rpz_log(ns_client_t *client) { - char namebuf1[DNS_NAME_FORMATSIZE]; - char namebuf2[DNS_NAME_FORMATSIZE]; - dns_rpz_st_t *st; - const char *pat; +rpz_log_rewrite(ns_client_t *client, const char *disabled, + dns_rpz_policy_t policy, dns_rpz_type_t type, + dns_name_t *rpz_qname) { + char qname_buf[DNS_NAME_FORMATSIZE]; + char rpz_qname_buf[DNS_NAME_FORMATSIZE]; - if (!ns_g_server->log_queries || - !isc_log_wouldlog(ns_g_lctx, DNS_RPZ_INFO_LEVEL)) + if (!isc_log_wouldlog(ns_g_lctx, DNS_RPZ_INFO_LEVEL)) return; - st = client->query.rpz_st; - dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1)); - dns_name_format(st->qname, namebuf2, sizeof(namebuf2)); + dns_name_format(client->query.qname, qname_buf, sizeof(qname_buf)); + dns_name_format(rpz_qname, rpz_qname_buf, sizeof(rpz_qname_buf)); - switch (st->m.policy) { - case DNS_RPZ_POLICY_NO_OP: - pat ="response policy %s rewrite %s NO-OP using %s"; - break; - case DNS_RPZ_POLICY_NXDOMAIN: - pat = "response policy %s rewrite %s to NXDOMAIN using %s"; - break; - case DNS_RPZ_POLICY_NODATA: - pat = "response policy %s rewrite %s to NODATA using %s"; - break; - case DNS_RPZ_POLICY_RECORD: - case DNS_RPZ_POLICY_CNAME: - pat = "response policy %s rewrite %s using %s"; - break; - default: - INSIST(0); - } - ns_client_log(client, NS_LOGCATEGORY_QUERIES, NS_LOGMODULE_QUERY, - DNS_RPZ_INFO_LEVEL, pat, dns_rpz_type2str(st->m.type), - namebuf1, namebuf2); + ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY, + DNS_RPZ_INFO_LEVEL, "%srpz %s %s rewrite %s via %s", + disabled, + dns_rpz_type2str(type), dns_rpz_policy2str(policy), + qname_buf, rpz_qname_buf); } static void -rpz_fail_log(ns_client_t *client, int level, dns_rpz_type_t rpz_type, - dns_name_t *name, const char *str, isc_result_t result) +rpz_log_fail(ns_client_t *client, int level, + dns_rpz_type_t rpz_type, dns_name_t *name, + const char *str, isc_result_t result) { char namebuf1[DNS_NAME_FORMATSIZE]; char namebuf2[DNS_NAME_FORMATSIZE]; - if (!ns_g_server->log_queries || !isc_log_wouldlog(ns_g_lctx, level)) + if (!isc_log_wouldlog(ns_g_lctx, level)) return; dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1)); dns_name_format(name, namebuf2, sizeof(namebuf2)); ns_client_log(client, NS_LOGCATEGORY_QUERY_EERRORS, NS_LOGMODULE_QUERY, level, - "response policy %s rewrite %s via %s %sfailed: %s", + "rpz %s rewrite %s via %s %sfailed: %s", dns_rpz_type2str(rpz_type), namebuf1, namebuf2, str, isc_result_totext(result)); } @@ -889,9 +873,8 @@ rpz_fail_log(ns_client_t *client, int level, dns_rpz_type_t rpz_type, * Get a policy rewrite zone database. */ static isc_result_t -rpz_getdb(ns_client_t *client, dns_rpz_type_t rpz_type, - dns_name_t *rpz_qname, dns_zone_t **zonep, - dns_db_t **dbp, dns_dbversion_t **versionp) +rpz_getdb(ns_client_t *client, dns_rpz_type_t rpz_type, dns_name_t *rpz_qname, + dns_zone_t **zonep, dns_db_t **dbp, dns_dbversion_t **versionp) { char namebuf1[DNS_NAME_FORMATSIZE]; char namebuf2[DNS_NAME_FORMATSIZE]; @@ -901,12 +884,11 @@ rpz_getdb(ns_client_t *client, dns_rpz_type_t rpz_type, result = query_getzonedb(client, rpz_qname, dns_rdatatype_any, DNS_GETDB_IGNOREACL, zonep, dbp, &rpz_version); if (result == ISC_R_SUCCESS) { - if (ns_g_server->log_queries && - isc_log_wouldlog(ns_g_lctx, DNS_RPZ_DEBUG_LEVEL2)) { + if (isc_log_wouldlog(ns_g_lctx, DNS_RPZ_DEBUG_LEVEL2)) { dns_name_format(client->query.qname, namebuf1, sizeof(namebuf1)); dns_name_format(rpz_qname, namebuf2, sizeof(namebuf2)); - ns_client_log(client, NS_LOGCATEGORY_QUERIES, + ns_client_log(client, DNS_LOGCATEGORY_RPZ, NS_LOGMODULE_QUERY, DNS_RPZ_DEBUG_LEVEL2, "try rpz %s rewrite %s via %s", dns_rpz_type2str(rpz_type), @@ -915,7 +897,7 @@ rpz_getdb(ns_client_t *client, dns_rpz_type_t rpz_type, *versionp = rpz_version; return (ISC_R_SUCCESS); } - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, rpz_type, rpz_qname, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, rpz_qname, "query_getzonedb() ", result); return (result); } @@ -1144,7 +1126,8 @@ query_isduplicate(ns_client_t *client, dns_name_t *name, if (name == mname) mname = NULL; - *mnamep = mname; + if (mnamep != NULL) + *mnamep = mname; CTRACE("query_isduplicate: false: done"); return (ISC_FALSE); @@ -1363,6 +1346,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } if (qtype == dns_rdatatype_a) { +#ifdef ALLOW_FILTER_AAAA_ON_V4 + isc_boolean_t have_a = ISC_FALSE; +#endif + /* * We now go looking for A and AAAA records, along with * their signatures. @@ -1385,6 +1372,8 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { if (sigrdataset == NULL) goto addname; } + if (query_isduplicate(client, fname, dns_rdatatype_a, NULL)) + goto aaaa_lookup; result = dns_db_findrdataset(db, node, version, dns_rdatatype_a, 0, client->now, rdataset, @@ -1399,6 +1388,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } if (result == ISC_R_SUCCESS) { mname = NULL; +#ifdef ALLOW_FILTER_AAAA_ON_V4 + have_a = ISC_TRUE; +#endif if (!query_isduplicate(client, fname, dns_rdatatype_a, &mname)) { if (mname != NULL) { @@ -1428,6 +1420,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { dns_rdataset_disassociate(sigrdataset); } } + aaaa_lookup: + if (query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL)) + goto addname; result = dns_db_findrdataset(db, node, version, dns_rdatatype_aaaa, 0, client->now, rdataset, @@ -1442,6 +1437,17 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } if (result == ISC_R_SUCCESS) { mname = NULL; + /* + * There's an A; check whether we're filtering AAAA + */ +#ifdef ALLOW_FILTER_AAAA_ON_V4 + if (have_a && + (client->filter_aaaa == dns_v4_aaaa_break_dnssec || + (client->filter_aaaa == dns_v4_aaaa_filter && + (!WANTDNSSEC(client) || sigrdataset == NULL || + !dns_rdataset_isassociated(sigrdataset))))) + goto addname; +#endif if (!query_isduplicate(client, fname, dns_rdatatype_aaaa, &mname)) { if (mname != NULL) { @@ -1593,7 +1599,13 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { dns_rdatatype_t type; dns_rdatasetadditional_t additionaltype; - if (qtype != dns_rdatatype_a) { + /* + * If we don't have an additional cache call query_addadditional. + */ + client = additionalctx->client; + REQUIRE(NS_CLIENT_VALID(client)); + + if (qtype != dns_rdatatype_a || client->view->acache == NULL) { /* * This function is optimized for "address" types. For other * types, use a generic routine. @@ -1607,8 +1619,6 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { * Initialization. */ rdataset_base = additionalctx->rdataset; - client = additionalctx->client; - REQUIRE(NS_CLIENT_VALID(client)); eresult = ISC_R_SUCCESS; fname = NULL; rdataset = NULL; @@ -1861,6 +1871,9 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { if (sigrdataset == NULL) goto cleanup; + if (additionaltype == dns_rdatasetadditional_fromcache && + query_isduplicate(client, fname, dns_rdatatype_a, NULL)) + goto aaaa_lookup; /* * Find A RRset with sig RRset. Even if we don't find a sig RRset * for a client using DNSSEC, we'll continue the process to make a @@ -1905,6 +1918,10 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { } } + aaaa_lookup: + if (additionaltype == dns_rdatasetadditional_fromcache && + query_isduplicate(client, fname, dns_rdatatype_aaaa, NULL)) + goto foundcache; /* Find AAAA RRset with sig RRset */ result = dns_db_findrdataset(db, node, version, dns_rdatatype_aaaa, 0, client->now, rdataset, sigrdataset); @@ -3350,8 +3367,9 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db, sigrdataset, fname, ISC_TRUE, cname); if (!dns_rdataset_isassociated(rdataset)) goto cleanup; - query_addrrset(client, &fname, &rdataset, &sigrdataset, - dbuf, DNS_SECTION_AUTHORITY); + if (!ispositive) + query_addrrset(client, &fname, &rdataset, &sigrdataset, + dbuf, DNS_SECTION_AUTHORITY); /* * Replace resources which were consumed by query_addrrset. @@ -3799,14 +3817,15 @@ rpz_st_clear(ns_client_t *client) { dns_rpz_st_t *st = client->query.rpz_st; rpz_clean(&st->m.zone, &st->m.db, &st->m.node, NULL); + st->m.version = NULL; if (st->m.rdataset != NULL) query_putrdataset(client, &st->m.rdataset); - rpz_clean(NULL, &st->ns.db, NULL, NULL); - if (st->ns.ns_rdataset != NULL) - query_putrdataset(client, &st->ns.ns_rdataset); - if (st->ns.r_rdataset != NULL) - query_putrdataset(client, &st->ns.r_rdataset); + rpz_clean(NULL, &st->r.db, NULL, NULL); + if (st->r.ns_rdataset != NULL) + query_putrdataset(client, &st->r.ns_rdataset); + if (st->r.r_rdataset != NULL) + query_putrdataset(client, &st->r.r_rdataset); rpz_clean(&st->q.zone, &st->q.db, &st->q.node, NULL); if (st->q.rdataset != NULL) @@ -3814,15 +3833,18 @@ rpz_st_clear(ns_client_t *client) { if (st->q.sigrdataset != NULL) query_putrdataset(client, &st->q.sigrdataset); st->state = 0; + st->m.type = DNS_RPZ_TYPE_BAD; + st->m.policy = DNS_RPZ_POLICY_MISS; } /* - * Get NS, A, or AAAA rrset for rpz nsdname or nsip checking. + * Get NS, A, or AAAA rrset for response policy zone checks. */ static isc_result_t -rpz_ns_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, - dns_db_t **dbp, dns_dbversion_t *version, - dns_rdataset_t **rdatasetp, isc_boolean_t resuming) +rpz_rrset_find(ns_client_t *client, dns_rpz_type_t rpz_type, + dns_name_t *name, dns_rdatatype_t type, + dns_db_t **dbp, dns_dbversion_t *version, + dns_rdataset_t **rdatasetp, isc_boolean_t resuming) { dns_rpz_st_t *st; isc_boolean_t is_zone; @@ -3833,22 +3855,22 @@ rpz_ns_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, st = client->query.rpz_st; if ((st->state & DNS_RPZ_RECURSING) != 0) { - INSIST(st->ns.r_type == type); + INSIST(st->r.r_type == type); INSIST(dns_name_equal(name, st->r_name)); INSIST(*rdatasetp == NULL || !dns_rdataset_isassociated(*rdatasetp)); st->state &= ~DNS_RPZ_RECURSING; - *dbp = st->ns.db; - st->ns.db = NULL; + *dbp = st->r.db; + st->r.db = NULL; if (*rdatasetp != NULL) query_putrdataset(client, rdatasetp); - *rdatasetp = st->ns.r_rdataset; - st->ns.r_rdataset = NULL; - result = st->ns.r_result; + *rdatasetp = st->r.r_rdataset; + st->r.r_rdataset = NULL; + result = st->r.r_result; if (result == DNS_R_DELEGATION) { - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, - DNS_RPZ_TYPE_NSIP, name, - "rpz_ns_find() ", result); + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, + rpz_type, name, + "rpz_rrset_find(1) ", result); st->m.policy = DNS_RPZ_POLICY_ERROR; result = DNS_R_SERVFAIL; } @@ -3870,9 +3892,9 @@ rpz_ns_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, result = query_getdb(client, name, type, 0, &zone, dbp, &version, &is_zone); if (result != ISC_R_SUCCESS) { - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, - DNS_RPZ_TYPE_NSIP, name, "NS getdb() ", - result); + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, + rpz_type, name, + "rpz_rrset_find(2) ", result); st->m.policy = DNS_RPZ_POLICY_ERROR; if (zone != NULL) dns_zone_detach(&zone); @@ -3885,8 +3907,8 @@ rpz_ns_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, node = NULL; dns_fixedname_init(&fixed); found = dns_fixedname_name(&fixed); - result = dns_db_find(*dbp, name, version, type, 0, client->now, &node, - found, *rdatasetp, NULL); + result = dns_db_find(*dbp, name, version, type, DNS_DBFIND_GLUEOK, + client->now, &node, found, *rdatasetp, NULL); if (result == DNS_R_DELEGATION && is_zone && USECACHE(client)) { /* * Try the cache if we're authoritative for an @@ -3901,16 +3923,21 @@ rpz_ns_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type, } rpz_clean(NULL, dbp, &node, NULL); if (result == DNS_R_DELEGATION) { + rpz_clean(NULL, NULL, NULL, rdatasetp); /* - * Recurse to get NS rrset or A or AAAA rrset for an NS name. + * Recurse for NS rrset or A or AAAA rrset for an NS. + * Do not recurse for addresses for the query name. */ - rpz_clean(NULL, NULL, NULL, rdatasetp); - dns_name_copy(name, st->r_name, NULL); - result = query_recurse(client, type, st->r_name, NULL, NULL, - resuming); - if (result == ISC_R_SUCCESS) { - st->state |= DNS_RPZ_RECURSING; - result = DNS_R_DELEGATION; + if (rpz_type == DNS_RPZ_TYPE_IP) { + result = DNS_R_NXRRSET; + } else { + dns_name_copy(name, st->r_name, NULL); + result = query_recurse(client, type, st->r_name, + NULL, NULL, resuming); + if (result == ISC_R_SUCCESS) { + st->state |= DNS_RPZ_RECURSING; + result = DNS_R_DELEGATION; + } } } return (result); @@ -3928,7 +3955,7 @@ rpz_rewrite_ip(ns_client_t *client, dns_rdataset_t *rdataset, dns_dbversion_t *version; dns_zone_t *zone; dns_db_t *db; - dns_rpz_zone_t *new_rpz; + dns_rpz_zone_t *rpz; isc_result_t result; st = client->query.rpz_st; @@ -3939,16 +3966,26 @@ rpz_rewrite_ip(ns_client_t *client, dns_rdataset_t *rdataset, } zone = NULL; db = NULL; - for (new_rpz = ISC_LIST_HEAD(client->view->rpz_zones); - new_rpz != NULL; - new_rpz = ISC_LIST_NEXT(new_rpz, link)) { - version = NULL; + for (rpz = ISC_LIST_HEAD(client->view->rpz_zones); + rpz != NULL; + rpz = ISC_LIST_NEXT(rpz, link)) { + /* + * Do not check policy zones that cannot replace a policy + * already known to match. + */ + if (st->m.policy != DNS_RPZ_POLICY_MISS) { + if (st->m.rpz->num < rpz->num) + break; + if (st->m.rpz->num == rpz->num && + st->m.type < rpz_type) + continue; + } /* - * Find the database for this policy zone to get its - * radix tree. + * Find the database for this policy zone to get its radix tree. */ - result = rpz_getdb(client, rpz_type, &new_rpz->origin, + version = NULL; + result = rpz_getdb(client, rpz_type, &rpz->origin, &zone, &db, &version); if (result != ISC_R_SUCCESS) { rpz_clean(&zone, &db, NULL, NULL); @@ -3960,26 +3997,31 @@ rpz_rewrite_ip(ns_client_t *client, dns_rdataset_t *rdataset, * hit, if any. Note the domain name and quality of the * best hit. */ - result = dns_db_rpz_findips(new_rpz, rpz_type, zone, db, - version, rdataset, st); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + (void)dns_db_rpz_findips(rpz, rpz_type, zone, db, version, + rdataset, st, + client->query.rpz_st->qname); rpz_clean(&zone, &db, NULL, NULL); } return (ISC_R_SUCCESS); } +/* + * Look for an A or AAAA rdataset + * and check for IP or NSIP rewrite policy rules. + */ static isc_result_t -rpz_rewrite_nsip(ns_client_t *client, dns_rdatatype_t type, dns_name_t *name, - dns_db_t **dbp, dns_dbversion_t *version, - dns_rdataset_t **rdatasetp, isc_boolean_t resuming) +rpz_rewrite_rrset(ns_client_t *client, dns_rpz_type_t rpz_type, + dns_rdatatype_t type, dns_name_t *name, + dns_db_t **dbp, dns_dbversion_t *version, + dns_rdataset_t **rdatasetp, isc_boolean_t resuming) { isc_result_t result; - result = rpz_ns_find(client, name, type, dbp, version, rdatasetp, - resuming); + result = rpz_rrset_find(client, rpz_type, name, type, dbp, version, + rdatasetp, resuming); switch (result) { case ISC_R_SUCCESS: - result = rpz_rewrite_ip(client, *rdatasetp, DNS_RPZ_TYPE_NSIP); + result = rpz_rewrite_ip(client, *rdatasetp, rpz_type); break; case DNS_R_EMPTYNAME: case DNS_R_EMPTYWILD: @@ -3987,17 +4029,24 @@ rpz_rewrite_nsip(ns_client_t *client, dns_rdatatype_t type, dns_name_t *name, case DNS_R_NCACHENXDOMAIN: case DNS_R_NXRRSET: case DNS_R_NCACHENXRRSET: + case ISC_R_NOTFOUND: result = ISC_R_SUCCESS; break; case DNS_R_DELEGATION: case DNS_R_DUPLICATE: case DNS_R_DROP: break; + case DNS_R_CNAME: + case DNS_R_DNAME: + rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, rpz_type, + name, "NS address rewrite rrset ", result); + result = ISC_R_SUCCESS; + break; default: if (client->query.rpz_st->m.policy != DNS_RPZ_POLICY_ERROR) { client->query.rpz_st->m.policy = DNS_RPZ_POLICY_ERROR; - rpz_fail_log(client, ISC_LOG_WARNING, DNS_RPZ_TYPE_NSIP, - name, "NS address rewrite nsip ", result); + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, + name, "NS address rewrite rrset ", result); } break; } @@ -4005,15 +4054,61 @@ rpz_rewrite_nsip(ns_client_t *client, dns_rdatatype_t type, dns_name_t *name, } /* + * Look for both A and AAAA rdatasets + * and check for IP or NSIP rewrite policy rules. + * Look only for addresses that will be in the ANSWER section + * when checking for IP rules. + */ +static isc_result_t +rpz_rewrite_rrsets(ns_client_t *client, dns_rpz_type_t rpz_type, + dns_name_t *name, dns_rdatatype_t type, + dns_rdataset_t **rdatasetp, isc_boolean_t resuming) +{ + dns_rpz_st_t *st; + dns_dbversion_t *version; + dns_db_t *ipdb; + isc_result_t result; + + st = client->query.rpz_st; + version = NULL; + ipdb = NULL; + if ((st->state & DNS_RPZ_DONE_IPv4) == 0 && + ((rpz_type == DNS_RPZ_TYPE_NSIP) ? + (st->state & DNS_RPZ_HAVE_NSIPv4) : + (st->state & DNS_RPZ_HAVE_IP)) != 0 && + (type == dns_rdatatype_any || type == dns_rdatatype_a)) { + result = rpz_rewrite_rrset(client, rpz_type, dns_rdatatype_a, + name, &ipdb, version, rdatasetp, + resuming); + if (result == ISC_R_SUCCESS) + st->state |= DNS_RPZ_DONE_IPv4; + } else { + result = ISC_R_SUCCESS; + } + if (result == ISC_R_SUCCESS && + ((rpz_type == DNS_RPZ_TYPE_NSIP) ? + (st->state & DNS_RPZ_HAVE_NSIPv6) : + (st->state & DNS_RPZ_HAVE_IP)) != 0 && + (type == dns_rdatatype_any || type == dns_rdatatype_aaaa)) { + result = rpz_rewrite_rrset(client, rpz_type, dns_rdatatype_aaaa, + name, &ipdb, version, rdatasetp, + resuming); + } + if (ipdb != NULL) + dns_db_detach(&ipdb); + return (result); +} + +/* * Get the rrset from a response policy zone. */ static isc_result_t rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_name_t *sname, dns_rpz_type_t rpz_type, dns_zone_t **zonep, - dns_db_t **dbp, dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp, + dns_db_t **dbp, dns_dbversion_t **versionp, + dns_dbnode_t **nodep, dns_rdataset_t **rdatasetp, dns_rpz_policy_t *policyp) { - dns_dbversion_t *version; dns_rpz_policy_t policy; dns_fixedname_t fixed; dns_name_t *found; @@ -4029,8 +4124,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, * Try to get either a CNAME or the type of record demanded by the * request from the policy zone. */ - version = NULL; - result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, &version); + *versionp = NULL; + result = rpz_getdb(client, rpz_type, qnamef, zonep, dbp, versionp); if (result != ISC_R_SUCCESS) { *policyp = DNS_RPZ_POLICY_MISS; return (DNS_R_NXDOMAIN); @@ -4038,17 +4133,17 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_fixedname_init(&fixed); found = dns_fixedname_name(&fixed); - result = dns_db_find(*dbp, qnamef, version, dns_rdatatype_any, 0, + result = dns_db_find(*dbp, qnamef, *versionp, dns_rdatatype_any, 0, client->now, nodep, found, *rdatasetp, NULL); if (result == ISC_R_SUCCESS) { dns_rdatasetiter_t *rdsiter; rdsiter = NULL; - result = dns_db_allrdatasets(*dbp, *nodep, version, 0, + result = dns_db_allrdatasets(*dbp, *nodep, *versionp, 0, &rdsiter); if (result != ISC_R_SUCCESS) { dns_db_detachnode(*dbp, nodep); - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, rpz_type, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef, "allrdatasets()", result); *policyp = DNS_RPZ_POLICY_ERROR; return (DNS_R_SERVFAIL); @@ -4065,7 +4160,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, dns_rdatasetiter_destroy(&rdsiter); if (result != ISC_R_SUCCESS) { if (result != ISC_R_NOMORE) { - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef, "rdatasetiter", result); *policyp = DNS_RPZ_POLICY_ERROR; @@ -4083,7 +4178,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, qtype == dns_rdatatype_sig) result = DNS_R_NXRRSET; else - result = dns_db_find(*dbp, qnamef, version, + result = dns_db_find(*dbp, qnamef, *versionp, qtype, 0, client->now, nodep, found, *rdatasetp, NULL); @@ -4095,7 +4190,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, policy = DNS_RPZ_POLICY_RECORD; } else { policy = dns_rpz_decode_cname(*rdatasetp, sname); - if (policy == DNS_RPZ_POLICY_RECORD && + if ((policy == DNS_RPZ_POLICY_RECORD || + policy == DNS_RPZ_POLICY_WILDCNAME) && qtype != dns_rdatatype_cname && qtype != dns_rdatatype_any) result = DNS_R_CNAME; @@ -4106,8 +4202,8 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, * DNAME policy RRs have very few if any uses that are not * better served with simple wildcards. Making the work would * require complications to get the number of labels matched - * in the name or the found name itself to the main DNS_R_DNAME - * case in query_find(). So fall through to treat them as NODATA. + * in the name or the found name to the main DNS_R_DNAME case + * in query_find(). So fall through to treat them as NODATA. */ case DNS_R_NXRRSET: policy = DNS_RPZ_POLICY_NODATA; @@ -4126,7 +4222,7 @@ rpz_find(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qnamef, default: dns_db_detach(dbp); dns_zone_detach(zonep); - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, qnamef, "", result); policy = DNS_RPZ_POLICY_ERROR; result = DNS_R_SERVFAIL; @@ -4150,6 +4246,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, dns_name_t *prefix, *suffix, *rpz_qname; dns_zone_t *zone; dns_db_t *db; + dns_dbversion_t *version; dns_dbnode_t *node; dns_rpz_policy_t policy; unsigned int labels; @@ -4164,7 +4261,18 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, rpz != NULL; rpz = ISC_LIST_NEXT(rpz, link)) { /* - * Construct the rule's owner name. + * Do not check policy zones that cannot replace a policy + * already known to match. + */ + if (st->m.policy != DNS_RPZ_POLICY_MISS) { + if (st->m.rpz->num < rpz->num) + break; + if (st->m.rpz->num == rpz->num && + st->m.type < rpz_type) + continue; + } + /* + * Construct the policy's owner name. */ dns_fixedname_init(&prefixf); prefix = dns_fixedname_name(&prefixf); @@ -4183,13 +4291,13 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, INSIST(result == DNS_R_NAMETOOLONG); labels = dns_name_countlabels(prefix); if (labels < 2) { - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, rpz_type, suffix, "concatentate() ", result); return (ISC_R_SUCCESS); } if (labels+1 == dns_name_countlabels(qname)) { - rpz_fail_log(client, DNS_RPZ_DEBUG_LEVEL1, + rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, rpz_type, suffix, "concatentate() ", result); } @@ -4197,10 +4305,11 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, } /* - * See if the qname rule (or RR) exists. + * See if the policy record exists. */ result = rpz_find(client, qtype, rpz_qname, qname, rpz_type, - &zone, &db, &node, rdatasetp, &policy); + &zone, &db, &version, &node, rdatasetp, + &policy); switch (result) { case DNS_R_NXDOMAIN: case DNS_R_EMPTYNAME: @@ -4211,14 +4320,31 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, return (DNS_R_SERVFAIL); default: /* - * when more than one name or address hits a rule, - * prefer the first set of names (qname or NS), - * the first policy zone, and the smallest name + * We are dealing with names here. + * With more than one applicable policy, prefer + * the earliest configured policy, + * QNAME over IP over NSDNAME over NSIP, + * and the smallest name. + * Because of the testing above, + * we known st->m.rpz->num >= rpz->num and either + * st->m.rpz->num > rpz->num or st->m.type >= rpz_type + */ + if (st->m.policy != DNS_RPZ_POLICY_MISS && + rpz->num == st->m.rpz->num && + (st->m.type < rpz_type || + (st->m.type == rpz_type && + 0 >= dns_name_compare(rpz_qname, st->qname)))) + continue; + + /* + * Merely log DNS_RPZ_POLICY_DISABLED hits. */ - if (st->m.type == rpz_type && - rpz->num > st->m.rpz->num && - 0 <= dns_name_compare(rpz_qname, st->qname)) + if (rpz->policy == DNS_RPZ_POLICY_DISABLED) { + rpz_log_rewrite(client, "disabled ", + policy, rpz_type, rpz_qname); continue; + } + rpz_clean(&st->m.zone, &st->m.db, &st->m.node, &st->m.rdataset); st->m.rpz = rpz; @@ -4227,7 +4353,8 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, st->m.policy = policy; st->m.result = result; dns_name_copy(rpz_qname, st->qname, NULL); - if (dns_rdataset_isassociated(*rdatasetp)) { + if (*rdatasetp != NULL && + dns_rdataset_isassociated(*rdatasetp)) { dns_rdataset_t *trdataset; trdataset = st->m.rdataset; @@ -4241,6 +4368,7 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, node = NULL; st->m.db = db; db = NULL; + st->m.version = version; st->m.zone = zone; zone = NULL; } @@ -4250,24 +4378,38 @@ rpz_rewrite_name(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qname, return (ISC_R_SUCCESS); } +static void +rpz_rewrite_ns_skip(ns_client_t *client, dns_name_t *nsname, + isc_result_t result, int level, const char *str) +{ + dns_rpz_st_t *st; + + st = client->query.rpz_st; + + if (str != NULL) + rpz_log_fail(client, level, DNS_RPZ_TYPE_NSIP, nsname, + str, result); + if (st->r.ns_rdataset != NULL && + dns_rdataset_isassociated(st->r.ns_rdataset)) + dns_rdataset_disassociate(st->r.ns_rdataset); + + st->r.label--; +} + /* - * Look for response policy zone NSIP and NSDNAME rewriting. + * Look for response policy zone QNAME, NSIP, and NSDNAME rewriting. */ static isc_result_t -rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, +rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, isc_result_t qresult, isc_boolean_t resuming) { dns_rpz_st_t *st; - dns_db_t *ipdb; dns_rdataset_t *rdataset; dns_fixedname_t nsnamef; dns_name_t *nsname; - dns_dbversion_t *version; + isc_boolean_t ck_ip; isc_result_t result; - ipdb = NULL; - rdataset = NULL; - st = client->query.rpz_st; if (st == NULL) { st = isc_mem_get(client->mctx, sizeof(*st)); @@ -4275,7 +4417,9 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, return (ISC_R_NOMEMORY); st->state = 0; memset(&st->m, 0, sizeof(st->m)); - memset(&st->ns, 0, sizeof(st->ns)); + st->m.type = DNS_RPZ_TYPE_BAD; + st->m.policy = DNS_RPZ_POLICY_MISS; + memset(&st->r, 0, sizeof(st->r)); memset(&st->q, 0, sizeof(st->q)); dns_fixedname_init(&st->_qnamef); dns_fixedname_init(&st->_r_namef); @@ -4285,78 +4429,147 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, st->fname = dns_fixedname_name(&st->_fnamef); client->query.rpz_st = st; } - if ((st->state & DNS_RPZ_DONE_QNAME) == 0) { - st->state = DNS_RPZ_DONE_QNAME; - st->m.type = DNS_RPZ_TYPE_BAD; - st->m.policy = DNS_RPZ_POLICY_MISS; + /* + * There is nothing to rewrite if the main query failed. + */ + switch (qresult) { + case ISC_R_SUCCESS: + case DNS_R_GLUE: + case DNS_R_ZONECUT: + ck_ip = ISC_TRUE; + break; + case DNS_R_EMPTYNAME: + case DNS_R_NXRRSET: + case DNS_R_NXDOMAIN: + case DNS_R_EMPTYWILD: + case DNS_R_NCACHENXDOMAIN: + case DNS_R_NCACHENXRRSET: + case DNS_R_CNAME: + case DNS_R_DNAME: + ck_ip = ISC_FALSE; + break; + case DNS_R_DELEGATION: + case ISC_R_NOTFOUND: + return (ISC_R_SUCCESS); + case ISC_R_FAILURE: + case ISC_R_TIMEDOUT: + case DNS_R_BROKENCHAIN: + rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL3, DNS_RPZ_TYPE_QNAME, + client->query.qname, + "stop on qresult in rpz_rewrite()", + qresult); + return (ISC_R_SUCCESS); + default: + rpz_log_fail(client, DNS_RPZ_DEBUG_LEVEL1, DNS_RPZ_TYPE_QNAME, + client->query.qname, + "stop on unrecognized qresult in rpz_rewrite()", + qresult); + return (ISC_R_SUCCESS); + } + + rdataset = NULL; + if ((st->state & DNS_RPZ_DONE_QNAME) == 0) { /* - * Check rules for the name if this it the first time, - * i.e. we've not been recursing. + * Check rules for the query name if this it the first time + * for the current qname, i.e. we've not been recursing. + * There is a first time for each name in a CNAME chain. */ - st->state &= ~(DNS_RPZ_HAVE_IP | DNS_RPZ_HAVE_NSIPv4 | - DNS_RPZ_HAVE_NSIPv6 | DNS_RPZ_HAD_NSDNAME); result = rpz_rewrite_name(client, qtype, client->query.qname, DNS_RPZ_TYPE_QNAME, &rdataset); if (result != ISC_R_SUCCESS) goto cleanup; - if (st->m.policy != DNS_RPZ_POLICY_MISS) - goto cleanup; - if ((st->state & (DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 | - DNS_RPZ_HAD_NSDNAME)) == 0) + + st->r.label = dns_name_countlabels(client->query.qname); + + st->state &= ~(DNS_RPZ_DONE_QNAME_IP | DNS_RPZ_DONE_IPv4); + st->state |= DNS_RPZ_DONE_QNAME; + } + + /* + * Check known IP addresses for the query name. + * Any recursion required for the query has already happened. + * Do not check addresses that will not be in the ANSWER section. + */ + if ((st->state & DNS_RPZ_DONE_QNAME_IP) == 0 && + (st->state & DNS_RPZ_HAVE_IP) != 0 && ck_ip) { + result = rpz_rewrite_rrsets(client, DNS_RPZ_TYPE_IP, + client->query.qname, qtype, + &rdataset, resuming); + if (result != ISC_R_SUCCESS) goto cleanup; - st->ns.label = dns_name_countlabels(client->query.qname); + st->state &= ~DNS_RPZ_DONE_IPv4; + st->state |= DNS_RPZ_DONE_QNAME_IP; + } + + /* + * Stop looking for rules if there are none of the other kinds. + */ + if ((st->state & (DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 | + DNS_RPZ_HAVE_NSDNAME)) == 0) { + result = ISC_R_SUCCESS; + goto cleanup; } dns_fixedname_init(&nsnamef); dns_name_clone(client->query.qname, dns_fixedname_name(&nsnamef)); - while (st->ns.label > 1 && st->m.policy == DNS_RPZ_POLICY_MISS) { - if (st->ns.label == dns_name_countlabels(client->query.qname)) { + while (st->r.label > 1) { + /* + * Get NS rrset for each domain in the current qname. + */ + if (st->r.label == dns_name_countlabels(client->query.qname)) { nsname = client->query.qname; } else { nsname = dns_fixedname_name(&nsnamef); - dns_name_split(client->query.qname, st->ns.label, + dns_name_split(client->query.qname, st->r.label, NULL, nsname); } - if (st->ns.ns_rdataset == NULL || - !dns_rdataset_isassociated(st->ns.ns_rdataset)) { + if (st->r.ns_rdataset == NULL || + !dns_rdataset_isassociated(st->r.ns_rdataset)) { dns_db_t *db = NULL; - result = rpz_ns_find(client, nsname, dns_rdatatype_ns, - &db, NULL, &st->ns.ns_rdataset, - resuming); + result = rpz_rrset_find(client, DNS_RPZ_TYPE_NSDNAME, + nsname, dns_rdatatype_ns, + &db, NULL, &st->r.ns_rdataset, + resuming); if (db != NULL) dns_db_detach(&db); - if (result != ISC_R_SUCCESS) { - if (result == DNS_R_DELEGATION) + if (st->m.policy == DNS_RPZ_POLICY_ERROR) + goto cleanup; + switch (result) { + case ISC_R_SUCCESS: + result = dns_rdataset_first(st->r.ns_rdataset); + if (result != ISC_R_SUCCESS) goto cleanup; - if (result == DNS_R_EMPTYNAME || - result == DNS_R_NXRRSET || - result == DNS_R_EMPTYWILD || - result == DNS_R_NXDOMAIN || - result == DNS_R_NCACHENXDOMAIN || - result == DNS_R_NCACHENXRRSET || - result == DNS_R_CNAME || - result == DNS_R_DNAME) { - rpz_fail_log(client, - DNS_RPZ_DEBUG_LEVEL2, - DNS_RPZ_TYPE_NSIP, nsname, - "NS db_find() ", result); - dns_rdataset_disassociate(st->ns. - ns_rdataset); - st->ns.label--; - continue; - } - if (st->m.policy != DNS_RPZ_POLICY_ERROR) { - rpz_fail_log(client, DNS_RPZ_INFO_LEVEL, - DNS_RPZ_TYPE_NSIP, nsname, - "NS db_find() ", result); - st->m.policy = DNS_RPZ_POLICY_ERROR; - } + st->state &= ~(DNS_RPZ_DONE_NSDNAME | + DNS_RPZ_DONE_IPv4); + break; + case DNS_R_DELEGATION: goto cleanup; + case DNS_R_EMPTYNAME: + case DNS_R_NXRRSET: + case DNS_R_EMPTYWILD: + case DNS_R_NXDOMAIN: + case DNS_R_NCACHENXDOMAIN: + case DNS_R_NCACHENXRRSET: + case ISC_R_NOTFOUND: + case DNS_R_CNAME: + case DNS_R_DNAME: + rpz_rewrite_ns_skip(client, nsname, result, + 0, NULL); + continue; + case ISC_R_TIMEDOUT: + case DNS_R_BROKENCHAIN: + case ISC_R_FAILURE: + rpz_rewrite_ns_skip(client, nsname, result, + DNS_RPZ_DEBUG_LEVEL3, + "NS db_find() "); + continue; + default: + rpz_rewrite_ns_skip(client, nsname, result, + DNS_RPZ_INFO_LEVEL, + "unrecognized NS db_find() "); + continue; } - result = dns_rdataset_first(st->ns.ns_rdataset); - if (result != ISC_R_SUCCESS) - goto cleanup; } /* * Check all NS names. @@ -4365,17 +4578,30 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, dns_rdata_ns_t ns; dns_rdata_t nsrdata = DNS_RDATA_INIT; - dns_rdataset_current(st->ns.ns_rdataset, &nsrdata); + dns_rdataset_current(st->r.ns_rdataset, &nsrdata); result = dns_rdata_tostruct(&nsrdata, &ns, NULL); dns_rdata_reset(&nsrdata); if (result != ISC_R_SUCCESS) { - rpz_fail_log(client, DNS_RPZ_ERROR_LEVEL, + rpz_log_fail(client, DNS_RPZ_ERROR_LEVEL, DNS_RPZ_TYPE_NSIP, nsname, "rdata_tostruct() ", result); st->m.policy = DNS_RPZ_POLICY_ERROR; goto cleanup; } - if ((st->state & DNS_RPZ_HAD_NSDNAME) != 0) { + /* + * Do nothing about "NS ." + */ + if (dns_name_equal(&ns.name, dns_rootname)) { + dns_rdata_freestruct(&ns); + result = dns_rdataset_next(st->r.ns_rdataset); + continue; + } + /* + * Check this NS name if we did not handle it + * during a previous recursion. + */ + if ((st->state & DNS_RPZ_DONE_NSDNAME) == 0 && + (st->state & DNS_RPZ_HAVE_NSDNAME) != 0) { result = rpz_rewrite_name(client, qtype, &ns.name, DNS_RPZ_TYPE_NSDNAME, @@ -4384,42 +4610,23 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, dns_rdata_freestruct(&ns); goto cleanup; } + st->state |= DNS_RPZ_DONE_NSDNAME; } /* - * Check all IP addresses for this NS name, but don't - * bother without NSIP rules or with a NSDNAME hit. + * Check all IP addresses for this NS name. */ - version = NULL; - if ((st->state & DNS_RPZ_HAVE_NSIPv4) != 0 && - st->m.type != DNS_RPZ_TYPE_NSDNAME && - (st->state & DNS_RPZ_DONE_A) == 0) { - result = rpz_rewrite_nsip(client, - dns_rdatatype_a, - &ns.name, &ipdb, - version, &rdataset, - resuming); - if (result == ISC_R_SUCCESS) - st->state |= DNS_RPZ_DONE_A; - } - if (result == ISC_R_SUCCESS && - (st->state & DNS_RPZ_HAVE_NSIPv6) != 0 && - st->m.type != DNS_RPZ_TYPE_NSDNAME) { - result = rpz_rewrite_nsip(client, - dns_rdatatype_aaaa, - &ns.name, &ipdb, - version, &rdataset, - resuming); - } + result = rpz_rewrite_rrsets(client, DNS_RPZ_TYPE_NSIP, + &ns.name, dns_rdatatype_any, + &rdataset, resuming); dns_rdata_freestruct(&ns); - if (ipdb != NULL) - dns_db_detach(&ipdb); if (result != ISC_R_SUCCESS) goto cleanup; - st->state &= ~DNS_RPZ_DONE_A; - result = dns_rdataset_next(st->ns.ns_rdataset); + st->state &= ~(DNS_RPZ_DONE_NSDNAME | + DNS_RPZ_DONE_IPv4); + result = dns_rdataset_next(st->r.ns_rdataset); } while (result == ISC_R_SUCCESS); - dns_rdataset_disassociate(st->ns.ns_rdataset); - st->ns.label--; + dns_rdataset_disassociate(st->r.ns_rdataset); + st->r.label--; } /* @@ -4429,31 +4636,76 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype, cleanup: if (st->m.policy != DNS_RPZ_POLICY_MISS && - st->m.policy != DNS_RPZ_POLICY_NO_OP && st->m.policy != DNS_RPZ_POLICY_ERROR && st->m.rpz->policy != DNS_RPZ_POLICY_GIVEN) st->m.policy = st->m.rpz->policy; - if (st->m.policy == DNS_RPZ_POLICY_NO_OP) - rpz_log(client); if (st->m.policy == DNS_RPZ_POLICY_MISS || - st->m.policy == DNS_RPZ_POLICY_NO_OP || - st->m.policy == DNS_RPZ_POLICY_ERROR) + st->m.policy == DNS_RPZ_POLICY_PASSTHRU || + st->m.policy == DNS_RPZ_POLICY_ERROR) { + if (st->m.policy == DNS_RPZ_POLICY_PASSTHRU) + rpz_log_rewrite(client, "", st->m.policy, st->m.type, + st->qname); rpz_clean(&st->m.zone, &st->m.db, &st->m.node, &st->m.rdataset); - if (st->m.policy != DNS_RPZ_POLICY_MISS) - st->state |= DNS_RPZ_REWRITTEN; + } if (st->m.policy == DNS_RPZ_POLICY_ERROR) { st->m.type = DNS_RPZ_TYPE_BAD; result = DNS_R_SERVFAIL; } - if (rdataset != NULL) - query_putrdataset(client, &rdataset); - if ((st->state & DNS_RPZ_RECURSING) == 0) { - rpz_clean(NULL, &st->ns.db, NULL, &st->ns.ns_rdataset); - } + query_putrdataset(client, &rdataset); + if ((st->state & DNS_RPZ_RECURSING) == 0) + rpz_clean(NULL, &st->r.db, NULL, &st->r.ns_rdataset); return (result); } +/* + * Add a CNAME to the query response, including translating foo.evil.com and + * *.evil.com CNAME *.example.com + * to + * foo.evil.com CNAME foo.evil.com.example.com + */ +static isc_result_t +rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st, + dns_name_t *cname, dns_name_t *fname, isc_buffer_t *dbuf) +{ + dns_fixedname_t prefix, suffix; + unsigned int labels; + isc_result_t result; + + labels = dns_name_countlabels(cname); + if (labels > 2 && dns_name_iswildcard(cname)) { + dns_fixedname_init(&prefix); + dns_name_split(client->query.qname, 1, + dns_fixedname_name(&prefix), NULL); + dns_fixedname_init(&suffix); + dns_name_split(cname, labels-1, + NULL, dns_fixedname_name(&suffix)); + result = dns_name_concatenate(dns_fixedname_name(&prefix), + dns_fixedname_name(&suffix), + fname, NULL); + if (result == DNS_R_NAMETOOLONG) + client->message->rcode = dns_rcode_yxdomain; + } else { + result = dns_name_copy(cname, fname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } + if (result != ISC_R_SUCCESS) + return (result); + query_keepname(client, fname, dbuf); + result = query_add_cname(client, client->query.qname, + fname, dns_trust_authanswer, st->m.ttl); + if (result != ISC_R_SUCCESS) + return (result); + rpz_log_rewrite(client, "", st->m.policy, st->m.type, st->qname); + ns_client_qnamereplace(client, fname); + /* + * Turn off DNSSEC because the results of a + * response policy zone cannot verify. + */ + client->attributes &= ~NS_CLIENTATTR_WANTDNSSEC; + return (ISC_R_SUCCESS); +} + #define MAX_RESTARTS 16 #define QUERY_ERROR(r) \ @@ -5027,14 +5279,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rpz_st->q.sigrdataset = NULL; qtype = rpz_st->q.qtype; + rpz_st->r.db = event->db; if (event->node != NULL) - dns_db_detachnode(db, &event->node); - rpz_st->ns.db = event->db; - rpz_st->ns.r_type = event->qtype; - rpz_st->ns.r_rdataset = event->rdataset; - if (event->sigrdataset != NULL && - dns_rdataset_isassociated(event->sigrdataset)) - dns_rdataset_disassociate(event->sigrdataset); + dns_db_detachnode(event->db, &event->node); + rpz_st->r.r_type = event->qtype; + rpz_st->r.r_rdataset = event->rdataset; + query_putrdataset(client, &event->sigrdataset); } else { authoritative = ISC_FALSE; @@ -5085,7 +5335,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } if (rpz_st != NULL && (rpz_st->state & DNS_RPZ_RECURSING) != 0) { - rpz_st->ns.r_result = event->result; + rpz_st->r.r_result = event->result; result = rpz_st->q.result; isc_event_free(ISC_EVENT_PTR(&event)); } else { @@ -5248,13 +5498,14 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) if (!ISC_LIST_EMPTY(client->view->rpz_zones) && RECURSIONOK(client) && !RECURSING(client) && - result != DNS_R_DELEGATION && result != ISC_R_NOTFOUND && + (!WANTDNSSEC(client) || sigrdataset == NULL || + !dns_rdataset_isassociated(sigrdataset)) && (client->query.rpz_st == NULL || (client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) && !dns_name_equal(client->query.qname, dns_rootname)) { isc_result_t rresult; - rresult = rpz_rewrite(client, qtype, resuming); + rresult = rpz_rewrite(client, qtype, result, resuming); rpz_st = client->query.rpz_st; switch (rresult) { case ISC_R_SUCCESS: @@ -5285,16 +5536,19 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) RECURSE_ERROR(rresult); goto cleanup; } + if (rpz_st->m.policy != DNS_RPZ_POLICY_MISS) + rpz_st->state |= DNS_RPZ_REWRITTEN; if (rpz_st->m.policy != DNS_RPZ_POLICY_MISS && - rpz_st->m.policy != DNS_RPZ_POLICY_NO_OP) { - result = dns_name_copy(client->query.qname, fname, - NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - finish_rewrite: + rpz_st->m.policy != DNS_RPZ_POLICY_PASSTHRU && + rpz_st->m.policy != DNS_RPZ_POLICY_ERROR) { + if (rpz_st->m.type == DNS_RPZ_TYPE_QNAME) { + result = dns_name_copy(client->query.qname, + fname, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + } rpz_clean(&zone, &db, &node, NULL); if (rpz_st->m.rdataset != NULL) { - if (rdataset != NULL) - query_putrdataset(client, &rdataset); + query_putrdataset(client, &rdataset); rdataset = rpz_st->m.rdataset; rpz_st->m.rdataset = NULL; } else if (rdataset != NULL && @@ -5305,10 +5559,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rpz_st->m.node = NULL; db = rpz_st->m.db; rpz_st->m.db = NULL; + version = rpz_st->m.version; + rpz_st->m.version = NULL; zone = rpz_st->m.zone; rpz_st->m.zone = NULL; - result = rpz_st->m.result; switch (rpz_st->m.policy) { case DNS_RPZ_POLICY_NXDOMAIN: result = DNS_R_NXDOMAIN; @@ -5317,27 +5572,39 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) result = DNS_R_NXRRSET; break; case DNS_RPZ_POLICY_RECORD: + result = rpz_st->m.result; if (type == dns_rdatatype_any && result != DNS_R_CNAME && dns_rdataset_isassociated(rdataset)) dns_rdataset_disassociate(rdataset); break; - case DNS_RPZ_POLICY_CNAME: - result = dns_name_copy(&rpz_st->m.rpz->cname, - fname, NULL); + case DNS_RPZ_POLICY_WILDCNAME: + result = dns_rdataset_first(rdataset); RUNTIME_CHECK(result == ISC_R_SUCCESS); - query_keepname(client, fname, dbuf); - result = query_add_cname(client, - client->query.qname, - fname, - dns_trust_authanswer, - rpz_st->m.ttl); + dns_rdataset_current(rdataset, &rdata); + result = dns_rdata_tostruct(&rdata, &cname, + NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + dns_rdata_reset(&rdata); + result = rpz_add_cname(client, rpz_st, + &cname.cname, + fname, dbuf); + if (result != ISC_R_SUCCESS) + goto cleanup; + fname = NULL; + want_restart = ISC_TRUE; + goto cleanup; + case DNS_RPZ_POLICY_CNAME: + /* + * Add overridding CNAME from a named.conf + * response-policy statement + */ + result = rpz_add_cname(client, rpz_st, + &rpz_st->m.rpz->cname, + fname, dbuf); if (result != ISC_R_SUCCESS) goto cleanup; - ns_client_qnamereplace(client, fname); fname = NULL; - client->attributes &= ~NS_CLIENTATTR_WANTDNSSEC; - rpz_log(client); want_restart = ISC_TRUE; goto cleanup; default: @@ -5349,11 +5616,10 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * response policy zone cannot verify. */ client->attributes &= ~NS_CLIENTATTR_WANTDNSSEC; - if (sigrdataset != NULL && - dns_rdataset_isassociated(sigrdataset)) - dns_rdataset_disassociate(sigrdataset); + query_putrdataset(client, &sigrdataset); is_zone = ISC_TRUE; - rpz_log(client); + rpz_log_rewrite(client, "", rpz_st->m.policy, + rpz_st->m.type, rpz_st->qname); } } @@ -5668,7 +5934,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) case DNS_R_EMPTYNAME: case DNS_R_NXRRSET: - nxrrset: + iszone_nxrrset: INSIST(is_zone); #ifdef dns64_bis_return_excluded_addresses @@ -5686,6 +5952,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) query_putrdataset(client, &sigrdataset); rdataset = client->query.dns64_aaaa; sigrdataset = client->query.dns64_sigaaaa; + client->query.dns64_aaaa = NULL; + client->query.dns64_sigaaaa = NULL; if (fname == NULL) { dbuf = query_getnamebuf(client); if (dbuf == NULL) { @@ -5699,8 +5967,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } } dns_name_copy(client->query.qname, fname, NULL); - client->query.dns64_aaaa = NULL; - client->query.dns64_sigaaaa = NULL; dns64 = ISC_FALSE; #ifdef dns64_bis_return_excluded_addresses /* @@ -5735,6 +6001,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) /* * Look for a NSEC3 record if we don't have a NSEC record. */ + nxrrset_rrsig: if (!dns_rdataset_isassociated(rdataset) && WANTDNSSEC(client)) { if ((fname->attributes & DNS_NAMEATTR_WILDCARD) == 0) { @@ -5860,6 +6127,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) */ query_releasename(client, &fname); } + /* * Add SOA. If the query was for a SOA record force the * ttl to zero so that it is possible for clients to find @@ -5936,6 +6204,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) query_putrdataset(client, &sigrdataset); rdataset = client->query.dns64_aaaa; sigrdataset = client->query.dns64_sigaaaa; + client->query.dns64_aaaa = NULL; + client->query.dns64_sigaaaa = NULL; if (fname == NULL) { dbuf = query_getnamebuf(client); if (dbuf == NULL) { @@ -5949,8 +6219,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } } dns_name_copy(client->query.qname, fname, NULL); - client->query.dns64_aaaa = NULL; - client->query.dns64_sigaaaa = NULL; dns64 = ISC_FALSE; #ifdef dns64_bis_return_excluded_addresses if (dns64_excluded) @@ -6201,9 +6469,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) need_wildcardproof = ISC_TRUE; } +#ifdef ALLOW_FILTER_AAAA_ON_V4 + if (client->view->v4_aaaa != dns_v4_aaaa_ok && + is_v4_client(client) && + ns_client_checkaclsilent(client, NULL, + client->view->v4_aaaa_acl, + ISC_TRUE) == ISC_R_SUCCESS) + client->filter_aaaa = client->view->v4_aaaa; + else + client->filter_aaaa = dns_v4_aaaa_ok; + +#endif + if (type == dns_rdatatype_any) { #ifdef ALLOW_FILTER_AAAA_ON_V4 - isc_boolean_t have_aaaa, have_a, have_sig, filter_aaaa; + isc_boolean_t have_aaaa, have_a, have_sig; /* * The filter-aaaa-on-v4 option should @@ -6215,14 +6495,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) have_aaaa = ISC_FALSE; have_a = !authoritative; have_sig = ISC_FALSE; - if (client->view->v4_aaaa != dns_v4_aaaa_ok && - is_v4_client(client) && - ns_client_checkaclsilent(client, NULL, - client->view->v4_aaaa_acl, - ISC_TRUE) == ISC_R_SUCCESS) - filter_aaaa = ISC_TRUE; - else - filter_aaaa = ISC_FALSE; #endif /* * XXXRTH Need to handle zonecuts with special case @@ -6237,53 +6509,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } /* - * Check all A and AAAA records in all response policy - * IP address zones - */ - rpz_st = client->query.rpz_st; - if (rpz_st != NULL && - (rpz_st->state & DNS_RPZ_DONE_QNAME) != 0 && - (rpz_st->state & DNS_RPZ_REWRITTEN) == 0 && - RECURSIONOK(client) && !RECURSING(client) && - (rpz_st->state & DNS_RPZ_HAVE_IP) != 0) { - for (result = dns_rdatasetiter_first(rdsiter); - result == ISC_R_SUCCESS; - result = dns_rdatasetiter_next(rdsiter)) { - dns_rdatasetiter_current(rdsiter, rdataset); - if (rdataset->type == dns_rdatatype_a || - rdataset->type == dns_rdatatype_aaaa) - result = rpz_rewrite_ip(client, - rdataset, - DNS_RPZ_TYPE_IP); - dns_rdataset_disassociate(rdataset); - if (result != ISC_R_SUCCESS) - break; - } - if (result != ISC_R_NOMORE) { - dns_rdatasetiter_destroy(&rdsiter); - QUERY_ERROR(DNS_R_SERVFAIL); - goto cleanup; - } - switch (rpz_st->m.policy) { - case DNS_RPZ_POLICY_MISS: - break; - case DNS_RPZ_POLICY_NO_OP: - rpz_log(client); - rpz_st->state |= DNS_RPZ_REWRITTEN; - break; - case DNS_RPZ_POLICY_NXDOMAIN: - case DNS_RPZ_POLICY_NODATA: - case DNS_RPZ_POLICY_RECORD: - case DNS_RPZ_POLICY_CNAME: - dns_rdatasetiter_destroy(&rdsiter); - rpz_st->state |= DNS_RPZ_REWRITTEN; - goto finish_rewrite; - default: - INSIST(0); - } - } - - /* * Calling query_addrrset() with a non-NULL dbuf is going * to either keep or release the name. We don't want it to * release fname, since we may have to call query_addrrset() @@ -6304,7 +6529,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * Notice the presence of A and AAAAs so * that AAAAs can be hidden from IPv4 clients. */ - if (filter_aaaa) { + if (client->filter_aaaa != dns_v4_aaaa_ok) { if (rdataset->type == dns_rdatatype_aaaa) have_aaaa = ISC_TRUE; else if (rdataset->type == dns_rdatatype_a) @@ -6361,76 +6586,52 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * Filter AAAAs if there is an A and there is no signature * or we are supposed to break DNSSEC. */ - if (filter_aaaa && have_aaaa && have_a && - (!have_sig || !WANTDNSSEC(client) || - client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) + if (client->filter_aaaa == dns_v4_aaaa_break_dnssec) client->attributes |= NS_CLIENTATTR_FILTER_AAAA; + else if (client->filter_aaaa != dns_v4_aaaa_ok && + have_aaaa && have_a && + (!have_sig || !WANTDNSSEC(client))) + client->attributes |= NS_CLIENTATTR_FILTER_AAAA; #endif if (fname != NULL) dns_message_puttempname(client->message, &fname); - if (n == 0 && is_zone) { + if (n == 0) { /* - * We didn't match any rdatasets. + * No matching rdatasets found in cache. If we were + * searching for RRSIG/SIG, that's probably okay; + * otherwise this is an error condition. */ if ((qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig) && result == ISC_R_NOMORE) { - /* - * XXXRTH If this is a secure zone and we - * didn't find any SIGs, we should generate - * an error unless we were searching for - * glue. Ugh. - */ if (!is_zone) { - /* - * Note: this is dead code because - * is_zone is always true due to the - * condition above. But naive - * recursion would cause infinite - * attempts of recursion because - * the answer to (RR)SIG queries - * won't be cached. Until we figure - * out what we should do and implement - * it we intentionally keep this code - * dead. - */ authoritative = ISC_FALSE; dns_rdatasetiter_destroy(&rdsiter); - if (RECURSIONOK(client)) { - result = query_recurse(client, - qtype, - client->query.qname, - NULL, NULL, - resuming); - if (result == ISC_R_SUCCESS) - client->query.attributes |= - NS_QUERYATTR_RECURSING; - else - RECURSE_ERROR(result); - } + client->attributes &= ~NS_CLIENTATTR_RA; goto addauth; } - /* - * We were searching for SIG records in - * a nonsecure zone. Send a "no error, - * no data" response. - */ - /* - * Add SOA. - */ - result = query_addsoa(client, db, version, - ISC_UINT32_MAX, - ISC_FALSE); - if (result == ISC_R_SUCCESS) - result = ISC_R_NOMORE; - } else { - /* - * Something went wrong. - */ + + if (dns_db_issecure(db)) { + char namebuf[DNS_NAME_FORMATSIZE]; + dns_name_format(client->query.qname, + namebuf, + sizeof(namebuf)); + ns_client_log(client, + DNS_LOGCATEGORY_DNSSEC, + NS_LOGMODULE_QUERY, + ISC_LOG_WARNING, + "missing signature " + "for %s", namebuf); + } + + dns_rdatasetiter_destroy(&rdsiter); + fname = query_newname(client, dbuf, &b); + goto nxrrset_rrsig; + } else result = DNS_R_SERVFAIL; - } } + dns_rdatasetiter_destroy(&rdsiter); if (result != ISC_R_NOMORE) { QUERY_ERROR(DNS_R_SERVFAIL); @@ -6442,48 +6643,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * we know the answer. */ - /* - * Check all A and AAAA records in all response policy - * IP address zones - */ - rpz_st = client->query.rpz_st; - if (rpz_st != NULL && - (rpz_st->state & DNS_RPZ_DONE_QNAME) != 0 && - (rpz_st->state & DNS_RPZ_REWRITTEN) == 0 && - RECURSIONOK(client) && !RECURSING(client) && - (rpz_st->state & DNS_RPZ_HAVE_IP) != 0 && - (qtype == dns_rdatatype_aaaa || qtype == dns_rdatatype_a)) { - result = rpz_rewrite_ip(client, rdataset, - DNS_RPZ_TYPE_IP); - if (result != ISC_R_SUCCESS) { - QUERY_ERROR(DNS_R_SERVFAIL); - goto cleanup; - } - /* - * After a hit in the radix tree for the policy domain, - * either stop trying to rewrite (DNS_RPZ_POLICY_NO_OP) - * or restart to ask the ordinary database of the - * policy zone for the DNS record corresponding to the - * record in the radix tree. - */ - switch (rpz_st->m.policy) { - case DNS_RPZ_POLICY_MISS: - break; - case DNS_RPZ_POLICY_NO_OP: - rpz_log(client); - rpz_st->state |= DNS_RPZ_REWRITTEN; - break; - case DNS_RPZ_POLICY_NXDOMAIN: - case DNS_RPZ_POLICY_NODATA: - case DNS_RPZ_POLICY_RECORD: - case DNS_RPZ_POLICY_CNAME: - rpz_st->state |= DNS_RPZ_REWRITTEN; - goto finish_rewrite; - default: - INSIST(0); - } - } - #ifdef ALLOW_FILTER_AAAA_ON_V4 /* * Optionally hide AAAAs from IPv4 clients if there is an A. @@ -6493,15 +6652,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * so fundamentally wrong, unavoidably inaccurate, and * unneeded that it is best to keep it as short as possible. */ - if (client->view->v4_aaaa != dns_v4_aaaa_ok && - is_v4_client(client) && - ns_client_checkaclsilent(client, NULL, - client->view->v4_aaaa_acl, - ISC_TRUE) == ISC_R_SUCCESS && - (!WANTDNSSEC(client) || - sigrdataset == NULL || - !dns_rdataset_isassociated(sigrdataset) || - client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) { + if (client->filter_aaaa == dns_v4_aaaa_break_dnssec || + (client->filter_aaaa == dns_v4_aaaa_filter && + (!WANTDNSSEC(client) || sigrdataset == NULL || + !dns_rdataset_isassociated(sigrdataset)))) + { if (qtype == dns_rdatatype_aaaa) { trdataset = query_newrdataset(client); result = dns_db_findrdataset(db, node, version, @@ -6633,7 +6788,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } #endif if (is_zone) - goto nxrrset; + goto iszone_nxrrset; else goto ncache_nxrrset; } else if (result != ISC_R_SUCCESS) { @@ -6691,9 +6846,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) * General cleanup. */ rpz_st = client->query.rpz_st; - if (rpz_st != NULL && (rpz_st->state & DNS_RPZ_RECURSING) == 0) + if (rpz_st != NULL && (rpz_st->state & DNS_RPZ_RECURSING) == 0) { rpz_clean(&rpz_st->m.zone, &rpz_st->m.db, &rpz_st->m.node, &rpz_st->m.rdataset); + rpz_st->state &= ~DNS_RPZ_DONE_QNAME; + } if (rdataset != NULL) query_putrdataset(client, &rdataset); if (sigrdataset != NULL) diff --git a/bin/named/server.c b/bin/named/server.c index f19a0bbb93713..46f26c4f053e4 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.599.8.12 2011-08-02 04:58:45 each Exp $ */ +/* $Id: server.c,v 1.599.8.19 2012/02/22 00:33:32 each Exp $ */ /*! \file */ @@ -2596,14 +2596,19 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, if (result == ISC_R_SUCCESS) { /* If set to "auto", use the version from the defaults */ const cfg_obj_t *dlvobj; + const char *dom; dlvobj = cfg_listelt_value(cfg_list_first(obj)); - if (!strcmp(cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain")), - "auto") && - cfg_obj_isvoid(cfg_tuple_get(dlvobj, "trust-anchor"))) { - auto_dlv = ISC_TRUE; - obj = NULL; - result = cfg_map_get(ns_g_defaults, - "dnssec-lookaside", &obj); + dom = cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain")); + if (cfg_obj_isvoid(cfg_tuple_get(dlvobj, "trust-anchor"))) { + /* If "no", skip; if "auto", use global default */ + if (!strcasecmp(dom, "no")) + result = ISC_R_NOTFOUND; + else if (!strcasecmp(dom, "auto")) { + auto_dlv = ISC_TRUE; + obj = NULL; + result = cfg_map_get(ns_g_defaults, + "dnssec-lookaside", &obj); + } } } @@ -2704,7 +2709,7 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, rfc1918 = ISC_FALSE; empty_zones_enable = ISC_FALSE; } - if (empty_zones_enable) { + if (empty_zones_enable && !lwresd_g_useresolvconf) { const char *empty; int empty_zone = 0; dns_fixedname_t fixed; @@ -2842,7 +2847,8 @@ configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, CHECK(dns_zone_create(&zone, mctx)); CHECK(dns_zone_setorigin(zone, name)); dns_zone_setview(zone, view); - CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, zone)); + CHECK(dns_zonemgr_managezone(ns_g_server->zonemgr, + zone)); dns_zone_setclass(zone, view->rdclass); dns_zone_settype(zone, dns_zone_master); dns_zone_setstats(zone, ns_g_server->zonestats); @@ -3449,6 +3455,12 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, */ CHECK(dns_view_addzone(view, zone)); + /* + * Ensure that zone keys are reloaded on reconfig + */ + if ((dns_zone_getkeyopts(zone) & DNS_ZONEKEY_MAINTAIN) != 0) + dns_zone_rekey(zone, ISC_FALSE); + cleanup: if (zone != NULL) dns_zone_detach(&zone); @@ -3489,6 +3501,7 @@ add_keydata_zone(dns_view_t *view, const char *directory, isc_mem_t *mctx) { dns_zone_attach(pview->managed_keys, &view->managed_keys); dns_zone_setview(pview->managed_keys, view); dns_view_detach(&pview); + dns_zone_synckeyzone(view->managed_keys); return (ISC_R_SUCCESS); } @@ -4278,15 +4291,12 @@ load_configuration(const char *filename, ns_server_t *server, ns_cache_t *nsc; struct cfg_context *nzctx; int num_zones = 0; + isc_boolean_t exclusive = ISC_FALSE; ISC_LIST_INIT(viewlist); ISC_LIST_INIT(builtin_viewlist); ISC_LIST_INIT(cachelist); - /* Ensure exclusive access to configuration data. */ - result = isc_task_beginexclusive(server->task); - RUNTIME_CHECK(result == ISC_R_SUCCESS); - /* Create the ACL configuration context */ if (ns_g_aclconfctx != NULL) cfg_aclconfctx_detach(&ns_g_aclconfctx); @@ -4382,6 +4392,13 @@ load_configuration(const char *filename, ns_server_t *server, CHECK(result); } + /* Ensure exclusive access to configuration data. */ + if (!exclusive) { + result = isc_task_beginexclusive(server->task); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + exclusive = ISC_TRUE; + } + /* * Set process limits, which (usually) needs to be done as root. */ @@ -5149,7 +5166,8 @@ load_configuration(const char *filename, ns_server_t *server, adjust_interfaces(server, ns_g_mctx); /* Relinquish exclusive access to configuration data. */ - isc_task_endexclusive(server->task); + if (exclusive) + isc_task_endexclusive(server->task); isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), "load_configuration: %s", @@ -7352,13 +7370,14 @@ ns_server_add_zone(ns_server_t *server, char *args) { CHECK(isc_stdio_open(view->new_zone_file, "a", &fp)); /* Mark view unfrozen so that zone can be added */ + isc_task_beginexclusive(server->task); dns_view_thaw(view); result = configure_zone(cfg->config, parms, vconfig, server->mctx, view, cfg->actx, ISC_FALSE); dns_view_freeze(view); - if (result != ISC_R_SUCCESS) { + isc_task_endexclusive(server->task); + if (result != ISC_R_SUCCESS) goto cleanup; - } /* Is it there yet? */ CHECK(dns_zt_find(view->zonetable, &dnsname, 0, NULL, &zone)); diff --git a/bin/named/sortlist.c b/bin/named/sortlist.c index 0710fb18da348..daefa0772e931 100644 --- a/bin/named/sortlist.c +++ b/bin/named/sortlist.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: sortlist.c,v 1.17 2007-09-14 01:46:05 marka Exp $ */ +/* $Id: sortlist.c,v 1.17 2007/09/14 01:46:05 marka Exp $ */ /*! \file */ diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 1f726941a004f..d0518c94eeba3 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: statschannel.c,v 1.26.150.2 2011-03-12 04:59:14 tbox Exp $ */ +/* $Id: statschannel.c,v 1.26.150.2 2011/03/12 04:59:14 tbox Exp $ */ /*! \file */ diff --git a/bin/named/tkeyconf.c b/bin/named/tkeyconf.c index 66c2d7f47cc9a..6d852a0871c09 100644 --- a/bin/named/tkeyconf.c +++ b/bin/named/tkeyconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tkeyconf.c,v 1.33 2010-12-20 23:47:20 tbox Exp $ */ +/* $Id: tkeyconf.c,v 1.33 2010/12/20 23:47:20 tbox Exp $ */ /*! \file */ diff --git a/bin/named/tsigconf.c b/bin/named/tsigconf.c index 19e8d385e05b5..776b1b9f837dd 100644 --- a/bin/named/tsigconf.c +++ b/bin/named/tsigconf.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: tsigconf.c,v 1.35 2011-01-11 23:47:12 tbox Exp $ */ +/* $Id: tsigconf.c,v 1.35 2011/01/11 23:47:12 tbox Exp $ */ /*! \file */ diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in index a7155a0e358af..135c63437658d 100644 --- a/bin/named/unix/Makefile.in +++ b/bin/named/unix/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.13.244.2 2011-03-10 23:47:26 tbox Exp $ +# $Id: Makefile.in,v 1.13.244.2 2011/03/10 23:47:26 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c index 35dbcab65c011..ca4b1fdfcdafe 100644 --- a/bin/named/unix/dlz_dlopen_driver.c +++ b/bin/named/unix/dlz_dlopen_driver.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: dlz_dlopen_driver.c,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */ +/* $Id: dlz_dlopen_driver.c,v 1.1.4.6 2012/02/22 23:46:35 tbox Exp $ */ #include <config.h> @@ -313,6 +313,8 @@ dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[], dl_load_symbol(cd, "dlz_subrdataset", ISC_FALSE); cd->dlz_delrdataset = (dlz_dlopen_delrdataset_t *) dl_load_symbol(cd, "dlz_delrdataset", ISC_FALSE); + cd->dlz_destroy = (dlz_dlopen_destroy_t *) + dl_load_symbol(cd, "dlz_destroy", ISC_FALSE); /* Check the version of the API is the same */ cd->version = cd->dlz_version(&cd->flags); diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h index c2768f426647e..c979e53871d7b 100644 --- a/bin/named/unix/include/named/os.h +++ b/bin/named/unix/include/named/os.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.31 2009-08-05 23:47:43 tbox Exp $ */ +/* $Id: os.h,v 1.31 2009/08/05 23:47:43 tbox Exp $ */ #ifndef NS_OS_H #define NS_OS_H 1 diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c index 5fd6547386005..9637ded473e5b 100644 --- a/bin/named/unix/os.c +++ b/bin/named/unix/os.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.c,v 1.104.38.3 2011-03-02 00:04:01 marka Exp $ */ +/* $Id: os.c,v 1.104.38.3 2011/03/02 00:04:01 marka Exp $ */ /*! \file */ diff --git a/bin/named/update.c b/bin/named/update.c index c99db5f8c46cd..6fb6a85367218 100644 --- a/bin/named/update.c +++ b/bin/named/update.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: update.c,v 1.186.16.5 2011-03-25 23:53:52 each Exp $ */ +/* $Id: update.c,v 1.186.16.7 2011/11/03 02:55:34 each Exp $ */ #include <config.h> @@ -1506,8 +1506,6 @@ check_soa_increment(dns_db_t *db, dns_dbversion_t *ver, * Incremental updating of NSECs and RRSIGs. */ -#define MAXZONEKEYS 32 /*%< Maximum number of zone keys supported. */ - /*% * We abuse the dns_diff_t type to represent a set of domain names * affected by the update. @@ -2131,7 +2129,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_diff_t nsec_diff; dns_diff_t nsec_mindiff; isc_boolean_t flag, build_nsec, build_nsec3; - dst_key_t *zone_keys[MAXZONEKEYS]; + dst_key_t *zone_keys[DNS_MAXZONEKEYS]; unsigned int nkeys = 0; unsigned int i; isc_stdtime_t now, inception, expire; @@ -2154,7 +2152,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db, dns_diff_init(client->mctx, &nsec_mindiff); result = find_zone_keys(zone, db, newver, client->mctx, - MAXZONEKEYS, zone_keys, &nkeys); + DNS_MAXZONEKEYS, zone_keys, &nkeys); if (result != ISC_R_SUCCESS) { update_log(client, zone, ISC_LOG_ERROR, "could not get zone keys for secure dynamic update"); @@ -4473,6 +4471,12 @@ send_forward_event(ns_client_t *client, dns_zone_t *zone) { isc_task_t *zonetask = NULL; ns_client_t *evclient; + /* + * This may take some time so replace this client. + */ + if (!client->mortal && (client->attributes & NS_CLIENTATTR_TCP) == 0) + CHECK(ns_client_replace(client)); + event = (update_event_t *) isc_event_allocate(client->mctx, client, DNS_EVENT_UPDATE, forward_action, NULL, sizeof(*event)); diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c index 83c64f27954e7..6cda6589e1c92 100644 --- a/bin/named/xfrout.c +++ b/bin/named/xfrout.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: xfrout.c,v 1.139.16.3 2011-07-28 04:30:54 marka Exp $ */ +/* $Id: xfrout.c,v 1.139.16.4 2011/12/01 01:00:50 marka Exp $ */ #include <config.h> @@ -1287,6 +1287,13 @@ sendstream(xfrout_ctx_t *xfr) { isc_buffer_free(&xfr->lasttsig); /* + * Account for reserved space. + */ + if (xfr->tsigkey != NULL) + INSIST(msg->reserved != 0U); + isc_buffer_add(&xfr->buf, msg->reserved); + + /* * Include a question section in the first message only. * BIND 8.2.1 will not recognize an IXFR if it does not * have a question section. @@ -1324,9 +1331,13 @@ sendstream(xfrout_ctx_t *xfr) { ISC_LIST_APPEND(qname->list, qrdataset, link); dns_message_addname(msg, qname, DNS_SECTION_QUESTION); - } - else + } else { + /* + * Reserve space for the 12-byte message header + */ + isc_buffer_add(&xfr->buf, 12); msg->tcp_continuation = 1; + } } /* diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c index a3e713b4e94d8..6eef28ae131ff 100644 --- a/bin/named/zoneconf.c +++ b/bin/named/zoneconf.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 1999-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zoneconf.c,v 1.170.14.4 2011-05-23 20:56:10 each Exp $ */ +/* $Id: zoneconf.c,v 1.170.14.7 2012/01/31 23:46:39 tbox Exp $ */ /*% */ @@ -1329,8 +1329,11 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, &count)); result = dns_zone_setmasterswithkeys(zone, addrs, keynames, count); - ns_config_putipandkeylist(mctx, &addrs, &keynames, - count); + if (count != 0) + ns_config_putipandkeylist(mctx, &addrs, + &keynames, count); + else + INSIST(addrs == NULL && keynames == NULL); } else result = dns_zone_setmasters(zone, NULL, 0); RETERR(result); @@ -1462,15 +1465,21 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) { zoptions = cfg_tuple_get(zconfig, "options"); - if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone)) + if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone)) { + dns_zone_log(zone, ISC_LOG_DEBUG(1), + "not reusable: type mismatch"); return (ISC_FALSE); + } /* * We always reconfigure a static-stub zone for simplicity, assuming * the amount of data to be loaded is small. */ - if (zonetype_fromconfig(zoptions) == dns_zone_staticstub) + if (zonetype_fromconfig(zoptions) == dns_zone_staticstub) { + dns_zone_log(zone, ISC_LOG_DEBUG(1), + "not reusable: staticstub"); return (ISC_FALSE); + } obj = NULL; (void)cfg_map_get(zoptions, "file", &obj); @@ -1481,8 +1490,11 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) { zfilename = dns_zone_getfile(zone); if (!((cfilename == NULL && zfilename == NULL) || (cfilename != NULL && zfilename != NULL && - strcmp(cfilename, zfilename) == 0))) - return (ISC_FALSE); + strcmp(cfilename, zfilename) == 0))) { + dns_zone_log(zone, ISC_LOG_DEBUG(1), + "not reusable: filename mismatch"); + return (ISC_FALSE); + } return (ISC_TRUE); } diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in index a65aad9162ed7..e86731bedd758 100644 --- a/bin/nsupdate/Makefile.in +++ b/bin/nsupdate/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.36 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1 index 9d82891dda9f4..58675975233e0 100644 --- a/bin/nsupdate/nsupdate.1 +++ b/bin/nsupdate/nsupdate.1 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsupdate.1,v 1.13 2010-07-10 01:14:19 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 058088c8996e3..743f32134687a 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.193.12.3 2011-05-23 22:12:14 each Exp $ */ +/* $Id: nsupdate.c,v 1.193.12.4 2011/11/03 04:30:09 each Exp $ */ /*! \file */ @@ -2280,6 +2280,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) { dns_message_destroy(&soaquery); ddebug("Out of recvsoa"); done_update(); + seenerror = ISC_TRUE; return; } diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index 2a92af438dacc..6378df7a7f1e7 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.docbook,v 1.44 2010-07-09 23:46:51 tbox Exp $ --> +<!-- $Id: nsupdate.docbook,v 1.44 2010/07/09 23:46:51 tbox Exp $ --> <refentry id="man.nsupdate"> <refentryinfo> <date>Aug 25, 2009</date> diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html index f48831573e15a..5c108e374611b 100644 --- a/bin/nsupdate/nsupdate.html +++ b/bin/nsupdate/nsupdate.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsupdate.html,v 1.50 2010-07-10 01:14:19 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] | [<code class="option">-o</code>] | [<code class="option">-l</code>] | [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543457"></a><h2>DESCRIPTION</h2> +<a name="id2543459"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">nsupdate</strong></span> is used to submit Dynamic DNS Update requests as defined in RFC 2136 to a name server. @@ -192,7 +192,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543788"></a><h2>INPUT FORMAT</h2> +<a name="id2543790"></a><h2>INPUT FORMAT</h2> <p><span><strong class="command">nsupdate</strong></span> reads input from <em class="parameter"><code>filename</code></em> @@ -480,7 +480,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544700"></a><h2>EXAMPLES</h2> +<a name="id2544702"></a><h2>EXAMPLES</h2> <p> The examples below show how <span><strong class="command">nsupdate</strong></span> @@ -534,7 +534,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2544744"></a><h2>FILES</h2> +<a name="id2544746"></a><h2>FILES</h2> <div class="variablelist"><dl> <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt> <dd><p> @@ -557,7 +557,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2544827"></a><h2>SEE ALSO</h2> +<a name="id2544829"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">RFC 2136</em>, <em class="citetitle">RFC 3007</em>, @@ -572,7 +572,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2542154"></a><h2>BUGS</h2> +<a name="id2542156"></a><h2>BUGS</h2> <p> The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library diff --git a/bin/rndc/Makefile.in b/bin/rndc/Makefile.in index 6c7c56f4abf75..e67bad7efc59b 100644 --- a/bin/rndc/Makefile.in +++ b/bin/rndc/Makefile.in @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.49 2009-12-05 23:31:40 each Exp $ +# $Id: Makefile.in,v 1.49 2009/12/05 23:31:40 each Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/rndc/include/rndc/os.h b/bin/rndc/include/rndc/os.h index 91986cb0c1dc2..3f2c7767e8597 100644 --- a/bin/rndc/include/rndc/os.h +++ b/bin/rndc/include/rndc/os.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: os.h,v 1.12 2009-06-10 00:27:21 each Exp $ */ +/* $Id: os.h,v 1.12 2009/06/10 00:27:21 each Exp $ */ /*! \file */ diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8 index e4d723bb51973..7197ed0b92889 100644 --- a/bin/rndc/rndc.8 +++ b/bin/rndc/rndc.8 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.8,v 1.43 2009-07-11 01:12:46 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index 1e9c3b064a8d1..5811cfa141fac 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.c,v 1.131.20.2 2011-02-28 01:19:59 tbox Exp $ */ +/* $Id: rndc.c,v 1.131.20.3 2011/11/03 22:06:31 each Exp $ */ /*! \file */ @@ -142,13 +142,17 @@ command is one of the following:\n\ Flush the given name from the server's cache(s)\n\ status Display status of the server.\n\ recursing Dump the queries that are currently recursing (named.recursing)\n\ + tsig-list List all currently active TSIG keys, including both statically\n\ + configured and TKEY-negotiated keys.\n\ + tsig-delete keyname [view] \n\ + Delete a TKEY-negotiated TSIG key.\n\ validation newstate [view]\n\ Enable / disable DNSSEC validation.\n\ - *restart Restart the server.\n\ addzone [\"file\"] zone [class [view]] { zone-options }\n\ Add zone to given view. Requires new-zone-file option.\n\ delzone [\"file\"] zone [class [view]]\n\ Removes zone from given view. Requires new-zone-file option.\n\ + *restart Restart the server.\n\ \n\ * == not yet implemented\n\ Version: %s\n", diff --git a/bin/rndc/rndc.conf b/bin/rndc/rndc.conf index 057028a94b269..67542b91c7a2d 100644 --- a/bin/rndc/rndc.conf +++ b/bin/rndc/rndc.conf @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rndc.conf,v 1.11 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: rndc.conf,v 1.11 2007/06/19 23:46:59 tbox Exp $ */ /* * Sample rndc configuration file. diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 54c4af9c21f8c..694a4815dac6f 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -13,7 +13,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: rndc.conf.5,v 1.41 2009-07-11 01:12:46 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/rndc/rndc.conf.docbook b/bin/rndc/rndc.conf.docbook index 4a92682ca9700..9de1995467fdc 100644 --- a/bin/rndc/rndc.conf.docbook +++ b/bin/rndc/rndc.conf.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.docbook,v 1.17 2007-06-18 23:47:25 tbox Exp $ --> +<!-- $Id: rndc.conf.docbook,v 1.17 2007/06/18 23:47:25 tbox Exp $ --> <refentry id="man.rndc.conf"> <refentryinfo> <date>June 30, 2000</date> diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index 463b99fd2c24e..b0f904b2ab37c 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.conf.html,v 1.32 2009-07-11 01:12:46 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543352"></a><h2>DESCRIPTION</h2> +<a name="id2543354"></a><h2>DESCRIPTION</h2> <p><code class="filename">rndc.conf</code> is the configuration file for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control utility. This file has a similar structure and syntax to @@ -117,7 +117,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543500"></a><h2>EXAMPLE</h2> +<a name="id2543502"></a><h2>EXAMPLE</h2> <pre class="programlisting"> options { default-server localhost; @@ -191,7 +191,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543592"></a><h2>NAME SERVER CONFIGURATION</h2> +<a name="id2543594"></a><h2>NAME SERVER CONFIGURATION</h2> <p> The name server must be configured to accept rndc connections and to recognize the key specified in the <code class="filename">rndc.conf</code> @@ -201,7 +201,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543613"></a><h2>SEE ALSO</h2> +<a name="id2543616"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>, @@ -209,7 +209,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543652"></a><h2>AUTHOR</h2> +<a name="id2543654"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook index 3bf63259c7851..d407f2b515cbe 100644 --- a/bin/rndc/rndc.docbook +++ b/bin/rndc/rndc.docbook @@ -18,7 +18,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.docbook,v 1.21 2007-12-14 20:39:14 marka Exp $ --> +<!-- $Id: rndc.docbook,v 1.21 2007/12/14 20:39:14 marka Exp $ --> <refentry id="man.rndc"> <refentryinfo> <date>June 30, 2000</date> diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html index ecc0f318614a6..4195c4e07e9fe 100644 --- a/bin/rndc/rndc.html +++ b/bin/rndc/rndc.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: rndc.html,v 1.32 2009-07-11 01:12:46 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -32,7 +32,7 @@ <div class="cmdsynopsis"><p><code class="command">rndc</code> [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543413"></a><h2>DESCRIPTION</h2> +<a name="id2543415"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">rndc</strong></span> controls the operation of a name server. It supersedes the <span><strong class="command">ndc</strong></span> utility @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543448"></a><h2>OPTIONS</h2> +<a name="id2543450"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt> <dd><p> @@ -133,7 +133,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543656"></a><h2>LIMITATIONS</h2> +<a name="id2543658"></a><h2>LIMITATIONS</h2> <p><span><strong class="command">rndc</strong></span> does not yet support all the commands of the BIND 8 <span><strong class="command">ndc</strong></span> utility. @@ -147,7 +147,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543683"></a><h2>SEE ALSO</h2> +<a name="id2543685"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>, <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, @@ -157,7 +157,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543738"></a><h2>AUTHOR</h2> +<a name="id2543740"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/rndc/util.c b/bin/rndc/util.c index 8a7078a2135f7..c654462bf04d9 100644 --- a/bin/rndc/util.c +++ b/bin/rndc/util.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.c,v 1.7 2007-06-19 23:46:59 tbox Exp $ */ +/* $Id: util.c,v 1.7 2007/06/19 23:46:59 tbox Exp $ */ /*! \file */ diff --git a/bin/rndc/util.h b/bin/rndc/util.h index 8eba61a57ee2b..d7277148ffa7c 100644 --- a/bin/rndc/util.h +++ b/bin/rndc/util.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: util.h,v 1.12 2009-09-29 23:48:03 tbox Exp $ */ +/* $Id: util.h,v 1.12 2009/09/29 23:48:03 tbox Exp $ */ #ifndef RNDC_UTIL_H #define RNDC_UTIL_H 1 diff --git a/bin/tools/Makefile.in b/bin/tools/Makefile.in index 35b8285715d29..a77376b251e6a 100644 --- a/bin/tools/Makefile.in +++ b/bin/tools/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.13 2010-01-07 23:48:53 tbox Exp $ +# $Id: Makefile.in,v 1.13 2010/01/07 23:48:53 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/bin/tools/arpaname.1 b/bin/tools/arpaname.1 index 66623801814f4..5b582514224f7 100644 --- a/bin/tools/arpaname.1 +++ b/bin/tools/arpaname.1 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: arpaname.1,v 1.4 2010-05-19 01:14:14 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/tools/arpaname.c b/bin/tools/arpaname.c index e7f14345dfd6e..356a883a45daa 100644 --- a/bin/tools/arpaname.c +++ b/bin/tools/arpaname.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: arpaname.c,v 1.4 2009-10-27 03:05:33 marka Exp $ */ +/* $Id: arpaname.c,v 1.4 2009/10/27 03:05:33 marka Exp $ */ #include "config.h" diff --git a/bin/tools/arpaname.docbook b/bin/tools/arpaname.docbook index a7eb79e9c3b68..6fb3ca29e5a26 100644 --- a/bin/tools/arpaname.docbook +++ b/bin/tools/arpaname.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: arpaname.docbook,v 1.1 2009-03-04 01:30:27 marka Exp $ --> +<!-- $Id: arpaname.docbook,v 1.1 2009/03/04 01:30:27 marka Exp $ --> <refentry id="man.arpaname"> <refentryinfo> <date>March 4, 2009</date> diff --git a/bin/tools/arpaname.html b/bin/tools/arpaname.html index e44cfbd782e01..92f46b4f71f62 100644 --- a/bin/tools/arpaname.html +++ b/bin/tools/arpaname.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: arpaname.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,20 +31,20 @@ <div class="cmdsynopsis"><p><code class="command">arpaname</code> {<em class="replaceable"><code>ipaddress </code></em>...}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543345"></a><h2>DESCRIPTION</h2> +<a name="id2543347"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543357"></a><h2>SEE ALSO</h2> +<a name="id2543360"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543371"></a><h2>AUTHOR</h2> +<a name="id2543373"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/genrandom.8 b/bin/tools/genrandom.8 index 5005658c9a149..38c1ccd67c249 100644 --- a/bin/tools/genrandom.8 +++ b/bin/tools/genrandom.8 @@ -1,4 +1,4 @@ -.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC") .\" .\" Permission to use, copy, modify, and/or distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: genrandom.8,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l @@ -65,5 +65,5 @@ The file name into which random data should be written. .PP Internet Systems Consortium .SH "COPYRIGHT" -Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC") +Copyright \(co 2009\-2012 Internet Systems Consortium, Inc. ("ISC") .br diff --git a/bin/tools/genrandom.c b/bin/tools/genrandom.c index 8473be259404f..675e5043d6017 100644 --- a/bin/tools/genrandom.c +++ b/bin/tools/genrandom.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: genrandom.c,v 1.7 2010-05-17 23:51:04 tbox Exp $ */ +/* $Id: genrandom.c,v 1.7 2010/05/17 23:51:04 tbox Exp $ */ /*! \file */ #include <config.h> diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook index b52ab4932a194..730aab99bb560 100644 --- a/bin/tools/genrandom.docbook +++ b/bin/tools/genrandom.docbook @@ -2,7 +2,7 @@ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [<!ENTITY mdash "—">]> <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: genrandom.docbook,v 1.6.124.2 2011-08-08 23:45:44 tbox Exp $ --> +<!-- $Id$ --> <refentry id="man.genrandom"> <refentryinfo> <date>Feb 19, 2009</date> @@ -39,6 +39,7 @@ <year>2009</year> <year>2010</year> <year>2011</year> + <year>2012</year> <holder>Internet Systems Consortium, Inc. ("ISC")</holder> </copyright> </docinfo> diff --git a/bin/tools/genrandom.html b/bin/tools/genrandom.html index c3b2993a05cc2..f69b7ca2da214 100644 --- a/bin/tools/genrandom.html +++ b/bin/tools/genrandom.html @@ -1,5 +1,5 @@ <!-- - - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2009-2012 Internet Systems Consortium, Inc. ("ISC") - - Permission to use, copy, modify, and/or distribute this software for any - purpose with or without fee is hereby granted, provided that the above @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: genrandom.html,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543366"></a><h2>DESCRIPTION</h2> +<a name="id2543370"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">genrandom</strong></span> generates a file or a set of files containing a specified quantity @@ -40,7 +40,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543379"></a><h2>ARGUMENTS</h2> +<a name="id2543383"></a><h2>ARGUMENTS</h2> <div class="variablelist"><dl> <dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt> <dd><p> @@ -58,14 +58,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543440"></a><h2>SEE ALSO</h2> +<a name="id2543444"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>, <span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span> </p> </div> <div class="refsect1" lang="en"> -<a name="id2543466"></a><h2>AUTHOR</h2> +<a name="id2543470"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/isc-hmac-fixup.8 b/bin/tools/isc-hmac-fixup.8 index 99c58c8304cf1..c02ed03f4fb06 100644 --- a/bin/tools/isc-hmac-fixup.8 +++ b/bin/tools/isc-hmac-fixup.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: isc-hmac-fixup.8,v 1.4 2010-05-19 01:14:14 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/tools/isc-hmac-fixup.c b/bin/tools/isc-hmac-fixup.c index 09cb85deeebcd..daf391a81cd68 100644 --- a/bin/tools/isc-hmac-fixup.c +++ b/bin/tools/isc-hmac-fixup.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: isc-hmac-fixup.c,v 1.4 2010-03-10 02:17:52 marka Exp $ */ +/* $Id: isc-hmac-fixup.c,v 1.4 2010/03/10 02:17:52 marka Exp $ */ #include <config.h> diff --git a/bin/tools/isc-hmac-fixup.docbook b/bin/tools/isc-hmac-fixup.docbook index a3039ee814d97..c298a85861d7c 100644 --- a/bin/tools/isc-hmac-fixup.docbook +++ b/bin/tools/isc-hmac-fixup.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: isc-hmac-fixup.docbook,v 1.2 2010-01-07 21:52:11 each Exp $ --> +<!-- $Id: isc-hmac-fixup.docbook,v 1.2 2010/01/07 21:52:11 each Exp $ --> <refentry id="man.isc-hmac-fixup"> <refentryinfo> <date>January 5, 2010</date> diff --git a/bin/tools/isc-hmac-fixup.html b/bin/tools/isc-hmac-fixup.html index 8b70777cd792c..d39ebf0fa1666 100644 --- a/bin/tools/isc-hmac-fixup.html +++ b/bin/tools/isc-hmac-fixup.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: isc-hmac-fixup.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code> {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543351"></a><h2>DESCRIPTION</h2> +<a name="id2543352"></a><h2>DESCRIPTION</h2> <p> Versions of BIND 9 up to and including BIND 9.6 had a bug causing HMAC-SHA* TSIG keys which were longer than the digest length of the @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543374"></a><h2>SECURITY CONSIDERATIONS</h2> +<a name="id2543376"></a><h2>SECURITY CONSIDERATIONS</h2> <p> Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span> are shortened, but as this is how the HMAC protocol works in @@ -68,14 +68,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543388"></a><h2>SEE ALSO</h2> +<a name="id2543389"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2104</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543405"></a><h2>AUTHOR</h2> +<a name="id2543406"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/named-journalprint.8 b/bin/tools/named-journalprint.8 index 347b67b1bacd4..670cd5d3dda09 100644 --- a/bin/tools/named-journalprint.8 +++ b/bin/tools/named-journalprint.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: named-journalprint.8,v 1.4 2010-05-19 01:14:14 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/tools/named-journalprint.c b/bin/tools/named-journalprint.c index 8a00aa7a85d98..36d1acd3136de 100644 --- a/bin/tools/named-journalprint.c +++ b/bin/tools/named-journalprint.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named-journalprint.c,v 1.2 2009-12-04 21:59:23 marka Exp $ */ +/* $Id: named-journalprint.c,v 1.2 2009/12/04 21:59:23 marka Exp $ */ /*! \file */ #include <config.h> diff --git a/bin/tools/named-journalprint.docbook b/bin/tools/named-journalprint.docbook index d523f8c1aff21..d0bea2c483ada 100644 --- a/bin/tools/named-journalprint.docbook +++ b/bin/tools/named-journalprint.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-journalprint.docbook,v 1.2 2009-12-04 21:59:23 marka Exp $ --> +<!-- $Id: named-journalprint.docbook,v 1.2 2009/12/04 21:59:23 marka Exp $ --> <refentry id="man.named-journalprint"> <refentryinfo> <date>Feb 18, 2009</date> diff --git a/bin/tools/named-journalprint.html b/bin/tools/named-journalprint.html index 8878fc5065559..8639ee885a86d 100644 --- a/bin/tools/named-journalprint.html +++ b/bin/tools/named-journalprint.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: named-journalprint.html,v 1.4 2010-05-19 01:14:14 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">named-journalprint</code> {<em class="replaceable"><code>journal</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543342"></a><h2>DESCRIPTION</h2> +<a name="id2543344"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">named-journalprint</strong></span> prints the contents of a zone journal file in a human-readable @@ -57,7 +57,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543378"></a><h2>SEE ALSO</h2> +<a name="id2543379"></a><h2>SEE ALSO</h2> <p> <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>, <span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>, @@ -65,7 +65,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543409"></a><h2>AUTHOR</h2> +<a name="id2543410"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> diff --git a/bin/tools/nsec3hash.8 b/bin/tools/nsec3hash.8 index 6fba8c886cf97..324391042c904 100644 --- a/bin/tools/nsec3hash.8 +++ b/bin/tools/nsec3hash.8 @@ -12,7 +12,7 @@ .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR .\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" $Id: nsec3hash.8,v 1.5 2010-05-19 01:14:14 tbox Exp $ +.\" $Id$ .\" .hy 0 .ad l diff --git a/bin/tools/nsec3hash.c b/bin/tools/nsec3hash.c index 0e2a910c9150f..6a54163e689f2 100644 --- a/bin/tools/nsec3hash.c +++ b/bin/tools/nsec3hash.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006, 2008, 2009 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2006, 2008, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsec3hash.c,v 1.6 2009-10-06 21:20:44 each Exp $ */ +/* $Id$ */ #include <config.h> @@ -60,7 +60,8 @@ check_result(isc_result_t result, const char *message) { static void usage() { - fatal("salt hash iterations domain"); + printf("Usage: %s salt algorithm iterations domain\n", program); + exit(1); } int diff --git a/bin/tools/nsec3hash.docbook b/bin/tools/nsec3hash.docbook index 48eb4afb41ca7..d20eb83b990b6 100644 --- a/bin/tools/nsec3hash.docbook +++ b/bin/tools/nsec3hash.docbook @@ -17,7 +17,7 @@ - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsec3hash.docbook,v 1.3 2009-03-02 23:47:43 tbox Exp $ --> +<!-- $Id: nsec3hash.docbook,v 1.3 2009/03/02 23:47:43 tbox Exp $ --> <refentry id="man.nsec3hash"> <refentryinfo> <date>Feb 18, 2009</date> diff --git a/bin/tools/nsec3hash.html b/bin/tools/nsec3hash.html index e6c09959f1534..e5b5a14842a40 100644 --- a/bin/tools/nsec3hash.html +++ b/bin/tools/nsec3hash.html @@ -13,7 +13,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: nsec3hash.html,v 1.5 2010-05-19 01:14:14 tbox Exp $ --> +<!-- $Id$ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -31,7 +31,7 @@ <div class="cmdsynopsis"><p><code class="command">nsec3hash</code> {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2543367"></a><h2>DESCRIPTION</h2> +<a name="id2543369"></a><h2>DESCRIPTION</h2> <p> <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on a set of NSEC3 parameters. This can be used to check the validity @@ -39,7 +39,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2543380"></a><h2>ARGUMENTS</h2> +<a name="id2543382"></a><h2>ARGUMENTS</h2> <div class="variablelist"><dl> <dt><span class="term">salt</span></dt> <dd><p> @@ -63,14 +63,14 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2543442"></a><h2>SEE ALSO</h2> +<a name="id2543444"></a><h2>SEE ALSO</h2> <p> <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 5155</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2543459"></a><h2>AUTHOR</h2> +<a name="id2543461"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |